Suspicious
Suspect

68b82cd6547adfada567ea8a3485925d

PE Executable
|
MD5: 68b82cd6547adfada567ea8a3485925d
|
Size: 744.45 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
68b82cd6547adfada567ea8a3485925d
Sha1
2f44f6a43057d05b2c8ea0a84234cbd58824e713
Sha256
6a64a490df8bbc5569f98983a51a8383e8f6077c93af36c76a6d5c194ff8e5b3
Sha384
88e847f53911178e8b13fa46dd8fbe7f7b19d6b9d49d2a572474afbda2ebd000e827a2348337afede1cca94d3680550d
Sha512
79975ebe68cc3672ae6ba873dd2c0a687e5cb39a0a769e9ffe8e30548ff43f92b25f1678e541175e08a77f1c91e746b803337aaf3880823af1088943e35e778b
SSDeep
12288:+pcsz2yMmRjQIbSuhh4WJNuS7F6qHasXxBENtqgbuGdrGPaBZq5:+m5yMaZ7QWySB1HaiktqgKqGPaBZq5
TLSH
E1F41265322ED813D5E627F05DB1C3B803B69EDA7001D3AA4EEAFDDB7C667450281392

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
68b82cd6547adfada567ea8a3485925d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
DirectoryPlus.MainForm.resources
DirectoryPlus.Properties.Resources.resources
gilek
[NBF]root.Data
smHw
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: XiCN.pdb
Module Name

XiCN.exe
Full Name

XiCN.exe
EntryPoint

System.Void DirectoryPlus.Program::Main()
Scope Name

XiCN.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XiCN
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

161
Main Method

System.Void DirectoryPlus.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void DirectoryPlus.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

XiCN.exe
Full Name

XiCN.exe
EntryPoint

System.Void DirectoryPlus.Program::Main()
Scope Name

XiCN.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XiCN
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

161
Main Method

System.Void DirectoryPlus.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void DirectoryPlus.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
68b82cd6547adfada567ea8a3485925d (744.45 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙