Suspicious
Suspect

be11fc4c470483bff5394b377067f278

PE Executable
|
MD5: be11fc4c470483bff5394b377067f278
|
Size: 583.68 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
be11fc4c470483bff5394b377067f278
Sha1
d8da6be8943c030ea5fadd42dd12ffb2d4463eb4
Sha256
26daaa0d086c4ef2f8da2970ffcb9a5a7f7a83d9d9214fa9b8480058e55c7863
Sha384
b9015680711f3ff24d58a5b85068c4db0ce9ac382960e360301bec7118b0e56118884386422265959e7cd7097a4df6f6
Sha512
48bf966d3f62ff1042a96059d3a28de367c7cf4e30c83371f33d386d45c9fbc44189b66264f49257eefbb27330db92beda9e8c3e34c6854ddd4f112f025cb03a
SSDeep
12288:UGbFK4WEC7Zp5V1aYyVx7uLCW5yq7+FykUpXmM/dPD7pT4A78g4aJ:UGbFK4w1V1aYyV4CWhxpTPxTHfJ
TLSH
78C4124526EECE07D4AB2BB01D71C17053B5DE9AE922D90A8FD62CDB75BBB904E40703

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
be11fc4c470483bff5394b377067f278
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
OSVersionDisplay.Forms.MainForm.resources
OSVersionDisplay.Properties.Resources.resources
Mars
[NBF]root.Data
hkND
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: ImYk.pdb
Module Name

ImYk.exe
Full Name

ImYk.exe
EntryPoint

System.Void OSVersionDisplay.Program::Main()
Scope Name

ImYk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ImYk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

302
Main Method

System.Void OSVersionDisplay.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void OSVersionDisplay.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

ImYk.exe
Full Name

ImYk.exe
EntryPoint

System.Void OSVersionDisplay.Program::Main()
Scope Name

ImYk.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ImYk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

302
Main Method

System.Void OSVersionDisplay.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void OSVersionDisplay.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
be11fc4c470483bff5394b377067f278 (583.68 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙