Suspect
ba9923d1bd3add85ca9e198e788f0316
PE Executable | MD5: ba9923d1bd3add85ca9e198e788f0316 | Size: 760.83 KB | application/x-dosexec
PE Executable
MD5: ba9923d1bd3add85ca9e198e788f0316
Size: 760.83 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | ba9923d1bd3add85ca9e198e788f0316
|
| Sha1 | 16fa558b4304226472d71095736ec43c1aabc7d1
|
| Sha256 | 93bba3622d1594eb97ea253dbee9a1d5c495871b73410bccd6c41d7969d3b8a2
|
| Sha384 | 300cdd6909e6f2b7ade3e118017c0869a3894f69861ec3a479f8a163cd7cb54b1d7c7d0f00e561a6eb675d7caf4a090d
|
| Sha512 | f2641cb47df19dfd4a874c67fbfa3a2cd236d79dcc1bfbc08e7d052b85a3ec69f57244740a81690b8c66e3d4cd4f8482b5113a3fca1ae3102d82d4e7929c6e29
|
| SSDeep | 12288:og2GIOJaqojL4efJnQ8pAON4qYI6u2kg6jU40HTsEXMGPg41CbAWDaLa4khPIRFD:o7GInqGJnQ2Ac4qR2kvjJCTcSgwGATkt
|
| TLSH | AFF41255212AD93AC49D07B89991D2F807789E89BA13E70B8BD5BDDB7D337C20A0C1D3
|
File Structure
ba9923d1bd3add85ca9e198e788f0316
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SingleQueue.SingleQueue.resources
$this.Icon
[NBF]root.IconData
crc
[NBF]root.Data
Vip.CustomForm.Properties.Resources.resources
oPVO
[NBF]root.Data
[NBF]root.Data-preview.png
Vip.CustomForm.Images.SystemButtons.bmp
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\Users\Administrator\Desktop\Client\Temp\gGSQmzIrij\src\obj\Debug\KOqr.pdb |
| Module Name | KOqr.exe |
| Full Name | KOqr.exe |
| EntryPoint | System.Void SingleQueue.Program::Main() |
| Scope Name | KOqr.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | KOqr |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 104 |
| Main Method | System.Void SingleQueue.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void SingleQueue.SingleQueue::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
ba9923d1bd3add85ca9e198e788f0316 (760.83 KB)
File Structure
ba9923d1bd3add85ca9e198e788f0316
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
SingleQueue.SingleQueue.resources
$this.Icon
[NBF]root.IconData
crc
[NBF]root.Data
Vip.CustomForm.Properties.Resources.resources
oPVO
[NBF]root.Data
[NBF]root.Data-preview.png
Vip.CustomForm.Images.SystemButtons.bmp
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.