Suspicious
Suspect

a2f3885677821fc71f172657409c77a4

PE Executable
|
MD5: a2f3885677821fc71f172657409c77a4
|
Size: 1.65 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
a2f3885677821fc71f172657409c77a4
Sha1
6c64e8d554e7ea36870592c1555a32cb8249508c
Sha256
630fee17afddacbf766f51459603dd9e8a401c538fd8333e1be72fbf6f1a06ae
Sha384
1d3e6d48996bf2b28f8d39d01e2d2c9b83b8199df1bcc74e3dab11d3c12fdd73aa644ae75f45daefbbbca9c6ad247757
Sha512
c83ed3d086433e9fce43b47a3885d785b80c0344f3626336d4e81ac69d279911f4e6aec7bef93e8078f02aea1fe14597b90b441e5be4526916d66d077194c7e8
SSDeep
49152:GM0wOz7AJn7zk+qLkLGAVmlCa4bZQSY1z/Ddm57d:G/RhpUmcRZQSYzm57
TLSH
5475336897690F2ED46D0DFEBBF1A04594F8C287F783E346D884A460568736C1B923E7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a2f3885677821fc71f172657409c77a4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
kupb
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

ORDER CONFIRMATION PO 0099388278443252.exe
Full Name

ORDER CONFIRMATION PO 0099388278443252.exe
EntryPoint

System.Void Qgyxstljfgk.Pfegqc::Main()
Scope Name

ORDER CONFIRMATION PO 0099388278443252.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ORDER CONFIRMATION PO 0099388278443252
Assembly Version

1.0.199.24796
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Qgyxstljfgk.Pfegqc::Main()
Main IL Instruction Count

5
Main IL

newobj System.Void a::.ctor() call System.Byte[] a::a() call System.Byte[] b::a(System.Byte[]) call System.Void c::a(System.Byte[]) ret <null>
Module Name

ORDER CONFIRMATION PO 0099388278443252.exe
Full Name

ORDER CONFIRMATION PO 0099388278443252.exe
EntryPoint

System.Void Qgyxstljfgk.Pfegqc::Main()
Scope Name

ORDER CONFIRMATION PO 0099388278443252.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ORDER CONFIRMATION PO 0099388278443252
Assembly Version

1.0.199.24796
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

11
Main Method

System.Void Qgyxstljfgk.Pfegqc::Main()
Main IL Instruction Count

5
Main IL

newobj System.Void a::.ctor() call System.Byte[] a::a() call System.Byte[] b::a(System.Byte[]) call System.Void c::a(System.Byte[]) ret <null>
a2f3885677821fc71f172657409c77a4 (1.65 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙