Suspicious
Suspect

63c36c7e24be443872171b9b181bcf3b

PE Executable
|
MD5: 63c36c7e24be443872171b9b181bcf3b
|
Size: 996.86 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
63c36c7e24be443872171b9b181bcf3b
Sha1
e04bde4ed318d91b585880f776369f426f8cd42e
Sha256
7a963fe0d1784af8a2cb69eabc7499cc6255a7212a27f3f1af4a93742e6a934c
Sha384
77005ac0fc17068f3e891686b88cefab57e594b1e76dd9dea0bb3dd9c6ebc7b0b593a9fcb89f6e8c9c4211990cf8c596
Sha512
dc2ff67cc095b202353439379e0fc7dc2d9e1448a2271f4276a48533f0b1aca3f3a0af102c3a53311314865a760ea5d4d7cfd41c8b400c3397e260bbede961a2
SSDeep
12288:NhnzRCOuNcY9BHP3tqgXOyhfWXzj25KgYTV6g9nhBpFW1qRgfi3gKJvxs8AlHiyX:f8OwHBHP3tl+BzC4gYFhBDWu2SJ2ML
TLSH
A125230EEB7DBE11CF5F9777D6239901C0E645A36469F4AE0AC51CE328368DD8B8B814

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
63c36c7e24be443872171b9b181bcf3b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

YgAY.exe
Full Name

YgAY.exe
EntryPoint

System.Void BoggleWordFinder.Program::Main()
Scope Name

YgAY.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

YgAY
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void BoggleWordFinder.Program::Main()
Main IL Instruction Count

27
Main IL

ldsfld System.Int32[] BoggleWordFinder.FormAjuda::Ⴅ stloc.2 <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void BoggleWordFinder.Properties.Resources::Ⴃ() ldc.i4.2 <null> ldc.i4.s 59 call System.Void BoggleWordFinder.Properties.Resources::Ⴓ(System.Int32,System.Int16) ldc.i4.0 <null> ldc.i4 204 ldc.i4 208 call System.Void BoggleWordFinder.FormPrincipal::Ⴓ(System.Boolean,System.Int32,System.Int16) ldloc.2 <null> ldc.i4 141 ldelem.i4 <null> ldc.i4 20160 sub <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void BoggleWordFinder.FormPrincipal::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void BoggleWordFinder.Program::Main() pop <null> ret <null>
Module Name

YgAY.exe
Full Name

YgAY.exe
EntryPoint

System.Void BoggleWordFinder.Program::Main()
Scope Name

YgAY.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

YgAY
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void BoggleWordFinder.Program::Main()
Main IL Instruction Count

27
Main IL

ldsfld System.Int32[] BoggleWordFinder.FormAjuda::Ⴅ stloc.2 <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void BoggleWordFinder.Properties.Resources::Ⴃ() ldc.i4.2 <null> ldc.i4.s 59 call System.Void BoggleWordFinder.Properties.Resources::Ⴓ(System.Int32,System.Int16) ldc.i4.0 <null> ldc.i4 204 ldc.i4 208 call System.Void BoggleWordFinder.FormPrincipal::Ⴓ(System.Boolean,System.Int32,System.Int16) ldloc.2 <null> ldc.i4 141 ldelem.i4 <null> ldc.i4 20160 sub <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void BoggleWordFinder.FormPrincipal::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void BoggleWordFinder.Program::Main() pop <null> ret <null>
63c36c7e24be443872171b9b181bcf3b (996.86 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙