Suspicious
Suspect

6ce5a78b172602f8a86ae586cd219969

PE Executable
|
MD5: 6ce5a78b172602f8a86ae586cd219969
|
Size: 3.83 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
6ce5a78b172602f8a86ae586cd219969
Sha1
67b9d6b0b5f90c2bc0d2d898f005cc12d3abdbb9
Sha256
79dc2b2defde3e7a0a1eaafd44acb8022df1812f2881c93ed173d4e451f9ee48
Sha384
9b46c994fa6aa3a84584031865fd827954eaff8e325de51fc948f2a2455b13e54d5bef6b6191065c599698620411d8cd
Sha512
76730c9533487497dd1a442a62e636282f7c350d0cdd82631b6647c7c6019e5162306ee1dd81d9a55213ba15a785b8d862ac3d9669cd0cf321ca2366da16f686
SSDeep
98304:kp51MQJhxbnjBELgkyPTypii0JsMxUUpTptTSZtP2KTGM:kp51rdBEjv01OU1ptGZ87M
TLSH
DC0623911F4D2671E66F8775A422E11AD2F4D0B2E76EE35E4D40B6F43B073C08A4A2B7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
6ce5a78b172602f8a86ae586cd219969
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ydDEQ
Informations
Name
 Value
Module Name

for installs.exe
Full Name

for installs.exe
EntryPoint

System.Void ::()
Scope Name

for installs.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

for installs
Assembly Version

1.0.7497.9676
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

20
Main Method

System.Void ::()
Main IL Instruction Count

27
Main IL

ldsfld System.Threading.ThreadExceptionEventHandler /:: dup <null> brtrue.s IL_001F: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) pop <null> ldsfld / /:: ldftn System.Void /::(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadExceptionEventHandler /:: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler /:: dup <null> brtrue.s IL_0048: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld / /:: ldftn System.Void /::(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler /:: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void  ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

for installs.exe
Full Name

for installs.exe
EntryPoint

System.Void ::()
Scope Name

for installs.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

for installs
Assembly Version

1.0.7497.9676
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

20
Main Method

System.Void ::()
Main IL Instruction Count

27
Main IL

ldsfld System.Threading.ThreadExceptionEventHandler /:: dup <null> brtrue.s IL_001F: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) pop <null> ldsfld / /:: ldftn System.Void /::(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadExceptionEventHandler /:: call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldsfld System.UnhandledExceptionEventHandler /:: dup <null> brtrue.s IL_0048: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) pop <null> ldsfld / /:: ldftn System.Void /::(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.UnhandledExceptionEventHandler /:: callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void  ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
6ce5a78b172602f8a86ae586cd219969 (3.83 MB)
File Structure
6ce5a78b172602f8a86ae586cd219969
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ydDEQ
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙