Suspicious
Suspect

a1098219f0aafd6015f28b3ba333149c

PE Executable
|
MD5: a1098219f0aafd6015f28b3ba333149c
|
Size: 15.87 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
a1098219f0aafd6015f28b3ba333149c
Sha1
a451fc8e1baa3fcf030dac44f14a2e7323052b0e
Sha256
39f6a1e340dbbcbb6285126eea7d2f083aec11a72f5bf7f82922abdfc556ea64
Sha384
761bbcc419d79c534b5adef19c045e22ecf279c9d798ad75de041a51458f685e42b7a0fee11a4e619d8b1c7dfff89786
Sha512
90b59057a5b033b7112c16a29d14fb5014c16935f0dd9be9a0eb6d9ef234436da29f51b1498579b5013e7b4b692bc008b148325f9c15fc3b1fd50c7a2a66e9bf
SSDeep
384:EqSDzqfHGgAYkyk4hdR9VZwFj3hxY4Ww:EqSSfBAYXh/9cp
TLSH
F862060077F84754E1BF8B7969F3021506B4F9669826FB9D3CC9125E1CA2788CE61F72

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a1098219f0aafd6015f28b3ba333149c
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

FleetAgent_MemoryOnly.exe
Full Name

FleetAgent_MemoryOnly.exe
EntryPoint

System.Void WindowsService.Program::Main(System.String[])
Scope Name

FleetAgent_MemoryOnly.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

FleetAgent_MemoryOnly
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

145
Main Method

System.Void WindowsService.Program::Main(System.String[])
Main IL Instruction Count

29
Main IL

call System.IntPtr WindowsService.Program::GetConsoleWindow() stloc.0 <null> ldloc.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_001B: leave.s IL_0020 ldloc.0 <null> ldc.i4.0 <null> call System.Boolean WindowsService.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() call System.String WindowsService.Program::GenId() stsfld System.String WindowsService.Program::_mid call System.String System.Environment::get_MachineName() stsfld System.String WindowsService.Program::_host br.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run call System.Void WindowsService.Program::Loop() leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run pop <null> leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run ldsfld System.Boolean WindowsService.Program::_run brfalse.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.Boolean WindowsService.Program::_run brtrue.s IL_0036: call System.Void WindowsService.Program::Loop() ret <null>
Module Name

FleetAgent_MemoryOnly.exe
Full Name

FleetAgent_MemoryOnly.exe
EntryPoint

System.Void WindowsService.Program::Main(System.String[])
Scope Name

FleetAgent_MemoryOnly.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

FleetAgent_MemoryOnly
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

145
Main Method

System.Void WindowsService.Program::Main(System.String[])
Main IL Instruction Count

29
Main IL

call System.IntPtr WindowsService.Program::GetConsoleWindow() stloc.0 <null> ldloc.0 <null> ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_001B: leave.s IL_0020 ldloc.0 <null> ldc.i4.0 <null> call System.Boolean WindowsService.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() pop <null> leave.s IL_0020: call System.String WindowsService.Program::GenId() call System.String WindowsService.Program::GenId() stsfld System.String WindowsService.Program::_mid call System.String System.Environment::get_MachineName() stsfld System.String WindowsService.Program::_host br.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run call System.Void WindowsService.Program::Loop() leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run pop <null> leave.s IL_0040: ldsfld System.Boolean WindowsService.Program::_run ldsfld System.Boolean WindowsService.Program::_run brfalse.s IL_0051: ldsfld System.Boolean WindowsService.Program::_run ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.Boolean WindowsService.Program::_run brtrue.s IL_0036: call System.Void WindowsService.Program::Loop() ret <null>
a1098219f0aafd6015f28b3ba333149c (15.87 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙