Suspicious
Suspect

3deff161246f0665b1454293bdee49fb

PE Executable
|
MD5: 3deff161246f0665b1454293bdee49fb
|
Size: 881.15 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
3deff161246f0665b1454293bdee49fb
Sha1
2c51c00a28938ee1ff4adaa0f051ef4628b3b6c0
Sha256
9e537686889d98e616a054e27a557ceb0f91080af7995766bd6c2258fbefa169
Sha384
0c6962ad926ce6a0cf2a26a4475ce8ce1a4f77f9c60d7576657db47cf14113d52f415fa5772ba8dc4ca6004be1fc3b74
Sha512
2dd1885554026e687cfbdd88c234426c5d81b7d9160f39e8a8dedc30af46bc74f2802d739b315eee064bd036261be9acf8baf37d38f53a5d382078d0a873a80b
SSDeep
24576:r0bXMHfYkEhGSOKtOm3qobzCFrr76H6bQvOHkYSip:j+G3Kl3Rirr7EvKI
TLSH
0C153344B772C866DFD35AF554B84610432B72854A23DAF5283FE78C3E16F8158A31AF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3deff161246f0665b1454293bdee49fb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ugopo.Properties.Resources.resources
Yxrlttmluv
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ggpxzk.exe
Full Name

Ggpxzk.exe
EntryPoint

System.Void Ugopo.Ghssfwlceey::Main()
Scope Name

Ggpxzk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ggpxzk
Assembly Version

1.0.5856.7039
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

6
Main Method

System.Void Ugopo.Ghssfwlceey::Main()
Main IL Instruction Count

10
Main IL

newobj System.Void Ugopo.Poovno::.ctor() ldstr JetEprJGKLk370zLXiQk9A== ldstr HhqD2EoGXi8= ldstr ukVSTdJlHjNwsTQmge.NHiEPtlT4ciZhPNRA2 ldstr MxCTGyxmg callvirt System.Void Ugopo.Poovno::Aafltc(System.String,System.String,System.String,System.String) leave IL_0029: ret pop <null> leave IL_0029: ret ret <null>
Module Name

Ggpxzk.exe
Full Name

Ggpxzk.exe
EntryPoint

System.Void Ugopo.Ghssfwlceey::Main()
Scope Name

Ggpxzk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ggpxzk
Assembly Version

1.0.5856.7039
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

6
Main Method

System.Void Ugopo.Ghssfwlceey::Main()
Main IL Instruction Count

10
Main IL

newobj System.Void Ugopo.Poovno::.ctor() ldstr JetEprJGKLk370zLXiQk9A== ldstr HhqD2EoGXi8= ldstr ukVSTdJlHjNwsTQmge.NHiEPtlT4ciZhPNRA2 ldstr MxCTGyxmg callvirt System.Void Ugopo.Poovno::Aafltc(System.String,System.String,System.String,System.String) leave IL_0029: ret pop <null> leave IL_0029: ret ret <null>
3deff161246f0665b1454293bdee49fb (881.15 KB)
File Structure
3deff161246f0665b1454293bdee49fb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ugopo.Properties.Resources.resources
Yxrlttmluv
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙