Suspicious
Suspect

4c84bff59b7e8b2df76e38466ba8b627

PE Executable
|
MD5: 4c84bff59b7e8b2df76e38466ba8b627
|
Size: 80.48 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
4c84bff59b7e8b2df76e38466ba8b627
Sha1
6a0c60cd5ebdf6c7cb88b066f928d2c46f811c34
Sha256
cfe781129d8db1dcbfdce5fa3b62157bbd6e7a7e8b7f421a4767189463ef28e0
Sha384
0040e2db96de6fda32f137dc9e3273881226de9d16fe8d82411a7b75efd46f35e4b763bbd5e6e7696870b925422488ae
Sha512
f93e94ca86ba09e518911c4facf2c61b54f1dd3c083994b1555abd7d54e1a18ceb8c28466eb87657e104ea2b64bc633eb47aee32832cce0c073deaf267345431
SSDeep
1536:7Hbv7cRCBzS4ScGLdsvkwSnNYGaIJLYn7fSXqQbcbHhs8eJ5u6DfZCQ:7Hbv7cG5S5dGS5aIJLYn76XqQbcds8ef
TLSH
C173720533F957A4E2F78F7CA4B129048E3E7C4EF815DA9D2C58204D89B2B4D6962F72

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4c84bff59b7e8b2df76e38466ba8b627
Overlay_5485d6ad.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_5485d6ad.bin (100 bytes)
Info

PDB Path: C:\Users\eve\Desktop\DzSocket-3.1 - UDP\DzSocket-3.1\pace-main\src\Crysome.Client\obj\Release\net472\Crysome.Client.pdb
Module Name

Crysome.Client.exe
Full Name

Crysome.Client.exe
EntryPoint

System.Void Crysome.Client.Program::Main(System.String[])
Scope Name

Crysome.Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Crysome.Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1484
Main Method

System.Void Crysome.Client.Program::Main(System.String[])
Main IL Instruction Count

47
Main IL

call System.String System.IO.Path::GetTempPath() ldstr Crysome_debug.log call System.String System.IO.Path::Combine(System.String,System.String) stsfld System.String Crysome.Client.Program::logPath leave.s IL_0023: ldstr "=== Crysome CLIENT STARTING ===" pop <null> ldstr C:\Crysome_debug.log stsfld System.String Crysome.Client.Program::logPath leave.s IL_0023: ldstr "=== Crysome CLIENT STARTING ===" ldstr === Crysome CLIENT STARTING === call System.Void Crysome.Client.Program::Log(System.String) ldstr EXE: call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_BaseDirectory() call System.String System.String::Concat(System.String,System.String) call System.Void Crysome.Client.Program::Log(System.String) ldstr CLR: call System.Version System.Environment::get_Version() dup <null> brtrue.s IL_0057: callvirt System.String System.Object::ToString() pop <null> ldnull <null> br.s IL_005C: call System.String System.String::Concat(System.String,System.String) callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.Void Crysome.Client.Program::Log(System.String) call System.Void Crysome.Client.Program::RealMain() leave.s IL_00B4: ret stloc.0 <null> ldstr FATAL CRASH: ldloc.0 <null> callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.Void Crysome.Client.Program::Log(System.String) ldstr FATAL: ldloc.0 <null> callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldstr Check log: ldsfld System.String Crysome.Client.Program::logPath call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) call System.ConsoleKeyInfo System.Console::ReadKey() pop <null> leave.s IL_00B4: ret ret <null>
Module Name

Crysome.Client.exe
Full Name

Crysome.Client.exe
EntryPoint

System.Void Crysome.Client.Program::Main(System.String[])
Scope Name

Crysome.Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Crysome.Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1484
Main Method

System.Void Crysome.Client.Program::Main(System.String[])
Main IL Instruction Count

47
Main IL

call System.String System.IO.Path::GetTempPath() ldstr Crysome_debug.log call System.String System.IO.Path::Combine(System.String,System.String) stsfld System.String Crysome.Client.Program::logPath leave.s IL_0023: ldstr "=== Crysome CLIENT STARTING ===" pop <null> ldstr C:\Crysome_debug.log stsfld System.String Crysome.Client.Program::logPath leave.s IL_0023: ldstr "=== Crysome CLIENT STARTING ===" ldstr === Crysome CLIENT STARTING === call System.Void Crysome.Client.Program::Log(System.String) ldstr EXE: call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_BaseDirectory() call System.String System.String::Concat(System.String,System.String) call System.Void Crysome.Client.Program::Log(System.String) ldstr CLR: call System.Version System.Environment::get_Version() dup <null> brtrue.s IL_0057: callvirt System.String System.Object::ToString() pop <null> ldnull <null> br.s IL_005C: call System.String System.String::Concat(System.String,System.String) callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.Void Crysome.Client.Program::Log(System.String) call System.Void Crysome.Client.Program::RealMain() leave.s IL_00B4: ret stloc.0 <null> ldstr FATAL CRASH: ldloc.0 <null> callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.Void Crysome.Client.Program::Log(System.String) ldstr FATAL: ldloc.0 <null> callvirt System.String System.Object::ToString() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) ldstr Check log: ldsfld System.String Crysome.Client.Program::logPath call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) call System.ConsoleKeyInfo System.Console::ReadKey() pop <null> leave.s IL_00B4: ret ret <null>
4c84bff59b7e8b2df76e38466ba8b627 (80.48 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙