General
Structural Analysis
Config.0
Yara Rules22
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | 4df2c2c5ea309f51d889128c8b6cd378
|
| Sha1 | 96aa4c933a71f0410bc7097690ac10328edebfd0
|
| Sha256 | 0ba2594f18a9877a39107eb2b0b900686ec92a34979b276d3c53a68c9b220f25
|
| Sha384 | caaaadf50ff081b937d94752c0511c19e63b3e6e3590836016c81e8fe21c528f2e6fdf2493f456503a450ef6545e5b13
|
| Sha512 | b56dd6484ecb2270c69f97b871509e8ee3ec95f2de68a746fc8edef8fae66f4c4eebe9bf56e01c40ca9904ba8c8f47cacd67145a45397d9f6e5f7f192d8b087f
|
| SSDeep | 12288:V7+gPX+u4CkXw+zkhHr8seUC2QOvPh/KMCyQSUARpdcfrFIZ7goRAj8AvLGkN/D:V7+m4CH+zMHIsA2BvPh/KlyQSUiLIFIo
|
| TLSH | 4EE4120672EDCB21E1FA4BF44172D23513B66D0FE222E3069EDEDEDB31167616A08B15
|
File Structure
4df2c2c5ea309f51d889128c8b6cd378
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ScientificCalculator.Forms.GraphPlotterForm.resources
Scientific_Calc.Properties.Resources.resources
Cfum
[NBF]root.Data
[NBF]root.Data-preview.png
PIP
[NBF]root.Data
t1
[NBF]root.Data
[NBF]root.Data-preview.png
t2
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Module Name | bOCR.exe |
| Full Name | bOCR.exe |
| EntryPoint | System.Void ScientificCalculator.Program::Main() |
| Scope Name | bOCR.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | bOCR |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 380 |
| Main Method | System.Void ScientificCalculator.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void ScientificCalculator.Forms.MainCalculatorForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
Artefacts
|
Name0 | Value |
|---|---|
| PDB Path | bOCR.pdb |
4df2c2c5ea309f51d889128c8b6cd378 (702.98 KB)
File Structure
4df2c2c5ea309f51d889128c8b6cd378
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ScientificCalculator.Forms.GraphPlotterForm.resources
Scientific_Calc.Properties.Resources.resources
Cfum
[NBF]root.Data
[NBF]root.Data-preview.png
PIP
[NBF]root.Data
t1
[NBF]root.Data
[NBF]root.Data-preview.png
t2
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PDB Path | bOCR.pdb |
4df2c2c5ea309f51d889128c8b6cd378 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.