Suspicious
Suspect

4257d1dc5597962492c2ab81b8eccf4f

PE Executable
|
MD5: 4257d1dc5597962492c2ab81b8eccf4f
|
Size: 855.55 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
4257d1dc5597962492c2ab81b8eccf4f
Sha1
e13d5d265c97141612a2c0f41bdff21f66cf5f88
Sha256
e04f83f2d0684b8ca6864c65fe3965c358aee7beee26cabd33beaa1e94c3d2e1
Sha384
01712ec27405d6657b4ef8f69e67bad42dfc20c94d41b85a0bf1e0b43e1b7c8c481836a9f29dd37f3386dba42e282536
Sha512
91847190fc8f8561352741153a3290ec30d710c6bb1b5e7a703402bfd6aa976091f9cbecbf275dd9e55dfb1740c24ae3bdca1ad55c270bb6add0977e49ad9e71
SSDeep
24576:RU541He/V1tIYKuYUi5MEbehbiSZlF4A87dC43Qz:RU5cHen61PUbRbiSZb8xA
TLSH
0C05F01CB2948823E8B546F90791E33507B65E8DA72ED3C61CE57CDBB2B6F631204A47

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
4257d1dc5597962492c2ab81b8eccf4f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Micro_ToolKit.About_Page.resources
Micro_ToolKit.Calculator.resources
$this.Icon
[NBF]root.IconData
FT
[NBF]root.Data
imageList1.TrayLocation
menuStrip1.TrayLocation
Micro_ToolKit.Form1.resources
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Micro_ToolKit.Main_Menu.resources
btn_Calculator.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btn_Convertor.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btn_Note.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btn_Reminder.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Micro_ToolKit.Properties.Resources.resources
XYJw
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Module Name

UzsG.exe
Full Name

UzsG.exe
EntryPoint

System.Void Micro_ToolKit.Program::Main()
Scope Name

UzsG.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

UzsG
Assembly Version

0.8.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

396
Main Method

System.Void Micro_ToolKit.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Micro_ToolKit.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

UzsG.exe
Full Name

UzsG.exe
EntryPoint

System.Void Micro_ToolKit.Program::Main()
Scope Name

UzsG.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

UzsG
Assembly Version

0.8.5.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

396
Main Method

System.Void Micro_ToolKit.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Micro_ToolKit.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

C:\Users\Administrator\Desktop\Client\Temp\UgaAJHyVRR\src\obj\Debug\UzsG.pdb
4257d1dc5597962492c2ab81b8eccf4f (855.55 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙