Suspicious
Suspect

91805af2441d28018bded7aba8540a71

PE Executable
|
MD5: 91805af2441d28018bded7aba8540a71
|
Size: 3.29 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
91805af2441d28018bded7aba8540a71
Sha1
b342b99c9891ea545ef6881ee3547fb1c9234b71
Sha256
f889eda1cdc0c603c471ef884124659ce87f8c711d3122e48984705598b09fc5
Sha384
30ee3a826a5175315f35e1d7007e98ab8fea1ecdd7f8a81875ecf8121040a730f87ba258d790e4d32118ea82774ca593
Sha512
62cdaa1ee3f3b6032a0da529a67e467ed689a4b6f49a4a977786fb8469fae01618b2e16bc2ce67ffd4d4ce9370e456afe25edad26a93f391bbf941738894af2e
SSDeep
49152:ZvfI22SsaNYfdPBldt698dBcjHE2aEEmkTk/8FhoGdx/THHB72eh2NT:Zvw22SsaNYfdPBldt6+dBcjHE2a/nh
TLSH
12E55B143BF85F23E1BBE27395B0041667F0EC2AB3A3EB1B5191677E1C53B4059426AB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
91805af2441d28018bded7aba8540a71
[Rebuild from dump]_94b1271f.exe
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_94b1271f.exe
Module Name

Client
Full Name

Client
EntryPoint

System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::⿫㾌枌脨몲膙֋浙앥睙짿봌媠讂瘟僆옷⦴歷(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::�ퟲ㌱网푎撉눆⹫຋摓青꧰逖ചⱝ䜦伄᾽镻뺆(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 뼺ಾ殖乱뾖偅๊먙䛨흜塛溪鱟ㇸ촦皕饍㦥䠍::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::⿫㾌枌脨몲膙֋浙앥睙짿봌媠讂瘟僆옷⦴歷(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 䯏㲈�♁옢璔ዤ�㝟毼㶈綄挣弲엖Ⲻࠛⶹ::�ퟲ㌱网푎撉눆⹫຋摓青꧰逖ചⱝ䜦伄᾽镻뺆(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 뼺ಾ殖乱뾖偅๊먙䛨흜塛溪鱟ㇸ촦皕饍㦥䠍::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
91805af2441d28018bded7aba8540a71 (3.29 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙