Suspicious
Suspect

34bed8f08fb73a626ba9806a284654c1

PE Executable
|
MD5: 34bed8f08fb73a626ba9806a284654c1
|
Size: 863.74 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
34bed8f08fb73a626ba9806a284654c1
Sha1
bcd9f69ceab729424a1532db97379f0690062063
Sha256
898aedc9de508d5a88e225689c03908dbf7ae7f86067cb2930da7f53143e9b97
Sha384
f374cf209b399f758d59c39f9ce0b2a63f397c5728a9c16618f34bbc505f8fa6cdc242c9e8d46d6db1a053c36f37a02d
Sha512
2815a90f451c0666eb5b5a9f7382570b0af272a6d4cfc95c7e8a184c4f7a4a9c043a29672abab681257d3f896242670bea1c32c95e2ab2c6dd1a293fcb21f644
SSDeep
12288:69JHM9+1y4mzNq1+JtqzuSoVWkC3vAXwpgC6gdgXJ/:UHU+OuitEufVWkC4XwpSZ5/
TLSH
C405CF4B4AC94CA0D83C9631E3647915C7F8F586BB17C29E6FD58BEC66392233B4134A

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
34bed8f08fb73a626ba9806a284654c1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
6Qtpz.oAy04mr.resources
7d29fc82f9cffe.Resources.resources
eeaf17290
[NBF]root.Data
eeaf17291
[NBF]root.Data
eeaf172910
[NBF]root.Data
eeaf172911
[NBF]root.Data
eeaf172912
[NBF]root.Data
eeaf172913
[NBF]root.Data
eeaf172914
[NBF]root.Data
eeaf172915
[NBF]root.Data
eeaf172916
[NBF]root.Data
eeaf172917
[NBF]root.Data
eeaf172918
[NBF]root.Data
eeaf172919
[NBF]root.Data
eeaf17292
[NBF]root.Data
eeaf172920
[NBF]root.Data
eeaf172921
[NBF]root.Data
eeaf172922
[NBF]root.Data
eeaf172923
[NBF]root.Data
eeaf172924
[NBF]root.Data
eeaf172925
[NBF]root.Data
eeaf17293
[NBF]root.Data
eeaf17294
[NBF]root.Data
eeaf17295
[NBF]root.Data
eeaf17296
[NBF]root.Data
eeaf17297
[NBF]root.Data
eeaf17298
[NBF]root.Data
eeaf17299
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

6Qtpz
Full Name

6Qtpz
EntryPoint

System.Void 6Qtpz.8rxLS0pn3yC::Ymt2g1Jycs3HM()
Scope Name

6Qtpz
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

6Qtpz
Assembly Version

5.2.23.111
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

548
Main Method

System.Void 6Qtpz.8rxLS0pn3yC::Ymt2g1Jycs3HM()
Main IL Instruction Count

7
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> newobj System.Void 6Qtpz.oAy04mr::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

6Qtpz
Full Name

6Qtpz
EntryPoint

System.Void 6Qtpz.8rxLS0pn3yC::Ymt2g1Jycs3HM()
Scope Name

6Qtpz
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

6Qtpz
Assembly Version

5.2.23.111
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

548
Main Method

System.Void 6Qtpz.8rxLS0pn3yC::Ymt2g1Jycs3HM()
Main IL Instruction Count

7
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> newobj System.Void 6Qtpz.oAy04mr::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
34bed8f08fb73a626ba9806a284654c1 (863.74 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙