Suspicious
Suspect

bb1d3346dc40e0f93bc20d47cc45249a

PE Executable
|
MD5: bb1d3346dc40e0f93bc20d47cc45249a
|
Size: 207.36 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
bb1d3346dc40e0f93bc20d47cc45249a
Sha1
2d3c7dbeb7bae49475df29cfa1d94a975072439c
Sha256
0a326c130fb55d6f158b793d4c1373aac4c5280bcd9d57f97d10ff7c4d2bd3c7
Sha384
801fa1953bd25614ee7b937d84ec7c7c9b5f90e5a7512231ad7ea88e5994c809cf9366fc425596e72ed9e12a7c190090
Sha512
c8e9a433d5dae96ddbbc0af62c61ac9bb90ccaccecba51e3d580a100d3fffd4d81c7c6efddb2851181845b901d82b336f7534de2190363f1d30cbe2d93fb3354
SSDeep
6144:gLV6Bta6dtJmakIM532bTnvHbLOupQe4li2+f:gLV6BtpmkWizzLVpEs2+f
TLSH
ED14CF167BA84A2FD2CE8678741202138379C2E399C3F7EE6CE455B75B527E5060B1E3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
bb1d3346dc40e0f93bc20d47cc45249a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
bb1d3346dc40e0f93bc20d47cc45249a (207.36 KB)
File Structure
bb1d3346dc40e0f93bc20d47cc45249a
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙