Suspicious
Suspect

4a4e6894ff7504108c4dcc292bbe8d2c

PE Executable
|
MD5: 4a4e6894ff7504108c4dcc292bbe8d2c
|
Size: 1.34 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
4a4e6894ff7504108c4dcc292bbe8d2c
Sha1
446269c22be55d6538e5b5c6c78bf840ece89ae5
Sha256
d7dc4d1b725344b2430eb8647f4e5e16120187b0117c7c95d622b9c8f31b57ff
Sha384
3bb3fe94d60efbe5a418a2aeca14c3268177b16709e3602c206f25e96185af85ebfb4c0e144935b0ac3f4119e07aa88d
Sha512
bc7418edf6c7bea6522d5899135156cdf91aaca28483361192782a529cf004a55ebac85c824ff6bdb8c764827c9491c03035506ff5999d13675ab10eb290b8c5
SSDeep
24576:XRT6kmQqe5XQZkYFRAv6uuU2ZBUoCXos3ztlQMAkn/63dsOjag6UU1K1BS+xI:GQqeBQZNFi6PUoypXosDzQFkn6d+dUU9
TLSH
DC5533907F965875E19CB4BCD0E671C8132CE4EF7302EBAABD854A5264B82E55703F83

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4a4e6894ff7504108c4dcc292bbe8d2c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
KLgfB
Informations
Name
 Value
Module Name

RMJgzzebrrqx.exe
Full Name

RMJgzzebrrqx.exe
EntryPoint

System.Void  ::()
Scope Name

RMJgzzebrrqx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RMJgzzebrrqx
Assembly Version

1.0.1033.28725
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

20
Main Method

System.Void  ::()
Main IL Instruction Count

27
Main IL

ldsfld System.Threading.ThreadExceptionEventHandler  /:: dup <null> brtrue.s IL_001F: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadExceptionEventHandler  /:: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler  /:: dup <null> brtrue.s IL_0048: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler  /:: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void  ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

RMJgzzebrrqx.exe
Full Name

RMJgzzebrrqx.exe
EntryPoint

System.Void  ::()
Scope Name

RMJgzzebrrqx.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RMJgzzebrrqx
Assembly Version

1.0.1033.28725
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

20
Main Method

System.Void  ::()
Main IL Instruction Count

27
Main IL

ldsfld System.Threading.ThreadExceptionEventHandler  /:: dup <null> brtrue.s IL_001F: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadExceptionEventHandler  /:: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler  /:: dup <null> brtrue.s IL_0048: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler  /:: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void  ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
4a4e6894ff7504108c4dcc292bbe8d2c (1.34 MB)
File Structure
4a4e6894ff7504108c4dcc292bbe8d2c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
KLgfB
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙