Suspicious
Suspect

b0523714c94195118aa0add1c44a39e5

PE Executable
|
MD5: b0523714c94195118aa0add1c44a39e5
|
Size: 719.36 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
b0523714c94195118aa0add1c44a39e5
Sha1
52586470939669902c939efc37252b54e2bab769
Sha256
d70b075d8b89da01a7990219aa08a64cfc93c5b915ac3217fc26c412e4f11122
Sha384
5b75391e890e3a12a80f7d73b8238f76f70d73d84dcf20da8c366f172acb9c314b9afd514c5ebe2b44051bb57df8f5f4
Sha512
d8e53c9eef8f5dabed5b6c8db951254839baf9ba8a48f9f57cf7796b8bb63f47dc0e9436379854c9431a05bed8dc68a5d24f59d403006e2a3737d6c0a63111ea
SSDeep
12288:NeR8QpwhSdPVHxJ7FifaGN1kC/t2ralxu7UkHeZQq2CxVbMiNgvmjmn:Nk88whSdd37Ozk85lrZQqFxVb6b
TLSH
4BE412907299EA22EDAA0FF41536D6B547359E9DA021D34F45EDFCDBBE2235034A0383

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b0523714c94195118aa0add1c44a39e5
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SecureMode.Properties.Resources.resources
AxZH
vgx
Informations
Name
 Value
Module Name

RGft.exe
Full Name

RGft.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

RGft.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RGft
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

247
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

RGft.exe
Full Name

RGft.exe
EntryPoint

System.Void SecureMode.Program::Main()
Scope Name

RGft.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

RGft
Assembly Version

1.6.1908.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

247
Main Method

System.Void SecureMode.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SecureMode.ProfessionalForm53::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

1
Suspicious Type Names (1-2 chars)

0
b0523714c94195118aa0add1c44a39e5 (719.36 KB)
File Structure
b0523714c94195118aa0add1c44a39e5
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SecureMode.Properties.Resources.resources
AxZH
vgx
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

1

b0523714c94195118aa0add1c44a39e5
Suspicious Type Names (1-2 chars)

0

b0523714c94195118aa0add1c44a39e5
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙