Suspicious
Suspect

aee4803f11bc0f523561fae84e2b1449

PE Executable
|
MD5: aee4803f11bc0f523561fae84e2b1449
|
Size: 1.09 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
aee4803f11bc0f523561fae84e2b1449
Sha1
c86648a79951efbfcd8074a79cde863cde0e4c6b
Sha256
172c3076e5d6bfe9089a1e092d1286e77337bc3680db32539e3a7bf69b7d0560
Sha384
0bcf91a6294ed4531c15fa1a647bc6d70760ff37cd0c6142b024d5f59a221f66ef6add43f53c2f4349938c62fe720bde
Sha512
889baedfdd11777e847e70cfb0edde2d18bf31ac8ef359ce718e92c8c2afb9714745e9f188fa2e4fc20906c6a9f3b259e37473478e5b4b8f7143754adc492eb0
SSDeep
24576:1VtPpRtMjSqkH62Q7KJ8FbG7kMsvgCxG/SJlYiLv+:17pR2SjqiVSG/
TLSH
A535122FBA537E12CC5C0E7BD123545882F58463E712F39A46CD28F51DBBB848D8A693

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
aee4803f11bc0f523561fae84e2b1449
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Upkfw.exe
Full Name

Upkfw.exe
EntryPoint

System.Void BatteryTools.Program::Main()
Scope Name

Upkfw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Upkfw
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void BatteryTools.Program::Main()
Main IL Instruction Count

25
Main IL

ldsfld System.Byte[] BatteryTools.Program::Ⴄ stloc.2 <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void BatteryTools.Form2::Ⴗ() ldc.i4 237 ldc.i4 174 call System.Void BatteryTools.Form3::Ⴅ(System.Int16,System.Char) ldc.i4.0 <null> ldc.i4 564 ldc.i4 636 call System.Void BatteryTools.Properties.Resources::Ⴗ(System.Boolean,System.Int16,System.Int16) ldloc.2 <null> ldc.i4 242 ldelem.u1 <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void BatteryTools.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void BatteryTools.Program::Main() pop <null> ret <null>
Module Name

Upkfw.exe
Full Name

Upkfw.exe
EntryPoint

System.Void BatteryTools.Program::Main()
Scope Name

Upkfw.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Upkfw
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

2
Main Method

System.Void BatteryTools.Program::Main()
Main IL Instruction Count

25
Main IL

ldsfld System.Byte[] BatteryTools.Program::Ⴄ stloc.2 <null> ldc.i4.1 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void BatteryTools.Form2::Ⴗ() ldc.i4 237 ldc.i4 174 call System.Void BatteryTools.Form3::Ⴅ(System.Int16,System.Char) ldc.i4.0 <null> ldc.i4 564 ldc.i4 636 call System.Void BatteryTools.Properties.Resources::Ⴗ(System.Boolean,System.Int16,System.Int16) ldloc.2 <null> ldc.i4 242 ldelem.u1 <null> stloc.1 <null> br.s IL_0008: ldloc.1 newobj System.Void BatteryTools.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void BatteryTools.Program::Main() pop <null> ret <null>
aee4803f11bc0f523561fae84e2b1449 (1.09 MB)
File Structure
aee4803f11bc0f523561fae84e2b1449
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙