Suspicious
Suspect

New order.exe

PE Executable
|
MD5: 4d523528f23117204f07986a742253e6
|
Size: 744.45 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
4d523528f23117204f07986a742253e6
Sha1
da6d219217dfd00f71f653e201905bd868c9f50b
Sha256
7be16d08f76a1f88d6ff634df15d045d532e8a7b67827e21f4c7d71f37f3718b
Sha384
18c126fe5dc18477089afc43ef184c17c917a44c97400c890dacd2d301b02d0f7eeaefb55415698991670211f1073f00
Sha512
8a7d512910f3732a14d0cf4c263e15a29c9a97eec64d46b18ed984319e55165bd935d7c2df30a6199f940c8677266fb50b4d3bed234b34638b7cfc02b6da75af
SSDeep
12288:+LNpfdN19RnxH7rj9DBrynBgJF3xpIZIL44CWO83wln3/p50OsS9q/2FsDOvBrxT:zBA+OL0fB50heFsKNx5Ts+
TLSH
A2F41294224ADF23C0764BF419A1D2B957B4EEEE9821C24B8FE9BDDFB4297114401BC7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
New order.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SpeedType.FormMenuPrincipal.resources
SpeedType.Properties.Resources.resources
Fast_Tot
[NBF]root.Data
[NBF]root.Data-preview.png
LDlC
[NBF]root.Data
[NBF]root.Data-preview.png
oO
[NBF]root.Data
[NBF]root.Data-preview.png
shp
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: Rshv.pdb
Module Name

Rshv.exe
Full Name

Rshv.exe
EntryPoint

System.Void SpeedType.Program::Main()
Scope Name

Rshv.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rshv
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

299
Main Method

System.Void SpeedType.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SpeedType.FormMenuPrincipal::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

Rshv.exe
Full Name

Rshv.exe
EntryPoint

System.Void SpeedType.Program::Main()
Scope Name

Rshv.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Rshv
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

299
Main Method

System.Void SpeedType.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SpeedType.FormMenuPrincipal::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
New order.exe (744.45 KB)
File Structure
New order.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SpeedType.FormMenuPrincipal.resources
SpeedType.Properties.Resources.resources
Fast_Tot
[NBF]root.Data
[NBF]root.Data-preview.png
LDlC
[NBF]root.Data
[NBF]root.Data-preview.png
oO
[NBF]root.Data
[NBF]root.Data-preview.png
shp
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙