Suspicious
Suspect

709ab30ffd7a5baaa09e656ac967345c

PE Executable
|
MD5: 709ab30ffd7a5baaa09e656ac967345c
|
Size: 556.03 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
709ab30ffd7a5baaa09e656ac967345c
Sha1
0b94bbf308d00392ee57ca1e873619c5585952e6
Sha256
94e9869b0c46d3f43e7fe3fc8733d82ce27d0a5e6142daa6ceee0a8d865ebc66
Sha384
fefd88a8b2dd3989b74274e523f5d3d4b7fc985e47c73aac62ca140e5dd2766d9c708b153df56f418896f5b0ba0f3b1b
Sha512
82d085199f47a08d5b84706e110292705ad3e610a8e93398739da976e955a8b2edeeea052902c813146125e57e0ed1c4cc1be34a506565f4fc041904ad768f27
SSDeep
12288:JLV6BtpmkrKpO2Wu3mX264iLBU/C77ygEMaC0oEEL7hjESCnZUWt1NQ7S:xApfrKpLWu3O8gACXbEMa2l7SS4UWt/D
TLSH
33C402167BD88A2FE2DF86396152415297B8C0E7E8D3F3EE6CD885B28B657E401071D3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
709ab30ffd7a5baaa09e656ac967345c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
709ab30ffd7a5baaa09e656ac967345c (556.03 KB)
File Structure
709ab30ffd7a5baaa09e656ac967345c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙