Malicious
Malicious

7cc23c76724b4bacc2bcc8f6ef016241

PE Executable
|
MD5: 7cc23c76724b4bacc2bcc8f6ef016241
|
Size: 815.1 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
7cc23c76724b4bacc2bcc8f6ef016241
Sha1
2be21214b9085d4ffc4720baf1f37c2fedf9ac73
Sha256
2e2ee0c818f731f57404e72ade9a15fa87afd609085a357afe30bbd4618a627c
Sha384
da354259f8e3c70d2c8dd1b923b26d619ff8a759810b2c419666e0ce45f1a40b2e62f09fbde539e6e33d16d00b530132
Sha512
324d0ba46e3a2acac13d154b835d145fcad9bdb3e3f9b4d82352c1013c63aea213fad0ed62a36365b9c607dc245d0f78b406e0e0a7a10c99265f13f7378f98b1
SSDeep
24576:NgxVb6tXpg5rXcwDgaOkA5QfSz82gH8cyPUk:Sxl6mrXcwD3OHQggHpy
TLSH
4E05126062ABE912C89547B106B0D2760378AF8EA433C34FACDDEDDBB61639560D43D3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
7cc23c76724b4bacc2bcc8f6ef016241
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
PePb.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
progressBar1.Modifiers
$this.Language
$this.GridSize
SecureMode.Properties.Resources.resources
vgx
EmDu
Informations
Name
 Value
Module Name

PePb.exe
Full Name

PePb.exe
EntryPoint

System.Void js.Vh::Vh()
Scope Name

PePb.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

PePb
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

247
Main Method

System.Void js.Vh::Vh()
Main IL Instruction Count

15
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() br IL_0027: nop nop <null> newobj System.Void Bn.ax::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) br IL_0025: nop call System.Void pb.WD::opwE3a() br IL_000B: nop nop <null> ret <null> nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) br IL_001B: call System.Void pb.WD::opwE3a()
Module Name

PePb.exe
Full Name

PePb.exe
EntryPoint

System.Void js.Vh::Vh()
Scope Name

PePb.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

PePb
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

247
Main Method

System.Void js.Vh::Vh()
Main IL Instruction Count

15
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() br IL_0027: nop nop <null> newobj System.Void Bn.ax::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) br IL_0025: nop call System.Void pb.WD::opwE3a() br IL_000B: nop nop <null> ret <null> nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) br IL_001B: call System.Void pb.WD::opwE3a()
Artefacts
Name
 Value
Embedded Resources

3
Suspicious Type Names (1-2 chars)

14
7cc23c76724b4bacc2bcc8f6ef016241 (815.1 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙