Suspicious
Suspect

a1ad4efa07cbdfba5413c12516e2f78f

PE Executable
|
MD5: a1ad4efa07cbdfba5413c12516e2f78f
|
Size: 527.87 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
a1ad4efa07cbdfba5413c12516e2f78f
Sha1
9b0038b03bd8a3606f846b5db33b31c7a4805ccd
Sha256
7553b95daaa8bf122add4c34e160f80ad4438680185b820788b31cba9a66379d
Sha384
a7281ae65da108657a9fc23aecba44f6dd9f52415a418c699dd4d5820c26050413f509b5c463d1b579ab080a2687bb2d
Sha512
5d32c1c1b2f78fc4c55224137f80820bffaff0b8cf49cc9c7d9b54a4c02a79f6b71094beb015e58df10077e45c756ef9527a527e7e730dc817e12b3e2a8aa94f
SSDeep
12288:oaxVbMiNgvmjm5ZUGDcaxOB1AtgSslTOho0wzWOMZGwmWRtux/Ipn+Cs8b9z9s8:oaxVb6lGrZBq6jlTosoA3W/uxApx/5pV
TLSH
3AB401403AE5DA12EDE507F02935D6B203B5AEDDA021C34B48EEFCDBB96674134A53D2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a1ad4efa07cbdfba5413c12516e2f78f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SecureMode.Properties.Resources.resources
vgx
xZEG
Informations
Name
 Value
Module Name

GeQi.exe
Full Name

GeQi.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

GeQi.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GeQi
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

247
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

GeQi.exe
Full Name

GeQi.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

GeQi.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

GeQi
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

247
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

0
a1ad4efa07cbdfba5413c12516e2f78f (527.87 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙