Suspicious
Suspect

bfef0d5d754bd786b84a29912226b0ef

PE Executable
|
MD5: bfef0d5d754bd786b84a29912226b0ef
|
Size: 857.1 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
bfef0d5d754bd786b84a29912226b0ef
Sha1
33b6596796fe7dd1141eedb1749e33d3186dd63b
Sha256
77d8ed5b84c1ad1ed17f1f51b6bca57ee8a76e1279f9e5385b269d95bf81b400
Sha384
de40ffa6cfe4e8bc9e7aa708a9544a1eaef041cfb1374dd2320448dae9af11d1eb85d832ecef74f5ec4f3d41bd8b69bd
Sha512
3dd38e83fc0e0a373b0fc12cf679820144383195b0f0b38ef992c4f4713edbe6a7cf243194fd480301253a940e8b276338001872c74e85d55e20e07a63f0c380
SSDeep
12288:q+k/RazFCUi0SDdEMaMNzVoSw5Qy+vyYJ37YV1hOsSnhlT9O4LWT9hjHZikR:lFrS5/NVoT55mR7K1d+LMeWT9h3
TLSH
4B05011DBB29EB15CE0C0FBBD513460881F29557EA75F6BB09D9ECE61E6AB00844F903

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
bfef0d5d754bd786b84a29912226b0ef
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xCDE00 size 13832 bytes
Module Name

ksWIj.exe
Full Name

ksWIj.exe
EntryPoint

System.Void DiskAnalyzer.Program::Main()
Scope Name

ksWIj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ksWIj
Assembly Version

1.0.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void DiskAnalyzer.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.0 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void DiskAnalyzer.FormStatistiques::Ⴓ() ldc.i4.s 116 ldc.i4.s 50 call System.Void DiskAnalyzer.FormGrandsFichiers::Ⴃ(System.Int32,System.Int16) ldc.i4.0 <null> ldc.i4 370 ldc.i4 381 call System.Void DiskAnalyzer.Component1::Ⴈ(System.Boolean,System.Int16,System.Int16) ldc.i4.4 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void DiskAnalyzer.FormPrincipal::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void DiskAnalyzer.Program::Main() pop <null> ret <null>
Module Name

ksWIj.exe
Full Name

ksWIj.exe
EntryPoint

System.Void DiskAnalyzer.Program::Main()
Scope Name

ksWIj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ksWIj
Assembly Version

1.0.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

2
Main Method

System.Void DiskAnalyzer.Program::Main()
Main IL Instruction Count

21
Main IL

ldc.i4.0 <null> stloc.1 <null> ldloc.1 <null> switch dnlib.DotNet.Emit.Instruction[] call System.Void DiskAnalyzer.FormStatistiques::Ⴓ() ldc.i4.s 116 ldc.i4.s 50 call System.Void DiskAnalyzer.FormGrandsFichiers::Ⴃ(System.Int32,System.Int16) ldc.i4.0 <null> ldc.i4 370 ldc.i4 381 call System.Void DiskAnalyzer.Component1::Ⴈ(System.Boolean,System.Int16,System.Int16) ldc.i4.4 <null> stloc.1 <null> br.s IL_0002: ldloc.1 newobj System.Void DiskAnalyzer.FormPrincipal::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> ldtoken System.Void DiskAnalyzer.Program::Main() pop <null> ret <null>
bfef0d5d754bd786b84a29912226b0ef (857.1 KB)
File Structure
bfef0d5d754bd786b84a29912226b0ef
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙