Suspect
5c7bab2ded159841142ae243ccd6736e
PE Executable | MD5: 5c7bab2ded159841142ae243ccd6736e | Size: 1.1 MB | application/x-dosexec
PE Executable
MD5: 5c7bab2ded159841142ae243ccd6736e
Size: 1.1 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | 5c7bab2ded159841142ae243ccd6736e
|
| Sha1 | 67b1cb98a90c3aa5a07edbb2b296672dd8b7b972
|
| Sha256 | 17ca4af085fa1e845509a2e7d0bc6f155fff8b1215e001002e3d7704d04e0903
|
| Sha384 | 0aaab34db5a4e48a0ca1c94edb3a102ef9e80bf0b87b2a95f5bcc89eaa5b71d18cde1b9055df04807fbfd7ed7265e713
|
| Sha512 | adc362cef48e8e864e4bbabecf2a514f5e5d85ef214b290d71e0757719ffc7a182673ba4fbc7665c6b12844a5d879b02ee438913683b6a4ed2dd55a5947bb1a9
|
| SSDeep | 24576:M3x6NwuFqcP6INu97U0V5hbikFAoUTYBJcsjpK2ayIOWFORiw:M3xoFNPvNuFU87PAdMUAAynWgkw
|
| TLSH | C935235A156CC926C0C60BF69D61E1BA3B385DEABD82D2178FD07F9FB0397418E90352
|
PeID
Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
UPolyX 0.3 -> delikon
File Structure
5c7bab2ded159841142ae243ccd6736e
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ScreenshotSchedule.Form1.resources
ScreenshotSchedule.Properties.Resources.resources
LayerT
[NBF]root.Data
fZGO
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: aKPt.pdb |
| Module Name | aKPt.exe |
| Full Name | aKPt.exe |
| EntryPoint | System.Void ScreenshotSchedule.Program::Main() |
| Scope Name | aKPt.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | aKPt |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 147 |
| Main Method | System.Void ScreenshotSchedule.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void ScreenshotSchedule.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
5c7bab2ded159841142ae243ccd6736e (1.1 MB)
File Structure
5c7bab2ded159841142ae243ccd6736e
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ScreenshotSchedule.Form1.resources
ScreenshotSchedule.Properties.Resources.resources
LayerT
[NBF]root.Data
fZGO
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.