Suspicious
Suspect

a87e2bd3c336cd418a2d082a3209c5aa

PE Executable
|
MD5: a87e2bd3c336cd418a2d082a3209c5aa
|
Size: 1.15 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
a87e2bd3c336cd418a2d082a3209c5aa
Sha1
9b6092a918809e42eb12a890076e6c58c64f3200
Sha256
8c74e843dc4024992e37e7214ad134479e60e8b89f330acd2b79552c3ba556fe
Sha384
53a2ba67eb02ef157a6026a942f040d957b0fdae5e30fe3c13d17b80fdd6e697efd035c334847ab1b529e5ea013c751e
Sha512
30ac7330e41fae74c969242d00eaac52790468f5c0e8dd31f4b18ef7b6c69e2c53aea5364631eae33b3a342b5e4e548fe3cd4c88835a2c2904722a9046d602f3
SSDeep
12288:c1wu3d+CJOBd88257wOlg9cEqlC3nDU31rRuWaInS4ewNCpIjWpt8QtkPDODH6bH:IBJfpeOlq88wsV8Cxt7DDH6bYjoj
TLSH
78358E9E66068A89FD80DBB8CE73ABD01A54E6A71861130BF3D8667DD43F7B41D80713

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a87e2bd3c336cd418a2d082a3209c5aa
[Authenticode]_af40dfd5.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Mkbuodnjkcr.Properties.Resources.resources
Qunndsndkcb
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x114000 size 18872 bytes
Module Name

Gqscrhrposl.exe
Full Name

Gqscrhrposl.exe
EntryPoint

System.Void Gqscrhrposl.Parsing.LocalParser::ParseScalableParser()
Scope Name

Gqscrhrposl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gqscrhrposl
Assembly Version

1.0.1950.25351
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

12
Main Method

System.Void Gqscrhrposl.Parsing.LocalParser::ParseScalableParser()
Main IL Instruction Count

3
Main IL

newobj System.Void Mkbuodnjkcr.Registry.RegTree::.ctor() pop <null> ret <null>
Module Name

Gqscrhrposl.exe
Full Name

Gqscrhrposl.exe
EntryPoint

System.Void Gqscrhrposl.Parsing.LocalParser::ParseScalableParser()
Scope Name

Gqscrhrposl.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Gqscrhrposl
Assembly Version

1.0.1950.25351
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

12
Main Method

System.Void Gqscrhrposl.Parsing.LocalParser::ParseScalableParser()
Main IL Instruction Count

3
Main IL

newobj System.Void Mkbuodnjkcr.Registry.RegTree::.ctor() pop <null> ret <null>
a87e2bd3c336cd418a2d082a3209c5aa (1.15 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙