9836fea2a0b1e10af44ca3991c6ec5ea

PE Executable
|
MD5: 9836fea2a0b1e10af44ca3991c6ec5ea
|
Size: 3.29 MB
|
application/x-dosexec

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	9836fea2a0b1e10af44ca3991c6ec5ea
Sha1	08d907c740f8b528324508ff9e9be85856fbf5aa
Sha256	834eeb8674c2768a31b15ae5b4a214418f4dd993196b490f4313c6cd0aeef9d8
Sha384	c568a84112e2f598995900de0e860ab3ae1e8b81f0d36ef427d621f178b0d54a4c264c4ee79dfcda39f57e80c5e8efe3
Sha512	6de4fe7dcfa458da435401d0e252de9eae0be4da3fd50bf116f172a8da96088db1194767213fa5b1006f990d7987d7538b64d72a71a2164cff7c40857abac49d
SSDeep	49152:Svlt62XlaSFNWPjljiFa2RoUYIuSNkT3xbDoGdtCOTHHB72eh2NT:SvX62XlaSFNWPjljiFXRoUYIuYkZ4
TLSH	E1E54A043BF85E32E17BD6B3D5B0505263F1E82AF363EB1B618167BA1C53B505842BA7

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name0	Value
Info	PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info	Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_d5c36ebd.exe
Module Name	Client
Full Name	Client
EntryPoint	System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::Main(System.String[])
Scope Name	Client
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.4.1.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	11123
Main Method	System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::Main(System.String[])
Main IL Instruction Count	19
Main IL	ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::㄄否ꛚ䆺饓ॠ표̱찣甥龀췧ꕁ뾜谞澬䓌ീո(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::黑⎎빈毓ﳠ艒岾⃌賭㧠῟뇗છ䛯蛍灙㼜(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 唥䟦珛漨厈꫃䜀䶚ʒᯃ좃鐩풨ﭵ多ಣ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name	Client
Full Name	Client
EntryPoint	System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::Main(System.String[])
Scope Name	Client
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.4.1.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	11123
Main Method	System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::Main(System.String[])
Main IL Instruction Count	19
Main IL	ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::㄄否ꛚ䆺饓ॠ표̱찣甥龀췧ꕁ뾜谞澬䓌ീո(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 뮾哶芶迥쯫욓詸﨎묪鉶撿⶘ᨸ吖諃㪦삌�脘::黑⎎빈毓ﳠ艒岾⃌賭㧠῟뇗છ䛯蛍灙㼜(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 唥䟦珛漨厈꫃䜀䶚ʒᯃ좃鐩풨ﭵ多ಣ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>

Artefacts

Name0	Value
PE Layout	MemoryMapped (process dump suspected)
PE Layout	MemoryMapped (process dump suspected)

9836fea2a0b1e10af44ca3991c6ec5ea (3.29 MB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
PE Layout	MemoryMapped (process dump suspected)	9836fea2a0b1e10af44ca3991c6ec5ea
PE Layout	MemoryMapped (process dump suspected)	9836fea2a0b1e10af44ca3991c6ec5ea > [Rebuild from dump]_d5c36ebd.exe

You must be signed in to post a comment.

9836fea2a0b1e10af44ca3991c6ec5ea

PE Executable | MD5: 9836fea2a0b1e10af44ca3991c6ec5ea | Size: 3.29 MB | application/x-dosexec

PE Executable
|
MD5: 9836fea2a0b1e10af44ca3991c6ec5ea
|
Size: 3.29 MB
|
application/x-dosexec