Suspicious
Suspect

9e23dc267935f7ad904cb904f13bba08

PE Executable
|
MD5: 9e23dc267935f7ad904cb904f13bba08
|
Size: 810.5 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
9e23dc267935f7ad904cb904f13bba08
Sha1
fb7e16ebf638410813538a32b9f1e33def45a409
Sha256
5078c343420073ff89ed24cf79285abacfe4701acd4e33ccdefebb923441d352
Sha384
f0662eba49175f19fb67b3a35995ccd582b1903f7219eec100fdd4ccb6eb73923a9ad0514fcdf666a6b23b98867c8587
Sha512
0dd36e49b0b467a3964a78997b740597d5ecbbf49a31a0a6bfc0b5125c4e560d8e953a00e9f5bfce3ea21494d699d8c3d98794729b6620fc54ef1a0b2a4a6cac
SSDeep
12288:iNbrQ6QcvB70CZjvUwvVHnot9KhIZYabcLv5b1LTdoAfayb/ETezV:ufvBbYOg9KVab891TdoAh/ac
TLSH
2B05F0A7229BF832F4F2D6312864F2F0527C2DB56103931286EB7F9B7D3A1B4A5411D6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9e23dc267935f7ad904cb904f13bba08
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ping_Pong.Form1.resources
$this.Icon
[NBF]root.IconData
nch
[NBF]root.Data
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
timer1.TrayLocation
ListingMatcher.Properties.Resources.resources
Ywcx
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: XKng.pdb
Module Name

XKng.exe
Full Name

XKng.exe
EntryPoint

System.Void ListingMatcher.Program::Main()
Scope Name

XKng.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XKng
Assembly Version

1.8.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

58
Main Method

System.Void ListingMatcher.Program::Main()
Main IL Instruction Count

22
Main IL

nop <null> newobj System.Void Ping_Pong.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ldstr products.txt call System.Collections.Generic.List`1<ListingMatcher.Product> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Product>(System.String) stloc.0 <null> ldstr listings.txt call System.Collections.Generic.List`1<ListingMatcher.Listing> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Listing>(System.String) stloc.1 <null> ldloc.0 <null> ldloc.1 <null> call System.Collections.Generic.List`1<ListingMatcher.Result> ListingMatcher.Matcher::FindProductToListingMatching(System.Collections.Generic.List`1<ListingMatcher.Product>,System.Collections.Generic.List`1<ListingMatcher.Listing>) stloc.2 <null> ldloc.2 <null> call System.String[] ListingMatcher.JsonIO::JsonSerialize<ListingMatcher.Result>(System.Collections.Generic.List`1<ListingMatcher.Result>) stloc.3 <null> ldstr results.txt ldloc.3 <null> call System.Void System.IO.File::WriteAllLines(System.String,System.String[]) nop <null> ret <null>
Module Name

XKng.exe
Full Name

XKng.exe
EntryPoint

System.Void ListingMatcher.Program::Main()
Scope Name

XKng.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XKng
Assembly Version

1.8.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

58
Main Method

System.Void ListingMatcher.Program::Main()
Main IL Instruction Count

22
Main IL

nop <null> newobj System.Void Ping_Pong.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ldstr products.txt call System.Collections.Generic.List`1<ListingMatcher.Product> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Product>(System.String) stloc.0 <null> ldstr listings.txt call System.Collections.Generic.List`1<ListingMatcher.Listing> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Listing>(System.String) stloc.1 <null> ldloc.0 <null> ldloc.1 <null> call System.Collections.Generic.List`1<ListingMatcher.Result> ListingMatcher.Matcher::FindProductToListingMatching(System.Collections.Generic.List`1<ListingMatcher.Product>,System.Collections.Generic.List`1<ListingMatcher.Listing>) stloc.2 <null> ldloc.2 <null> call System.String[] ListingMatcher.JsonIO::JsonSerialize<ListingMatcher.Result>(System.Collections.Generic.List`1<ListingMatcher.Result>) stloc.3 <null> ldstr results.txt ldloc.3 <null> call System.Void System.IO.File::WriteAllLines(System.String,System.String[]) nop <null> ret <null>
9e23dc267935f7ad904cb904f13bba08 (810.5 KB)
File Structure
9e23dc267935f7ad904cb904f13bba08
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ping_Pong.Form1.resources
$this.Icon
[NBF]root.IconData
nch
[NBF]root.Data
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
timer1.TrayLocation
ListingMatcher.Properties.Resources.resources
Ywcx
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙