Suspicious
Suspect

46dccd2fa2065a761ab6114614f948b5

PE Executable
MD5: 46dccd2fa2065a761ab6114614f948b5
Size: 532.48 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Low
MD5 46dccd2fa2065a761ab6114614f948b5
Sha1 bbc03c7416ddd63b41531d321843841b5bb6023e
Sha256 f50d4bf5151fc2f9f89ff48f4ead9ea615bc85a951b88a6d83d0dd53bd17a942
Sha384 bd0f7b3600083aac4ad23c883995ce202c9ddc46023bf9e02ed414b90dec72712d1adc88530a1ca6225ac2077e866507
Sha512 6e0bdcaa50b157bb83627a338f73f038ea4f8bb9fb9db5fabd8af1ce6a21f4c529f3414742b3439b22df0126b426d890f53a0a1afb9dab4fb60a4ea9cce24b30
SSDeep 12288:OPdilT8xzHu94dzCF1a2l6JW0+EDYbs5PTE5yZmrV3sxzH:OPdilgYmGFtl67v5LE8kh3s
TLSH D0B40190B269C867CAFB52F94822F37083FA5DADB412C3C98DEDAEDB31D5B510114663
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Countdown_App.appForm.resources
$this.Icon
[NBF]root.IconData
Num
[NBF]root.Data
errorProvider1.TrayLocation
timer1.TrayLocation
Countdown_App.Properties.Resources.resources
_22
[NBF]root.Data
[NBF]root.Data-preview.png
_23
[NBF]root.Data
[NBF]root.Data-preview.png
pFiSB
[NBF]root.Data
[NBF]root.Data-preview.png
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: C:\Users\Administrator\Desktop\Client\Temp\bbNfLLROQj\src\obj\Debug\jTQEo.pdb
Module Name
jTQEo.exe
Full Name
jTQEo.exe
EntryPoint
System.Void Countdown_App.Program::Main()
Scope Name
jTQEo.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
jTQEo
Assembly Version
4.2.3.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.5
Total Strings
257
Main Method
System.Void Countdown_App.Program::Main()
Main IL Instruction Count
6
Main IL
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
newobj System.Void Countdown_App.appForm::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Module Name
jTQEo.exe
Full Name
jTQEo.exe
EntryPoint
System.Void Countdown_App.Program::Main()
Scope Name
jTQEo.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
jTQEo
Assembly Version
4.2.3.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.5
Total Strings
257
Main Method
System.Void Countdown_App.Program::Main()
Main IL Instruction Count
6
Main IL
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
newobj System.Void Countdown_App.appForm::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Countdown_App.appForm.resources
$this.Icon
[NBF]root.IconData
Num
[NBF]root.Data
errorProvider1.TrayLocation
timer1.TrayLocation
Countdown_App.Properties.Resources.resources
_22
[NBF]root.Data
[NBF]root.Data-preview.png
_23
[NBF]root.Data
[NBF]root.Data-preview.png
pFiSB
[NBF]root.Data
[NBF]root.Data-preview.png
No malware configuration was found at this point.
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙