Suspicious
Suspect

45dfcc1a3abe638b37ced67d7bf6dcef

PE Executable
|
MD5: 45dfcc1a3abe638b37ced67d7bf6dcef
|
Size: 81.92 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
45dfcc1a3abe638b37ced67d7bf6dcef
Sha1
1bcee7b42e658877bf5a659d2b0735daa726fd95
Sha256
8511d75b8567fa242dc95d725a74f744d481c9e3ecacfd0f200debb788a368c5
Sha384
ef11334ddc105f9a2023efe8a998c10e4743c724606656e4787d2af494d93554690ee98a703db9fc3cc2f3fe0c141c88
Sha512
4655c4d1df05afa2707c1cbe196c6a99fe184fe97a6d816dc550eeb07a914aa20a37df02645751a758640f6547887405a70fe51043bee19c91ff1458a82b1681
SSDeep
1536:KYE87/FBud3Nmnsv/UgoBZYt2C6feY8w49EDn8fa7NpvVyz547N+R7Gbule0:R79BulAuoBZYvx3iACZto3le0
TLSH
70830274FB8CA063CC768A30ACA29B40E7BDC757A47D856D7D31833698432908DB5BB5

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
45dfcc1a3abe638b37ced67d7bf6dcef
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
2ijiwgwhlhw.resources
i4maitjdgcu
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Crypted.exe
Full Name

Crypted.exe
EntryPoint

System.Void Loader.Program::Main()
Scope Name

Crypted.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Crypted
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

5
Main Method

System.Void Loader.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Loader.Nyan::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Crypted.exe
Full Name

Crypted.exe
EntryPoint

System.Void Loader.Program::Main()
Scope Name

Crypted.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Crypted
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

5
Main Method

System.Void Loader.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Loader.Nyan::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
45dfcc1a3abe638b37ced67d7bf6dcef (81.92 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙