Suspicious
Suspect

43c6a020673e7a044cd8c1debd4eef90

PE Executable
|
MD5: 43c6a020673e7a044cd8c1debd4eef90
|
Size: 974.85 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
43c6a020673e7a044cd8c1debd4eef90
Sha1
b460fb2ac25980b0a2e8f35c0903e31c2795571d
Sha256
0c4ddbd6eaf2b8f542d80ac82433f743b694a637a508ed91c4b4a1d5a0996f7c
Sha384
760c27ec3841b4d2b462395599d6d0b467702d5ec46851cb73e98db5a3c248531ff06ff5bcf42c3018347349b3ffcf43
Sha512
668aaac0a284f3f148c5448caf2c9678dadfa2d2aee3b140e6e5d9172734e7f496594f908a18307181e5e723b9307f9031aa63d67a5a2c58d94c8b00a5b4a35e
SSDeep
24576:8HBTdYbnVKprT3/Wc+Mp3VZQuSeK6DNpT18iY:mVdInV++6UCZq
TLSH
D1253399B368DED1DE189B3930F2561D6FC2CE48F476F3AB7E4048244311AD82669B1F

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
43c6a020673e7a044cd8c1debd4eef90
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
BURA
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Purchase order.exe
Full Name

Purchase order.exe
EntryPoint

System.Void Lujylfd.Hfcrbtygtzn::Main()
Scope Name

Purchase order.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Purchase order
Assembly Version

1.0.451.28366
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Lujylfd.Hfcrbtygtzn::Main()
Main IL Instruction Count

14
Main IL

newobj System.Void d::.ctor() ldc.i4 13128 call System.String e::a(System.Int32) ldc.i4 13086 call System.String e::a(System.Int32) ldc.i4 13069 call System.String e::a(System.Int32) ldc.i4 13267 call System.String e::a(System.Int32) callvirt System.Void d::a(System.String,System.String,System.String,System.String) leave.s IL_0037: ret pop <null> leave.s IL_0037: ret ret <null>
Module Name

Purchase order.exe
Full Name

Purchase order.exe
EntryPoint

System.Void Lujylfd.Hfcrbtygtzn::Main()
Scope Name

Purchase order.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Purchase order
Assembly Version

1.0.451.28366
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Lujylfd.Hfcrbtygtzn::Main()
Main IL Instruction Count

14
Main IL

newobj System.Void d::.ctor() ldc.i4 13128 call System.String e::a(System.Int32) ldc.i4 13086 call System.String e::a(System.Int32) ldc.i4 13069 call System.String e::a(System.Int32) ldc.i4 13267 call System.String e::a(System.Int32) callvirt System.Void d::a(System.String,System.String,System.String,System.String) leave.s IL_0037: ret pop <null> leave.s IL_0037: ret ret <null>
43c6a020673e7a044cd8c1debd4eef90 (974.85 KB)
File Structure
43c6a020673e7a044cd8c1debd4eef90
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
BURA
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙