Suspicious
Suspect

4833a3dfed69a848bd02a94e457a3bac

PE Executable
|
MD5: 4833a3dfed69a848bd02a94e457a3bac
|
Size: 790.53 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
4833a3dfed69a848bd02a94e457a3bac
Sha1
62272028b04cd4d86bbebea045242c5910465ea6
Sha256
ae49e785cbda6ce29bcdd3f612351ca1ad9aa053c7cf784a60a3782b89a59108
Sha384
c8e3b0aea1d196f558f3657cf90653f90024131538cd0c738bee49e7c50ab7c20772e1b1a4577d5b9d16e080875e4328
Sha512
7bbfb108604e3113219594864464e77c5b29b2bc6325caa3331fb1ee8675d0a37f3542b429f442fd1fe67a7c1eb7d409ca4ca1af44f272e466376aecef328df9
SSDeep
24576:Gs9tqlOBRmcU6neNRw8y94L1Cyg6NuR/pMrl:yoQcUfU8M4L1Ch6NuRC
TLSH
D1F4EFD7771EA803D5A25AF00CE1D2B703BCAE99691DD3868FE5ADDB74B9B006302153

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4833a3dfed69a848bd02a94e457a3bac
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
GameApi.MainForm.resources
$this.Icon
[NBF]root.IconData
fee
[NBF]root.Data
CrudForm.Properties.Resources.resources
TdfR
[NBF]root.Data
[NBF]root.Data-preview.png
GameApi.StoresForm.resources
$this.Icon
[NBF]root.IconData
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Administrator\Desktop\Client\Temp\ETZADhqeHO\src\obj\Debug\guKq.pdb
Module Name

guKq.exe
Full Name

guKq.exe
EntryPoint

System.Void GameApi.Program::Main()
Scope Name

guKq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

guKq
Assembly Version

5.4.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

305
Main Method

System.Void GameApi.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void GameApi.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

guKq.exe
Full Name

guKq.exe
EntryPoint

System.Void GameApi.Program::Main()
Scope Name

guKq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

guKq
Assembly Version

5.4.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

305
Main Method

System.Void GameApi.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void GameApi.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
4833a3dfed69a848bd02a94e457a3bac (790.53 KB)
File Structure
4833a3dfed69a848bd02a94e457a3bac
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
GameApi.MainForm.resources
$this.Icon
[NBF]root.IconData
fee
[NBF]root.Data
CrudForm.Properties.Resources.resources
TdfR
[NBF]root.Data
[NBF]root.Data-preview.png
GameApi.StoresForm.resources
$this.Icon
[NBF]root.IconData
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙