Suspicious
Suspect

9f9ae2e42da1972c0bce08d01e826e43

PE Executable
|
MD5: 9f9ae2e42da1972c0bce08d01e826e43
|
Size: 851.46 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
9f9ae2e42da1972c0bce08d01e826e43
Sha1
b2c079e7255110ffb7555d6565ffa921a636c340
Sha256
f61471bf729deddf78cce549b739bb77509aa030ffbb161ba700f4c8fd943cbd
Sha384
f04b2bf3cac86b4f46b86a79b85c0ecd6619fca11db281ece64e7846d37576e0dd6f6acb02b35dc80eb0e3de03333043
Sha512
291a50ce3dca79edbcaad6c156bfdd91fff8097893a8bfcc05bd56e83d480cd2150abd12c0dea5eabe322f8dd8b1b7013bb84dbf2ccd7912c78544418a0793d5
SSDeep
24576:FDy4sONfdhFhFG1hTRiNux6rSa6u3vflk+6lh:1yDSJO1hTANDSaU+Ch
TLSH
B90523576E9DFE3DD24E973CC4D10A85CCB1C35F374272F3A5393A722282A669882D52

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9f9ae2e42da1972c0bce08d01e826e43
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Fmokq.Properties.Resources.resources
Aqsao
      ​    
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

acr-GETWELL-100bnqxk.aqk_.exe
Full Name

acr-GETWELL-100bnqxk.aqk_.exe
EntryPoint

System.Void  ::()
Scope Name

acr-GETWELL-100bnqxk.aqk_.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

acr-GETWELL-100bnqxk.aqk_
Assembly Version

1.0.5699.9151
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

32
Main IL

ldc.i4.1 <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_0078: ret nop <null> newobj System.Void  ::.ctor() ldc.i4 -895344372 call System.String ::(System.Int32) ldc.i4 -895344339 call System.String ::(System.Int32) ldc.i4 -895344294 call System.String ::(System.Int32) ldc.i4 -895344274 call System.String ::(System.Int32) callvirt System.Void  ::(System.String,System.String,System.String,System.String) ldc.i4.0 <null> ldsfld    ::  ldfld System.Int32  ::  brtrue.s IL_0052: switch(IL_005B) pop <null> ldc.i4.0 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_0078: ret pop <null> ldc.i4.0 <null> ldsfld    ::  ldfld System.Int32  ::  brtrue.s IL_006D: switch(IL_0076) pop <null> ldc.i4.0 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_0078: ret ret <null>
Module Name

acr-GETWELL-100bnqxk.aqk_.exe
Full Name

acr-GETWELL-100bnqxk.aqk_.exe
EntryPoint

System.Void  ::()
Scope Name

acr-GETWELL-100bnqxk.aqk_.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

acr-GETWELL-100bnqxk.aqk_
Assembly Version

1.0.5699.9151
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

32
Main IL

ldc.i4.1 <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_0078: ret nop <null> newobj System.Void  ::.ctor() ldc.i4 -895344372 call System.String ::(System.Int32) ldc.i4 -895344339 call System.String ::(System.Int32) ldc.i4 -895344294 call System.String ::(System.Int32) ldc.i4 -895344274 call System.String ::(System.Int32) callvirt System.Void  ::(System.String,System.String,System.String,System.String) ldc.i4.0 <null> ldsfld    ::  ldfld System.Int32  ::  brtrue.s IL_0052: switch(IL_005B) pop <null> ldc.i4.0 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_0078: ret pop <null> ldc.i4.0 <null> ldsfld    ::  ldfld System.Int32  ::  brtrue.s IL_006D: switch(IL_0076) pop <null> ldc.i4.0 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_0078: ret ret <null>
9f9ae2e42da1972c0bce08d01e826e43 (851.46 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙