Suspicious
Suspect

563517850db3770a1bc17eb0d1568f3a

PE Executable
|
MD5: 563517850db3770a1bc17eb0d1568f3a
|
Size: 728.58 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
563517850db3770a1bc17eb0d1568f3a
Sha1
3d0176476521acc090df4855245af291a052e421
Sha256
bce8d98eb5c366ef1c2bfe0d513e1e59230162943f5fae377a3f1cdb767fe3f6
Sha384
bf502aa1f4c5165aa1c0180b7625dcb19656188acf8eaa0175d62ba2365bf1a0b490a4bae11a66b187d09c50cfd00f07
Sha512
c43be438c40836ad37687ebd497c35b18551022d7bdf1725109e3a6fc4f1bc237995620f21496c0059fc04cdf220433611881bc2b3f30e9120dbba64becc3d8a
SSDeep
12288:LYHoW3eNZOwmKl+jo8f4D5Zd9U5AYSx7il9DA+2G4qfJ3980yduPWinGhSKLlUp7:LI3eNc1oYorFZdn3xmTkNGFJ3lEM3n7Z
TLSH
8EF41209BBD8FB01C02D8F76D64BA60485B10A6BF2B2F69B66D418D51F6CB84D0CF617

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
563517850db3770a1bc17eb0d1568f3a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

GdZa.exe
Full Name

GdZa.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

GdZa.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GdZa
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.2 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SecureMode.StreamlinedForm12::Ⴓ() ldc.i4 540 ldc.i4 621 call System.Void SecureMode.ProfessionalForm53::Ⴗ(System.Int32,System.Char) ldc.i4.0 <null> ldc.i4 830 ldc.i4 780 call System.Void SecureMode.EnhancedForm84::Ⴓ(System.Boolean,System.Char,System.Int32) ldc.i4.1 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SecureMode.Program::Main() pop <null> ret <null>
Module Name

GdZa.exe
Full Name

GdZa.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

GdZa.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GdZa
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.2 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SecureMode.StreamlinedForm12::Ⴓ() ldc.i4 540 ldc.i4 621 call System.Void SecureMode.ProfessionalForm53::Ⴗ(System.Int32,System.Char) ldc.i4.0 <null> ldc.i4 830 ldc.i4 780 call System.Void SecureMode.EnhancedForm84::Ⴓ(System.Boolean,System.Char,System.Int32) ldc.i4.1 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SecureMode.Program::Main() pop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

0
Suspicious Type Names (1-2 chars)

0
563517850db3770a1bc17eb0d1568f3a (728.58 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙