Suspicious
Suspect

9b48a3205dc416f953f7af4d383b7f12

PE Executable
|
MD5: 9b48a3205dc416f953f7af4d383b7f12
|
Size: 3.29 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
9b48a3205dc416f953f7af4d383b7f12
Sha1
567fe2f7ce75af62a54b45bcd6bceb50995cacab
Sha256
852196166533de20f4297b99176d9856b491cf1273cd2ef58be3f6cb90ec425c
Sha384
32b421d8779420c39dc8e37b6498f1e120f3e0a774504073df92bf22c728f1e27e297e5f00906211c8d48e72e9bc6eb6
Sha512
3f016ec1f5d4363cbf2fb7215c302f8ad4d7d68bde7b41ce995c5a722602f1cc79a7fb37d18e7c0077772bdf4e1cc752d57e3b0d6d82392e57bd1d863658df6d
SSDeep
49152:evyI22SsaNYfdPBldt698dBcjH84kiork/+aeoGd167THHB72eh2NT:evf22SsaNYfdPBldt6+dBcjH8dfY
TLSH
29E55B143BF85F23E1BBE273D5B0441667F0EC2AB3A3EB1B5191667E1C53B4058426AB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9b48a3205dc416f953f7af4d383b7f12
[Rebuild from dump]_53bfdab6.exe
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_53bfdab6.exe
Module Name

Client
Full Name

Client
EntryPoint

System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::῕嬌䢲쁃큙懟破ꨮ缼�䇈⺜갥㣨⚋爫ሴ(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::ﺚ唣숟ⅹ禞�㩤ᝳ㉗Ṅ㎧獣䆩練綗꤄輋뫎(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 㪂�錍镏겣䰦ꞽ캴臤⇼츓애겗洲罗⸉::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::῕嬌䢲쁃큙懟破ꨮ缼�䇈⺜갥㣨⚋爫ሴ(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ۤ筁咕⋎肥▋饭总뜰魁�阀롢啇㈕ᢰ悴潗性::ﺚ唣숟ⅹ禞�㩤ᝳ㉗Ṅ㎧獣䆩練綗꤄輋뫎(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 㪂�錍镏겣䰦ꞽ캴臤⇼츓애겗洲罗⸉::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
9b48a3205dc416f953f7af4d383b7f12 (3.29 MB)
File Structure
9b48a3205dc416f953f7af4d383b7f12
[Rebuild from dump]_53bfdab6.exe
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PE Layout

MemoryMapped (process dump suspected)

9b48a3205dc416f953f7af4d383b7f12
PE Layout

MemoryMapped (process dump suspected)

9b48a3205dc416f953f7af4d383b7f12 > [Rebuild from dump]_53bfdab6.exe
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙