Suspect
7eead46716c04da246d35c8778f8dbbc
PE Executable | MD5: 7eead46716c04da246d35c8778f8dbbc | Size: 781.31 KB | application/x-dosexec
PE Executable
MD5: 7eead46716c04da246d35c8778f8dbbc
Size: 781.31 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | 7eead46716c04da246d35c8778f8dbbc
|
| Sha1 | c4a3b8ad4b22010ddb643243ff51980d2c1a1645
|
| Sha256 | 0e337fa65c742f6c88ed13fc1747ea12a215db272d7739bf47df43cfdd05932a
|
| Sha384 | 01f2afc6b0a2c0f01e59d70899fcb38a044b454f80a6e3d39248debad9b776512fdf90a46c2196e8e9fab64a9647c296
|
| Sha512 | 9ca25bac013b3067a8adeb3859176d4607f7fd280f466b67cce1222c25d0286a488e5e7d13ec6113626322ce5b0ff8dbcc344ccd5ecc43f24cf3899af49bd6d6
|
| SSDeep | 12288:iaPFt81gWvNbLuHQnvOqCmkpkGn1hUctF297+GRBxqDYETeUojpT9DMqRe+9EKjy:iaPF+6wnvOskpjnD3U97+jYETBwQEuo
|
| TLSH | 76F4126066ADDA23D8A507F00431DABA43729D1EFA36D343CDE9ADEF3905349B520B47
|
File Structure
7eead46716c04da246d35c8778f8dbbc
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
WindowsFormsDemo.About.resources
WindowsFormsDemo.Calculator.resources
$this.Icon
[NBF]root.IconData
WELL
[NBF]root.Data
WindowsFormsDemo.MenüForm.resources
WindowsFormsDemo.Properties.Resources.resources
1
[NBF]root.Data
[NBF]root.Data-preview.png
2
[NBF]root.Data
[NBF]root.Data-preview.png
3
[NBF]root.Data
[NBF]root.Data-preview.png
4
[NBF]root.Data
[NBF]root.Data-preview.png
5
[NBF]root.Data
[NBF]root.Data-preview.png
6
[NBF]root.Data
[NBF]root.Data-preview.png
7
[NBF]root.Data
[NBF]root.Data-preview.png
dhHh
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: ? |
| Module Name | NcCI.exe |
| Full Name | NcCI.exe |
| EntryPoint | System.Void WindowsFormsDemo.Program::Main() |
| Scope Name | NcCI.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | NcCI |
| Assembly Version | 16.9.2.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 287 |
| Main Method | System.Void WindowsFormsDemo.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void WindowsFormsDemo.MenüForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
7eead46716c04da246d35c8778f8dbbc (781.31 KB)
File Structure
7eead46716c04da246d35c8778f8dbbc
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
WindowsFormsDemo.About.resources
WindowsFormsDemo.Calculator.resources
$this.Icon
[NBF]root.IconData
WELL
[NBF]root.Data
WindowsFormsDemo.MenüForm.resources
WindowsFormsDemo.Properties.Resources.resources
1
[NBF]root.Data
[NBF]root.Data-preview.png
2
[NBF]root.Data
[NBF]root.Data-preview.png
3
[NBF]root.Data
[NBF]root.Data-preview.png
4
[NBF]root.Data
[NBF]root.Data-preview.png
5
[NBF]root.Data
[NBF]root.Data-preview.png
6
[NBF]root.Data
[NBF]root.Data-preview.png
7
[NBF]root.Data
[NBF]root.Data-preview.png
dhHh
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.