Suspicious
Suspect

638ba2dfd6ed6d460b5de8835b11efcb

PE Executable
|
MD5: 638ba2dfd6ed6d460b5de8835b11efcb
|
Size: 569.86 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
638ba2dfd6ed6d460b5de8835b11efcb
Sha1
bad8cbd946fa999f0e209806f67ad9dc1fbd3f5b
Sha256
b310dcdd9e68c3f72ef76ef1f10506a3094e1de2f96564276d0f7dc8d11bf5f1
Sha384
a254de351fa466548cc70eb3f7be2f50623e919eacb8ec7fb31b5f927de1d54a756450f9d11eec0780be8ba4fdc20be6
Sha512
09ff9542fdc3d1cc1c15d8583d655ea187370db6140a703271052c55bcf315730c75dc759228835e952bd55923f5994c2edc3ef2cd06e9aaae0eb2eb1f06142f
SSDeep
12288:qQDWmHYBK6I8lf1g+X8JZHYsyD7Y9dodwcm+Uia4xkTvVyLT0Uxm:PWmwbl9X8JZH47XwTYa4xuvV20Uo
TLSH
D8C401517BEADA52D5FA4BF01A70D2B2833A9FDDA400C34BAADEACEB7C5174414443C6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
638ba2dfd6ed6d460b5de8835b11efcb
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
RealtekAudio.Properties.Resources.resources
GBaZ
sik
Informations
Name
 Value
Module Name

JZWq.exe
Full Name

JZWq.exe
EntryPoint

System.Void RealtekAudio.Program::Main()
Scope Name

JZWq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JZWq
Assembly Version

6.1.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

311
Main Method

System.Void RealtekAudio.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void RealtekAudio.VirtualForm81::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

JZWq.exe
Full Name

JZWq.exe
EntryPoint

System.Void RealtekAudio.Program::Main()
Scope Name

JZWq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JZWq
Assembly Version

6.1.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

311
Main Method

System.Void RealtekAudio.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void RealtekAudio.VirtualForm81::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

0
638ba2dfd6ed6d460b5de8835b11efcb (569.86 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙