Suspicious
Suspect

9e1344da3b5f1298462c5628c445492c

PE Executable
|
MD5: 9e1344da3b5f1298462c5628c445492c
|
Size: 699.9 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
9e1344da3b5f1298462c5628c445492c
Sha1
16b911799fb2bad5dbacf84dce82b1204b821a4e
Sha256
09119a05e2e2a4857d5eae0c7d8fc474869e6e6483c876a78ddbfe91661a0cc5
Sha384
2499a35937264eb94994e77eb09747a50b551eee823171ca418cfb76902faeaa9403af9836af9190b6fcc65222f05c6b
Sha512
97805e43625a3d1254244b1cb30c14e8b716bc4a699d4bc44d22fd4310aee20f0e1fa8cf56ad0d57990d2022ed9182a1b16cb0e614347f721fcdd1766109561c
SSDeep
12288:GG0f2d7zg5nAvA3M5Vk/BTdpO3LSAR7YbV3zxePE/5KD3HIbIPdmH:B/anicMCIWmWjcCq3IiS
TLSH
5EE4010CFF267BA2C6490F7FC897210480E60267A5B6FB5B08D754E74A5DB85C68BE13

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
9e1344da3b5f1298462c5628c445492c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Xshm.exe
Full Name

Xshm.exe
EntryPoint

System.Void SpaceCalculator.Program::Main()
Scope Name

Xshm.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Xshm
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void SpaceCalculator.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.0 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SpaceCalculator.Classes.SpaceComplexityResult::Ⴅ() ldc.i4 918 ldc.i4 1008 call System.Void SpaceCalculator.Classes.SpaceComplexityResult::Ⴓ(System.Char,System.Char) ldc.i4.0 <null> ldc.i4 301 ldc.i4 302 call System.Void SpaceCalculator.Classes.MemoryTracker::Ⴅ(System.Boolean,System.Char,System.Int32) ldc.i4.2 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void SpaceCalculator.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SpaceCalculator.Program::Main() pop <null> ret <null>
Module Name

Xshm.exe
Full Name

Xshm.exe
EntryPoint

System.Void SpaceCalculator.Program::Main()
Scope Name

Xshm.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Xshm
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void SpaceCalculator.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.0 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void SpaceCalculator.Classes.SpaceComplexityResult::Ⴅ() ldc.i4 918 ldc.i4 1008 call System.Void SpaceCalculator.Classes.SpaceComplexityResult::Ⴓ(System.Char,System.Char) ldc.i4.0 <null> ldc.i4 301 ldc.i4 302 call System.Void SpaceCalculator.Classes.MemoryTracker::Ⴅ(System.Boolean,System.Char,System.Int32) ldc.i4.2 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void SpaceCalculator.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void SpaceCalculator.Program::Main() pop <null> ret <null>
9e1344da3b5f1298462c5628c445492c (699.9 KB)
File Structure
9e1344da3b5f1298462c5628c445492c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙