Suspicious
Suspect

85b86f98c0f84e2f58984cb4fafa74f1

PE Executable
|
MD5: 85b86f98c0f84e2f58984cb4fafa74f1
|
Size: 3.27 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
85b86f98c0f84e2f58984cb4fafa74f1
Sha1
e77450bce7f42e0dba5716552ea766f0b48e56cf
Sha256
59d60ad0d6f56441851a407f4ac5a9ad0cf7d8a9532fe30f2de3f02c523e672a
Sha384
68694f0efd2349e867b6dec9997d6e2c1aa76c2ccb1ed424ad52a2a06d53da74fe91660a333cdd34999349ef14701521
Sha512
d6801590c582d86d88a49881671bfee4784c06e1230d7f61624452da2770872aac23f0dc05a8f929bf1022413f977ad2a67830ebd44a41dc27078a8e195cf7e8
SSDeep
49152:svFqB2ZNag4YgPblSvLo6L2KocbRz1J7LoGdwTHHB72eh2NT:svoB2ZNag4YgPblSvL5L2KocbRL
TLSH
97E55A1477F85E33E1ABE272D5B0401667F0FC2AB3A3FB4B6191677A1C53B405842AA7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
85b86f98c0f84e2f58984cb4fafa74f1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client
Full Name

Client
EntryPoint

System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::맯㩫⣐⶝楁ఋ燰थཱྀ⛧泖똕�㉣ꡢ㻔疇渺髬(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::Ꜻ◄婻椐⬞罝핬Ⲋ퓒阰ਅᷮ炴㰬ꂙ痰韡ﭥ盅(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 䵑觯㈨檠쥱읭蝋ム厫ꚅ㏓름˅ጜ웊⥻綉婣ᅠ薏::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::맯㩫⣐⶝楁ఋ燰थཱྀ⛧泖똕�㉣ꡢ㻔疇渺髬(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ﺏ풝ᯌ뀳ዝצּ�宅梻伎ꓐ馾飸㨀䎧퀲駭솽::Ꜻ◄婻椐⬞罝핬Ⲋ퓒阰ਅᷮ炴㰬ꂙ痰韡ﭥ盅(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 䵑觯㈨檠쥱읭蝋ム厫ꚅ㏓름˅ጜ웊⥻綉婣ᅠ薏::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
85b86f98c0f84e2f58984cb4fafa74f1 (3.27 MB)
File Structure
85b86f98c0f84e2f58984cb4fafa74f1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙