Suspicious
Suspect

PO-24110015.pif

PE Executable
|
MD5: a1e2868429952443cd3724bb50c935fe
|
Size: 801.29 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a1e2868429952443cd3724bb50c935fe
Sha1
137633008ba28e911a3c6df827261e892a685484
Sha256
e308d1f65a8176b053bf9d3b22db9f7b5b2da73b49ec4271b2237b7728bf9592
Sha384
a6098a627f57ddb1d7b2585029df5db69fa0799ca86bdcdc273178a927cb31056bd0e3b66b26d632a7b9eb690f9277c8
Sha512
699dfeeb61bf36aaaf9815a1d651d4cec235eae90efe8f12c4472b7d94bb379b72010d970420bdb6a85e8503b1ac9b992b36f83c4169fbb635e25cf2e3821ea0
SSDeep
12288:qnd3mqm3LuRuIjxqTTpx9q5IAeVM/ltn5vwyM45Y8ypxx1PA/C5JDFUGuMg0IsEV:2mrAxqfnaIAeVM7n5vWgY/pRPA2DFULd
TLSH
CA05DF9C3250B19FC453DA3299A4EC74EA247CBAA717C20791D71DAFBA4D993CF101E2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
PO-24110015.pif
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ModularCalculator.Forms.MainForm.resources
ModularCalculator.Properties.Resources.resources
Abstimmung
[NBF]root.Data
[NBF]root.Data-preview.png
Bukkit_Logo
[NBF]root.Data
[NBF]root.Data-preview.png
Linux_Figur
[NBF]root.Data
[NBF]root.Data-preview.png
Moon
[NBF]root.Data
xtOV
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xC0400 size 13832 bytes
Module Name

ErTQ.exe
Full Name

ErTQ.exe
EntryPoint

System.Void ModularCalculator.Program::Main()
Scope Name

ErTQ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ErTQ
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

175
Main Method

System.Void ModularCalculator.Program::Main()
Main IL Instruction Count

37
Main IL

nop <null> ldc.i4 -820373730 ldc.i4 -1563082210 xor <null> dup <null> stloc.0 <null> ldc.i4.5 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_006F: nop newobj System.Void ModularCalculator.Forms.MainForm::.ctor() call System.Void ModularCalculator.Program::​‏‏‬​‬‍‍‎‫‪‎‭‬‬‫‮‭‭‪‮​‌‪‌‍‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 -657201524 mul <null> ldc.i4 1448309437 xor <null> br.s IL_0006: ldc.i4 -1563082210 ldc.i4.0 <null> call System.Void ModularCalculator.Program::‭‬‬‬‪‫‪‎‏‫‬‎‮‍‌‍‫‎‬‎‌‮‬‎‍‌‮(System.Boolean) nop <null> ldloc.0 <null> ldc.i4 116829208 mul <null> ldc.i4 1914709145 xor <null> br.s IL_0006: ldc.i4 -1563082210 call System.Void ModularCalculator.Program::‭‫​‍‪‎​‏‮​‫‍‬‭‏‮‫‬‪‪‏‬‭‫‌‪‮() nop <null> ldloc.0 <null> ldc.i4 514408490 mul <null> ldc.i4 1759266518 xor <null> br.s IL_0006: ldc.i4 -1563082210 nop <null> ret <null>
Module Name

ErTQ.exe
Full Name

ErTQ.exe
EntryPoint

System.Void ModularCalculator.Program::Main()
Scope Name

ErTQ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ErTQ
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

175
Main Method

System.Void ModularCalculator.Program::Main()
Main IL Instruction Count

37
Main IL

nop <null> ldc.i4 -820373730 ldc.i4 -1563082210 xor <null> dup <null> stloc.0 <null> ldc.i4.5 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_006F: nop newobj System.Void ModularCalculator.Forms.MainForm::.ctor() call System.Void ModularCalculator.Program::​‏‏‬​‬‍‍‎‫‪‎‭‬‬‫‮‭‭‪‮​‌‪‌‍‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 -657201524 mul <null> ldc.i4 1448309437 xor <null> br.s IL_0006: ldc.i4 -1563082210 ldc.i4.0 <null> call System.Void ModularCalculator.Program::‭‬‬‬‪‫‪‎‏‫‬‎‮‍‌‍‫‎‬‎‌‮‬‎‍‌‮(System.Boolean) nop <null> ldloc.0 <null> ldc.i4 116829208 mul <null> ldc.i4 1914709145 xor <null> br.s IL_0006: ldc.i4 -1563082210 call System.Void ModularCalculator.Program::‭‫​‍‪‎​‏‮​‫‍‬‭‏‮‫‬‪‪‏‬‭‫‌‪‮() nop <null> ldloc.0 <null> ldc.i4 514408490 mul <null> ldc.i4 1759266518 xor <null> br.s IL_0006: ldc.i4 -1563082210 nop <null> ret <null>
PO-24110015.pif (801.29 KB)
File Structure
PO-24110015.pif
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ModularCalculator.Forms.MainForm.resources
ModularCalculator.Properties.Resources.resources
Abstimmung
[NBF]root.Data
[NBF]root.Data-preview.png
Bukkit_Logo
[NBF]root.Data
[NBF]root.Data-preview.png
Linux_Figur
[NBF]root.Data
[NBF]root.Data-preview.png
Moon
[NBF]root.Data
xtOV
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙