Suspicious
Suspect

4305418f4984fa538d4bf92ea3d4fb5d

PE Executable
|
MD5: 4305418f4984fa538d4bf92ea3d4fb5d
|
Size: 738.3 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
4305418f4984fa538d4bf92ea3d4fb5d
Sha1
97b112a1ba95e3c2115c50673bbf780e9dc27561
Sha256
0fd7e15cd2620fa644ca0aa2fb8a895ab3c261002b8f0d4bad80b57f4b8eb43a
Sha384
fdace474e067422b1d06e8891b2e0f557516a05e5eeac6f286bcab1bee0a2b7cbe5291ae324ed4625d0700ad392989cf
Sha512
524bacb5123cfbd0b4edc1c702ffe4fdd24d4a02ce1ef7c4201d616884479bb51820357702b3e5016575250c9fbab9d420126be9b92b1985d0e167402cea6358
SSDeep
12288:BRsvsLxE9Gce9rGqZp7w0rYkZOfAJD2ovsbKFMjIpe421azc9M8lDT8dMZYUzjjN:YkrJL00tOfAJD2ouKmgF4W8MQYYjjb5
TLSH
5BF401453565AC53D6AA4BF10A60C27843F99DCEA921E7C78FC27EEB34D1B221612F13

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4305418f4984fa538d4bf92ea3d4fb5d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

pZFe.exe
Full Name

pZFe.exe
EntryPoint

System.Void StreamlinedHelper.Program::Main()
Scope Name

pZFe.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

pZFe
Assembly Version

7.0.0.2
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

560
Main Method

System.Void StreamlinedHelper.Program::Main()
Main IL Instruction Count

7
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void StreamlinedHelper.Program::InitializeApplication() newobj System.Void StreamlinedHelper.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

pZFe.exe
Full Name

pZFe.exe
EntryPoint

System.Void StreamlinedHelper.Program::Main()
Scope Name

pZFe.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

pZFe
Assembly Version

7.0.0.2
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

560
Main Method

System.Void StreamlinedHelper.Program::Main()
Main IL Instruction Count

7
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void StreamlinedHelper.Program::InitializeApplication() newobj System.Void StreamlinedHelper.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
Embedded Resources

9
Suspicious Type Names (1-2 chars)

0
4305418f4984fa538d4bf92ea3d4fb5d (738.3 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙