Suspicious
Suspect

87a21e85fb19a1d20f067fa7cc153c33

PE Executable
|
MD5: 87a21e85fb19a1d20f067fa7cc153c33
|
Size: 811.53 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
87a21e85fb19a1d20f067fa7cc153c33
Sha1
6bda57239fc597cb4d0b55446023e5f2d33b3ce2
Sha256
a72143b5769c74747fa3e9d4e6ecca69f9df376b4d8623fbfaf6cb1629bb8bd5
Sha384
07f48f115c3a12570e5217e06b7854136d01d642cee5858a7f29730df52fa382d33e2553e30a7152782faa452a50b1de
Sha512
0ebbc95f07fde47f90d666e3c4082d1167db10139cedcf648f92fad6830522ca03ac4c7187757a608c12acf70bcf70b8e8eaadcac8963b260b60cd1b6e229602
SSDeep
24576:mQi52OuusSLkxDK5mGRBpLQlSp2IgYmEyUOk0M3Qy:Bo2yszVGvpLbGMydk0Mh
TLSH
220501A0A1C1D531C9501FF4C970D3B68E7AAF89A4F1C213EAF9BCDBB5797412888253

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
UPolyX 0.3 -> delikon
File Structure
87a21e85fb19a1d20f067fa7cc153c33
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
NetworkMonitor.Properties.Resources.resources
KGiw
[NBF]root.Data
[NBF]root.Data-preview.png
cgi
[NBF]root.Data
Informations
Name
 Value
Module Name

pmCF.exe
Full Name

pmCF.exe
EntryPoint

System.Void NetworkMonitor.Program::Main()
Scope Name

pmCF.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

pmCF
Assembly Version

7.8.6.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

113
Main Method

System.Void NetworkMonitor.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void NetworkMonitor.Forms.NetworkUtilitiesForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

pmCF.exe
Full Name

pmCF.exe
EntryPoint

System.Void NetworkMonitor.Program::Main()
Scope Name

pmCF.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

pmCF
Assembly Version

7.8.6.7
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

113
Main Method

System.Void NetworkMonitor.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void NetworkMonitor.Forms.NetworkUtilitiesForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
PDB Path

pmCF.pdb
87a21e85fb19a1d20f067fa7cc153c33 (811.53 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙