Suspicious
Suspect

PE Executable
MD5: 34c8f44daa01f2cf113484dd2e7b6114
Size: 752.64 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Very low
MD5 34c8f44daa01f2cf113484dd2e7b6114
Sha1 75837e1fb750070b202fdc8a68b1b79f4a976a13
Sha256 0f8f4d5651684cb127cb4f921afda71d548b8a75c5976c8b0219586e4dc024d3
Sha384 aff9868fa8308b37a88fc3753f5d3e8f4c5fe4ef90c76b44d8e3e7c4cb9d339610926ed789f153e249292dc513dbaa9f
Sha512 06cb744dba21d1fe9cc09653231250ba65ba712af079b828d72d0b183f8504d2e330dc389c0bfc0be29f6d2c5ca076acbcf142e5aa824b0e5001f7da0921d988
SSDeep 12288:0TE15tHwcHVgoQ2dWqDSF1GOIAM7fJdwKHwrElz7mxk/thq+j3XEhAFtKW:0TEfVJgbmSF1Y1rJ6KHwrmfmxghqEXeP
TLSH 4AF401507799EB21E4B587F61B31E27523F4AE9AA421D3474ED9BCFB3A22F405860343
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Medical_Store.Bill.resources
Medical_Store.Properties.Resources.resources
TGLq
chb
Name Value
Module Name
qpfS.exe
Full Name
qpfS.exe
EntryPoint
System.Void Medical_Store.Program::Main()
Scope Name
qpfS.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
qpfS
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
354
Main Method
System.Void Medical_Store.Program::Main()
Main IL Instruction Count
10
Main IL
nop <null>
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
nop <null>
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
nop <null>
newobj System.Void Medical_Store.Login::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
nop <null>
ret <null>
Module Name
qpfS.exe
Full Name
qpfS.exe
EntryPoint
System.Void Medical_Store.Program::Main()
Scope Name
qpfS.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
qpfS
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
354
Main Method
System.Void Medical_Store.Program::Main()
Main IL Instruction Count
10
Main IL
nop <null>
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
nop <null>
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
nop <null>
newobj System.Void Medical_Store.Login::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
nop <null>
ret <null>
Embedded Resources UNKNWOWNsuspect
1huhuhuhu
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Medical_Store.Bill.resources
Medical_Store.Properties.Resources.resources
TGLq
chb
No malware configuration was found at this point.
Embedded Resources UNKNWOWNsuspect
1huhuhuhu
34c8f44daa01f2cf113484dd2e7b6114
Suspicious Type Names (1-2 chars) UNKNWOWN
0huhuhuhu
34c8f44daa01f2cf113484dd2e7b6114
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙