General
Structural Analysis
Config.0
Yara Rules18
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | 3312278055e3ce1c58ae5425652e4443
|
| Sha1 | 0a5368f3de47deda6378b37991b4114543feea21
|
| Sha256 | a5e22d2f663271d4197e2fc2dc6cfdbdb7a1daa153b3a19d370c41cb586d200e
|
| Sha384 | 1ed738e499f1a7b84507029a481ac88d7a419c00b56bf6b0c4b22de4f525d574d2feaddc216b286fdddf7fcf0355b41e
|
| Sha512 | 171ea022c883b70f367fee63af76bacb3cd1e48aad0ecd582cb7c39d2f2136812dcd90501d33efce565c9a0daeb9e3d2a7c43d9b22dea66f64efc3d1728378a9
|
| SSDeep | 12288:tNlccvKny4+ukLVykYzpDllSd4yu+otJ6alRvQ9Kum8ngz0yurb:Wy4H+VsBlYe+otcZiFab
|
| TLSH | 56E4232637958A1BC8A217710AA4E3704BF13D8DE935E7DE9FC06C8B74E5B905790723
|
PeID
Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
3312278055e3ce1c58ae5425652e4443
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WindowsTips.Forms.MainForm.resources
WindowsTips.Properties.Resources.resources
LPP
[NBF]root.Data
Thinking
[NBF]root.Data
[NBF]root.Data-preview.png
Thinking_Spinner
[NBF]root.Data
[NBF]root.Data-preview.png
jLXR
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Module Name | yvqs.exe |
| Full Name | yvqs.exe |
| EntryPoint | System.Void WindowsTips.Program::Main() |
| Scope Name | yvqs.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | yvqs |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 191 |
| Main Method | System.Void WindowsTips.Program::Main() |
| Main IL Instruction Count | 6 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void WindowsTips.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
Artefacts
|
Name0 | Value |
|---|---|
| PDB Path | yvqs.pdb |
3312278055e3ce1c58ae5425652e4443 (676.86 KB)
File Structure
3312278055e3ce1c58ae5425652e4443
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WindowsTips.Forms.MainForm.resources
WindowsTips.Properties.Resources.resources
LPP
[NBF]root.Data
Thinking
[NBF]root.Data
[NBF]root.Data-preview.png
Thinking_Spinner
[NBF]root.Data
[NBF]root.Data-preview.png
jLXR
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PDB Path | yvqs.pdb |
3312278055e3ce1c58ae5425652e4443 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.