General
Structural Analysis
Config.0
Yara Rules20
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | 3199d6859b130f5c4012d6f116b31b61
|
| Sha1 | a3a7c1a568b94be4552c2fc7120f4ed1f20726eb
|
| Sha256 | 5011b5f7f22afc5a07551fe3bb74078558222f7d8ab643ce10e9e84ce0721dfd
|
| Sha384 | 97317af582529746e6338892a5d7c7af84ab206c86ddb0903c325177903333ff61dc8acb2286a0f0b36fce0fd658ace9
|
| Sha512 | 7d8b3654a03361d21b63b13345f118e66d80136743a9e099d67d67d808831c901707a788d852a2aff6c954da1b37fd51080153f5fd1ef0968da766ae485737c3
|
| SSDeep | 12288:h24JriISA92hN8KCpZI7pfocwpsGzo3b40:SISA92hNPC41ocVX
|
| TLSH | C0D4F152125BDA13D5A247B908C2E3B1A33D8D5EB521C7078FE97DE73E3A749A9003E1
|
File Structure
3199d6859b130f5c4012d6f116b31b61
Overlay_96edef63.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WordleForms.GameOver.resources
WordleForms.WordleForm.resources
$this.Icon
[NBF]root.IconData
True
[NBF]root.Data
statusStrip1.TrayLocation
toolStrip1.TrayLocation
WordleForms.Properties.Resources.resources
help_FILL0_wght300_GRAD0_opsz48
[NBF]root.Data
[NBF]root.Data-preview.png
restart
restart_alt_FILL0_wght400_GRAD0_opsz48
[NBF]root.Data
[NBF]root.Data-preview.png
zHeD
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_96edef63.bin (7653 bytes) |
| Info | PDB Path: ? |
| Module Name | QUpL.exe |
| Full Name | QUpL.exe |
| EntryPoint | System.Void WordleForms.Program::Main() |
| Scope Name | QUpL.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | QUpL |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 152 |
| Main Method | System.Void WordleForms.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void WordleForms.WordleForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
3199d6859b130f5c4012d6f116b31b61 (599.53 KB)
File Structure
3199d6859b130f5c4012d6f116b31b61
Overlay_96edef63.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WordleForms.GameOver.resources
WordleForms.WordleForm.resources
$this.Icon
[NBF]root.IconData
True
[NBF]root.Data
statusStrip1.TrayLocation
toolStrip1.TrayLocation
WordleForms.Properties.Resources.resources
help_FILL0_wght300_GRAD0_opsz48
[NBF]root.Data
[NBF]root.Data-preview.png
restart
restart_alt_FILL0_wght400_GRAD0_opsz48
[NBF]root.Data
[NBF]root.Data-preview.png
zHeD
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.