General
Structural Analysis
Config.0
Yara Rules13
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | bb33d08592e4282baa15a38cd90e03ac
|
| Sha1 | fba225fe6aa2d624f91f03b878c0dba0f80b5704
|
| Sha256 | a9748173bb602313b8b1fc6eb71d4036ad98ba25c19b360326dd74cfd71c6522
|
| Sha384 | 5c147b6e13af675becab274669223d9b8b322db6ba8f1ebd1efb8a99d85fd9f86ef07d6c3bf0bedc4509ce2583e5b6df
|
| Sha512 | d4ce412d60f5e7cef1779c086221cd8c59dcc92ba558ebe86e48a11b5ab2a41e578ce0a0ad0088ad59a7e8934120883343b59e6cd3005b02146e2f0fca57277d
|
| SSDeep | 24576:d7/l46FaRzjOPckzBsqn5L1P/KLrfV2Q:dbHacU05L1P/K/9n
|
| TLSH | 833501582299DA42D9A24FF41972E3F06B746ECDE460D347CFDEADEB34687801848387
|
PeID
UPolyX 0.3 -> delikon
File Structure
bb33d08592e4282baa15a38cd90e03ac
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
FontManager.Form1.resources
FontManager.Properties.Resources.resources
Ksowo
[NBF]root.Data
[NBF]root.Data-preview.png
LAN
[NBF]root.Data
WAN
[NBF]root.Data
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: YHZls.pdb |
| Module Name | YHZls.exe |
| Full Name | YHZls.exe |
| EntryPoint | System.Void FontManager.Program::Main() |
| Scope Name | YHZls.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | YHZls |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 358 |
| Main Method | System.Void FontManager.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void FontManager.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
bb33d08592e4282baa15a38cd90e03ac (1.09 MB)
File Structure
bb33d08592e4282baa15a38cd90e03ac
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
FontManager.Form1.resources
FontManager.Properties.Resources.resources
Ksowo
[NBF]root.Data
[NBF]root.Data-preview.png
LAN
[NBF]root.Data
WAN
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.