Suspicious
Suspect

561a4f7a811b6be30ccde4e33acba606

PE Executable
|
MD5: 561a4f7a811b6be30ccde4e33acba606
|
Size: 594.94 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
561a4f7a811b6be30ccde4e33acba606
Sha1
66986d9f03033b4410c74babdde12943068cf475
Sha256
ec595bacfb1aede541f76c88ef83d2d43aab06d7379ab78841c2d8740358543a
Sha384
c674c9bdbb5ae1263a6e1cea4d1f1b61c36ed6d857fcc76519536f801ef2d473d47abb3e0d6e34d74380e2e329b2d426
Sha512
03983fff3fb0dd5db514937fbd2387310e7fe2dc95b45d4ef4e6e2559f1977b547f71cf7edbb95aebf3b73bce7fe9360e6e54b32ecc1aefab73d0cf19d88d217
SSDeep
12288:F0rlZ0TF8SOUwtEIdrQTdo7pzLqgGzuOIINnmAZarrVhWxdDP:qrlZ0KSOUnIWTd09qriOIS
TLSH
CDC4CFD43A31B31ECE628831D568ECB591A12C79B106BAE354DF3B5B794C152DE0CFA2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
561a4f7a811b6be30ccde4e33acba606
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
PegSolitaire.StartMenuFormular.resources
PegSolitaire.Properties.Resources.resources
V6
[NBF]root.Data
sJBN
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

idzy.exe
Full Name

idzy.exe
EntryPoint

System.Void PegSolitaire.Program::Main()
Scope Name

idzy.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

idzy
Assembly Version

201.502.607.709
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

117
Main Method

System.Void PegSolitaire.Program::Main()
Main IL Instruction Count

55
Main IL

nop <null> ldc.i4 -2100739238 ldc.i4 -802357780 xor <null> dup <null> stloc.0 <null> ldc.i4.8 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_00AF: ret nop <null> ldloc.0 <null> ldc.i4 1191517246 mul <null> ldc.i4 -542187947 xor <null> br.s IL_0006: ldc.i4 -802357780 ldc.i4.0 <null> call System.Void PegSolitaire.Program::‌‫‫‏​‭‎‫‬‏​​‎‫‍‮‌​‫‍‍‎​‫‎‌‬‌‬‫‮(System.Boolean) ldloc.0 <null> ldc.i4 -876529765 mul <null> ldc.i4 -921979563 xor <null> br.s IL_0006: ldc.i4 -802357780 nop <null> ldloc.0 <null> ldc.i4 1895657107 mul <null> ldc.i4 412246282 xor <null> br.s IL_0006: ldc.i4 -802357780 nop <null> ldloc.0 <null> ldc.i4 -1734831544 mul <null> ldc.i4 -1785479380 xor <null> br.s IL_0006: ldc.i4 -802357780 newobj System.Void PegSolitaire.StartMenuFormular::.ctor() call System.Void PegSolitaire.Program::‮‎‌‬‏‬‭‎‫‌‎‫‪‬‫‍‪‫‫‍‮‬‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 -1134652573 mul <null> ldc.i4 -649544061 xor <null> br IL_0006: ldc.i4 -802357780 call System.Void PegSolitaire.Program::‭‮‍‎‬‌‎‪‮​‍​‏‭‏‎‪‬‪‌‪‮‫‮‎‮‮() ldloc.0 <null> ldc.i4 1650336482 mul <null> ldc.i4 -668427267 xor <null> br IL_0006: ldc.i4 -802357780 ret <null>
Module Name

idzy.exe
Full Name

idzy.exe
EntryPoint

System.Void PegSolitaire.Program::Main()
Scope Name

idzy.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

idzy
Assembly Version

201.502.607.709
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

117
Main Method

System.Void PegSolitaire.Program::Main()
Main IL Instruction Count

55
Main IL

nop <null> ldc.i4 -2100739238 ldc.i4 -802357780 xor <null> dup <null> stloc.0 <null> ldc.i4.8 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_00AF: ret nop <null> ldloc.0 <null> ldc.i4 1191517246 mul <null> ldc.i4 -542187947 xor <null> br.s IL_0006: ldc.i4 -802357780 ldc.i4.0 <null> call System.Void PegSolitaire.Program::‌‫‫‏​‭‎‫‬‏​​‎‫‍‮‌​‫‍‍‎​‫‎‌‬‌‬‫‮(System.Boolean) ldloc.0 <null> ldc.i4 -876529765 mul <null> ldc.i4 -921979563 xor <null> br.s IL_0006: ldc.i4 -802357780 nop <null> ldloc.0 <null> ldc.i4 1895657107 mul <null> ldc.i4 412246282 xor <null> br.s IL_0006: ldc.i4 -802357780 nop <null> ldloc.0 <null> ldc.i4 -1734831544 mul <null> ldc.i4 -1785479380 xor <null> br.s IL_0006: ldc.i4 -802357780 newobj System.Void PegSolitaire.StartMenuFormular::.ctor() call System.Void PegSolitaire.Program::‮‎‌‬‏‬‭‎‫‌‎‫‪‬‫‍‪‫‫‍‮‬‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 -1134652573 mul <null> ldc.i4 -649544061 xor <null> br IL_0006: ldc.i4 -802357780 call System.Void PegSolitaire.Program::‭‮‍‎‬‌‎‪‮​‍​‏‭‏‎‪‬‪‌‪‮‫‮‎‮‮() ldloc.0 <null> ldc.i4 1650336482 mul <null> ldc.i4 -668427267 xor <null> br IL_0006: ldc.i4 -802357780 ret <null>
561a4f7a811b6be30ccde4e33acba606 (594.94 KB)
File Structure
561a4f7a811b6be30ccde4e33acba606
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
PegSolitaire.StartMenuFormular.resources
PegSolitaire.Properties.Resources.resources
V6
[NBF]root.Data
sJBN
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙