Suspect
DHL_Draft_ Documents.cmd
PE Executable | MD5: a5738c608631921dc867e6e9c1a21b73 | Size: 1.42 MB | application/x-dosexec
PE Executable
MD5: a5738c608631921dc867e6e9c1a21b73
Size: 1.42 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | a5738c608631921dc867e6e9c1a21b73
|
| Sha1 | 6ec604ded410150e50a702d092fd7940da13ce47
|
| Sha256 | 94c2d49590ae927fc6e983517b1eab54ea02b25eef72683527b127eb7add7a91
|
| Sha384 | bf7167600abd62d7eb7bb68a148cc3491ce7162966c4a8ed26ff3e7db99f5da43e6b5bb575c62f746499d30d1a15b96c
|
| Sha512 | 5c434406096d2963046bbad8c32a7957dcc8c27ac52687a4cd05b7908ca3c16e5cbf816873dc87541a00995e1b6cc510afd67c7f00031f7172100f5d3cb72482
|
| SSDeep | 24576:ps40qLdQPgAPvVcJqze1hvMoHLEyqe/5Q2/FSJ8s0+Ir/TpwCEfNiCIulX:W403PlVW4eDkorEjayCPCIud
|
| TLSH | 0865E038EB3EE705D451BA74C429D6F21728FEC89909C31ABFD4BE9BB8355521726302
|
PeID
Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
DHL_Draft_ Documents.cmd
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
dicegame.ConverterView.resources
$this.Icon
[NBF]root.IconData
SIP
[NBF]root.Data
dicegame.Properties.Resources.resources
KYQL
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_beige
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_beigeplay
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_beigequit
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_blueROLL
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_brown
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_brownplay
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_brownquit
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_greyROLL
[NBF]root.Data
[NBF]root.Data-preview.png
dice_1
[NBF]root.Data
[NBF]root.Data-preview.png
dice_2
[NBF]root.Data
[NBF]root.Data-preview.png
dice_3
[NBF]root.Data
[NBF]root.Data-preview.png
dice_4
[NBF]root.Data
[NBF]root.Data-preview.png
dice_5
[NBF]root.Data
[NBF]root.Data-preview.png
dice_6
[NBF]root.Data
[NBF]root.Data-preview.png
dice_question
[NBF]root.Data
[NBF]root.Data-preview.png
mainmenu
[NBF]root.Data
[NBF]root.Data-preview.png
mainmenuhover
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: ? |
| Module Name | nUwt.exe |
| Full Name | nUwt.exe |
| EntryPoint | System.Void dicegame.Program::Main() |
| Scope Name | nUwt.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | nUwt |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 71 |
| Main Method | System.Void dicegame.Program::Main() |
| Main IL Instruction Count | 17 |
| Main IL | nop <null> newobj System.Void dicegame.ConverterView::.ctor() stloc.0 <null> ldloc.0 <null> ldc.i4.0 <null> callvirt System.Void System.Windows.Forms.Control::set_Visible(System.Boolean) nop <null> newobj System.Void dicegame.MedidasModel::.ctor() stloc.1 <null> ldloc.0 <null> ldloc.1 <null> newobj System.Void dicegame.MedidasController::.ctor(dicegame.IConverterView,dicegame.MedidasModel) stloc.2 <null> ldloc.0 <null> callvirt System.Windows.Forms.DialogResult System.Windows.Forms.Form::ShowDialog() pop <null> ret <null> |
DHL_Draft_ Documents.cmd (1.42 MB)
File Structure
DHL_Draft_ Documents.cmd
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
dicegame.ConverterView.resources
$this.Icon
[NBF]root.IconData
SIP
[NBF]root.Data
dicegame.Properties.Resources.resources
KYQL
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_beige
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_beigeplay
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_beigequit
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_blueROLL
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_brown
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_brownplay
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_brownquit
[NBF]root.Data
[NBF]root.Data-preview.png
buttonLong_greyROLL
[NBF]root.Data
[NBF]root.Data-preview.png
dice_1
[NBF]root.Data
[NBF]root.Data-preview.png
dice_2
[NBF]root.Data
[NBF]root.Data-preview.png
dice_3
[NBF]root.Data
[NBF]root.Data-preview.png
dice_4
[NBF]root.Data
[NBF]root.Data-preview.png
dice_5
[NBF]root.Data
[NBF]root.Data-preview.png
dice_6
[NBF]root.Data
[NBF]root.Data-preview.png
dice_question
[NBF]root.Data
[NBF]root.Data-preview.png
mainmenu
[NBF]root.Data
[NBF]root.Data-preview.png
mainmenuhover
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.