Suspicious
Suspect

8c61c3e2dfa8c411b6cb0b35956bd0ee

PE Executable
|
MD5: 8c61c3e2dfa8c411b6cb0b35956bd0ee
|
Size: 718.85 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
8c61c3e2dfa8c411b6cb0b35956bd0ee
Sha1
2fc9ba2bc38a1c013450a0a70a7a6aabfb7bff9f
Sha256
fbabaf0bb835c3c27bb5b01c283e92d0e35ba3d4c3b8216d40e2fe59b0828b44
Sha384
25d2e2abebbad45f7a4f4878b3fc11390d506f375d3a8159454debb452e80d7017f92cfbed008909a989967496fb011e
Sha512
9fcd7253ba977aae3fffeed177bc52a75bd367d56bec6b386855d68bb75f38c79f337270d55c88c796368f194785ef6329b15520eed2c4988f9099bfe14e0558
SSDeep
12288:tDK5wgZRuqPyHNBcPf83FYuz+mqqwXh58Tf4ntQgW5eE3l2BguKw5AXGhEzmvwcI:eVyHMEYuCmwh58TcQgW5eE36hAYmmNu/
TLSH
DEE40201125ACB03D0775FF416A1E3B053BCAE89A932D71B8FD23EDBB56AB5449013A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
8c61c3e2dfa8c411b6cb0b35956bd0ee
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
DicePoker.Forms.FormPrincipal.resources
DicePoker.Properties.Resources.resources
VY
[NBF]root.Data
kuuiK
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: LIVdr.pdb
Module Name

LIVdr.exe
Full Name

LIVdr.exe
EntryPoint

System.Void DicePoker.Program::Main()
Scope Name

LIVdr.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

LIVdr
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

335
Main Method

System.Void DicePoker.Program::Main()
Main IL Instruction Count

12
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void DicePoker.Forms.FormPrincipal::.ctor() stloc.0 <null> ldloc.0 <null> call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

LIVdr.exe
Full Name

LIVdr.exe
EntryPoint

System.Void DicePoker.Program::Main()
Scope Name

LIVdr.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

LIVdr
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

335
Main Method

System.Void DicePoker.Program::Main()
Main IL Instruction Count

12
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void DicePoker.Forms.FormPrincipal::.ctor() stloc.0 <null> ldloc.0 <null> call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
8c61c3e2dfa8c411b6cb0b35956bd0ee (718.85 KB)
File Structure
8c61c3e2dfa8c411b6cb0b35956bd0ee
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
DicePoker.Forms.FormPrincipal.resources
DicePoker.Properties.Resources.resources
VY
[NBF]root.Data
kuuiK
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙