Suspicious
Suspect

8886f4c638b9b2282ca1a37583798dd1

PE Executable
|
MD5: 8886f4c638b9b2282ca1a37583798dd1
|
Size: 860.67 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
8886f4c638b9b2282ca1a37583798dd1
Sha1
ec1a67e641a9ba41dfb31ed5ca15130a23f1c6df
Sha256
7b2f5b841ea073514d1a9ece6ee47629f3b95fd3613624fd4f1a5ceaa4481eb5
Sha384
6abadb1d4a961e24945eb068e307ed78d3417c239df1e1b8fae372879170c20b206f5114dc9d2b13789381703ba5bf59
Sha512
a8d3eecf999672448083129838c8f1fda19065b0214c55659d0fdb8aa6a0c9ebe75b90ccbdbd97244c69bc1acff8aca1ae1921182cc8c94e728ddc2f9926e337
SSDeep
12288:W+QPMlCg+hgK7c4aFCbtlL7V4h2rx71Hu9gQNcAHCJM/c0fEnuBJhDwreNwYdG1l:Wx7cfFCbtl1Z1HmcwW/nujhmAjFIjJ
TLSH
5705E00CFA35B966C55E0FB3C453A00D83D54AABE735F29B499909D32A3CB86450FB4B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
8886f4c638b9b2282ca1a37583798dd1
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

zyQ.exe
Full Name

zyQ.exe
EntryPoint

System.Void Library.Program::Main()
Scope Name

zyQ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

zyQ
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void Library.Program::Main()
Main IL Instruction Count

21
Main IL

call System.Void Library.FormSettings::Ⴈ() newobj System.Void Library.FormMenu::.ctor() ldc.i4 434 ldc.i4 408 call System.Void BookFlowLibrary.Properties.Resources::Ⴐ<System.Windows.Forms.Form>(System.Windows.Forms.Form,System.Int16,System.Int16) ret <null> ldtoken System.Void Library.Program::Main() pop <null> ldsfld System.Char[] Library.Book::Ⴈ ldc.i4.s 14 ldsfld System.Char[] Library.Book::Ⴈ ldc.i4.s 14 ldelem.u2 <null> ldsfld System.Char[] Library.Book::Ⴈ ldc.i4 159 ldelem.u2 <null> or <null> ldc.i4 135 and <null> stelem.i2 <null> ret <null>
Module Name

zyQ.exe
Full Name

zyQ.exe
EntryPoint

System.Void Library.Program::Main()
Scope Name

zyQ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

zyQ
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void Library.Program::Main()
Main IL Instruction Count

21
Main IL

call System.Void Library.FormSettings::Ⴈ() newobj System.Void Library.FormMenu::.ctor() ldc.i4 434 ldc.i4 408 call System.Void BookFlowLibrary.Properties.Resources::Ⴐ<System.Windows.Forms.Form>(System.Windows.Forms.Form,System.Int16,System.Int16) ret <null> ldtoken System.Void Library.Program::Main() pop <null> ldsfld System.Char[] Library.Book::Ⴈ ldc.i4.s 14 ldsfld System.Char[] Library.Book::Ⴈ ldc.i4.s 14 ldelem.u2 <null> ldsfld System.Char[] Library.Book::Ⴈ ldc.i4 159 ldelem.u2 <null> or <null> ldc.i4 135 and <null> stelem.i2 <null> ret <null>
8886f4c638b9b2282ca1a37583798dd1 (860.67 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙