Suspicious
Suspect

5950c99fcd505f0afe64a242adfd7a7b

PE Executable
|
MD5: 5950c99fcd505f0afe64a242adfd7a7b
|
Size: 1.08 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
5950c99fcd505f0afe64a242adfd7a7b
Sha1
29257ce9b1fd571eb521c9b471a661b9cb123aa1
Sha256
737262c8a965c09d0b6744aef7951b0edd0ef8edd9b1c2a1ca97d04b586feb1c
Sha384
629e9de6b874220deaa55821bb0b751c2d1991c88c2e7cdf694d05f0fa5be5425dd6628305dabdcbac79505944313e07
Sha512
83c015a6c23186606211da8119d53cf62fdab75adf01f5c140cb9b1a468d7b977c66f5d29ad8b51caf290b3ec3d74960540fee69506cbe2472255fecb4de5c81
SSDeep
24576:/rnOZQpwuANGCBBocsSFD5KKe8voi3vTWkrs0Fbc/v8yhYI65xFCRx:/rn+vFD5KKeIowlrsOc/v8HNi
TLSH
4635234303A8452FED92D9767BDD6EA4453E7028897A78EE4C4741B800901BE8EFFC97

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5950c99fcd505f0afe64a242adfd7a7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Baldpv.Properties.Resources.resources
Ndxxxyli
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Dnrucnj.exe
Full Name

Dnrucnj.exe
EntryPoint

System.Void Baldpv.Ppufeh::Main()
Scope Name

Dnrucnj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Dnrucnj
Assembly Version

1.0.4041.7218
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Baldpv.Ppufeh::Main()
Main IL Instruction Count

10
Main IL

newobj System.Void Baldpv.Ermmqlmcinc::.ctor() ldstr 9K9g+qJk1XktcymymS2Xfw== ldstr 76bYgzLkL9c= ldstr TnIyAnT2wTGXiYplFN.yRO0rp1V5ZEejwiYkf ldstr ileVvuXTU callvirt System.Void Baldpv.Ermmqlmcinc::Wdgebtyy(System.String,System.String,System.String,System.String) leave IL_0029: ret pop <null> leave IL_0029: ret ret <null>
Module Name

Dnrucnj.exe
Full Name

Dnrucnj.exe
EntryPoint

System.Void Baldpv.Ppufeh::Main()
Scope Name

Dnrucnj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Dnrucnj
Assembly Version

1.0.4041.7218
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

6
Main Method

System.Void Baldpv.Ppufeh::Main()
Main IL Instruction Count

10
Main IL

newobj System.Void Baldpv.Ermmqlmcinc::.ctor() ldstr 9K9g+qJk1XktcymymS2Xfw== ldstr 76bYgzLkL9c= ldstr TnIyAnT2wTGXiYplFN.yRO0rp1V5ZEejwiYkf ldstr ileVvuXTU callvirt System.Void Baldpv.Ermmqlmcinc::Wdgebtyy(System.String,System.String,System.String,System.String) leave IL_0029: ret pop <null> leave IL_0029: ret ret <null>
5950c99fcd505f0afe64a242adfd7a7b (1.08 MB)
File Structure
5950c99fcd505f0afe64a242adfd7a7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Baldpv.Properties.Resources.resources
Ndxxxyli
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙