Suspicious
Suspect

be0930fc1d862072effdd01493361fb5

PE Executable
|
MD5: be0930fc1d862072effdd01493361fb5
|
Size: 1.59 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
Hash Value
MD5
be0930fc1d862072effdd01493361fb5
Sha1
e421261bf9c56bc5390d1f1b5be10f4fa53ba34c
Sha256
e37c838dc5eaa1b302ffbd8721c6a5f52a068e8f78bbec63b19b950462fe6cf8
Sha384
5d1584e518b4448d55d8128322a222c1dd1c7006a7ba39fc0359d93a29e726233c8d39ebe8b2e2780be181807c8b6b31
Sha512
d8bd286ed9d9f079eba953e56d7e0d69a5e1bee40bcfbdab832e85920d0fbfa31ee4448905b2c5064bd4452880a1c7b250e3a33ee6a2d336f8d663838c1de110
SSDeep
49152:xORW7rRaIcKdnFVb4C/mxjcNDJwF3ZQQuWQc:xn79hFFlHexjWFwF36/W
TLSH
D6751254669FC913C1A85B7284E1E63017F09E4EA023D25B6EDE2EE77E537A71E80343

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
kZZhV.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
MindPalace.Properties.Resources.resources
uZoEm
[NBF]root.Data
[NBF]root.Data-preview.png
Clear
[NBF]root.Data
werwre
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Info

PDB Path: kZZhV.pdb

Module Name

kZZhV.exe

Full Name

kZZhV.exe

EntryPoint

System.Void DCP.MCT::GCW()

Scope Name

kZZhV.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

kZZhV

Assembly Version

1.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.0

Total Strings

210

Main Method

System.Void DCP.MCT::GCW()

Main IL Instruction Count

50

Main IL

br IL_009A: nop nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) br IL_00A7: call System.Void j9V.S9y::Jg4() nop <null> nop <null> call System.String H7f.h75::jC7() call H7f.h75 H7f.h75::n7v(System.String) call System.Void DCP.MCT::XCj(H7f.h75) br IL_0033: nop ldloc.s V_0 brfalse IL_005D: nop br IL_004D: call H7f.h75 H7f.h75::g74() nop <null> call H7f.h75 DCP.MCT::wCm() callvirt System.Collections.Generic.List`1<SSF.sSE> H7f.h75::P7q() callvirt System.Int32 System.Collections.Generic.List`1<SSF.sSE>::get_Count() ldc.i4.0 <null> ceq <null> stloc.s V_0 br IL_0027: ldloc.s V_0 call H7f.h75 H7f.h75::g74() call System.Void DCP.MCT::XCj(H7f.h75) br IL_005C: nop nop <null> nop <null> leave IL_0085: newobj System.Void eCk.yCZ::.ctor() pop <null> br IL_0069: nop nop <null> call H7f.h75 H7f.h75::g74() call System.Void DCP.MCT::XCj(H7f.h75) br IL_0079: nop nop <null> nop <null> leave IL_0085: newobj System.Void eCk.yCZ::.ctor() br IL_0085: newobj System.Void eCk.yCZ::.ctor() newobj System.Void eCk.yCZ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) br IL_00A5: nop nop <null> br IL_0011: nop nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() br IL_0005: nop nop <null> ret <null> call System.Void j9V.S9y::Jg4() br IL_0094: nop

Module Name

kZZhV.exe

Full Name

kZZhV.exe

EntryPoint

System.Void DCP.MCT::GCW()

Scope Name

kZZhV.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

kZZhV

Assembly Version

1.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.0

Total Strings

210

Main Method

System.Void DCP.MCT::GCW()

Main IL Instruction Count

50

Main IL

br IL_009A: nop nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) br IL_00A7: call System.Void j9V.S9y::Jg4() nop <null> nop <null> call System.String H7f.h75::jC7() call H7f.h75 H7f.h75::n7v(System.String) call System.Void DCP.MCT::XCj(H7f.h75) br IL_0033: nop ldloc.s V_0 brfalse IL_005D: nop br IL_004D: call H7f.h75 H7f.h75::g74() nop <null> call H7f.h75 DCP.MCT::wCm() callvirt System.Collections.Generic.List`1<SSF.sSE> H7f.h75::P7q() callvirt System.Int32 System.Collections.Generic.List`1<SSF.sSE>::get_Count() ldc.i4.0 <null> ceq <null> stloc.s V_0 br IL_0027: ldloc.s V_0 call H7f.h75 H7f.h75::g74() call System.Void DCP.MCT::XCj(H7f.h75) br IL_005C: nop nop <null> nop <null> leave IL_0085: newobj System.Void eCk.yCZ::.ctor() pop <null> br IL_0069: nop nop <null> call H7f.h75 H7f.h75::g74() call System.Void DCP.MCT::XCj(H7f.h75) br IL_0079: nop nop <null> nop <null> leave IL_0085: newobj System.Void eCk.yCZ::.ctor() br IL_0085: newobj System.Void eCk.yCZ::.ctor() newobj System.Void eCk.yCZ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) br IL_00A5: nop nop <null> br IL_0011: nop nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() br IL_0005: nop nop <null> ret <null> call System.Void j9V.S9y::Jg4() br IL_0094: nop

be0930fc1d862072effdd01493361fb5 (1.59 MB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
kZZhV.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
MindPalace.Properties.Resources.resources
uZoEm
[NBF]root.Data
[NBF]root.Data-preview.png
Clear
[NBF]root.Data
werwre
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙