Suspicious
Suspect

c15da4a18ba2b29bd8b44b8218ff1105

PE Executable
|
MD5: c15da4a18ba2b29bd8b44b8218ff1105
|
Size: 818.18 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
c15da4a18ba2b29bd8b44b8218ff1105
Sha1
34843f633104ad7606d98662069db85e16f98549
Sha256
f5258640cfc9d241ecee954610e417cd8f07aedd020cc39d1c23e03fbf87379a
Sha384
59113c9271ab4b04ffad0807bfd20238f04126c83e2d71968a50fbb8b69ea50f972efbaf928f8bc8114cea07de27a50f
Sha512
4c29e21475ea675b6d4acc9fd5d3b90412842a66abc295400f10ce35966d6f549c170570f08b7f2e4b0a595831c5219567ddc7a925164d464b6080b345a85013
SSDeep
12288:KnxP0hlNO0gKcTOlI38rFjSO9L9Ej6laPaoGfD1DRWo2OcBnv3mqEffzMixYKIvS:TNgK1lI38t9xE7i1f3Wo23p/mz
TLSH
BC05D0AC7250B59FC457D9328AA4EC70A6247CBA931BC20790D71EAFBD0D997CF141B2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c15da4a18ba2b29bd8b44b8218ff1105
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ModularCalculator.Forms.MainForm.resources
ModularCalculator.Properties.Resources.resources
Abstimmung
[NBF]root.Data
[NBF]root.Data-preview.png
Bukkit_Logo
[NBF]root.Data
[NBF]root.Data-preview.png
IDeZ
[NBF]root.Data
[NBF]root.Data-preview.png
Linux_Figur
[NBF]root.Data
[NBF]root.Data-preview.png
Moon
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

gmgB.exe
Full Name

gmgB.exe
EntryPoint

System.Void ModularCalculator.Program::Main()
Scope Name

gmgB.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gmgB
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

175
Main Method

System.Void ModularCalculator.Program::Main()
Main IL Instruction Count

25
Main IL

nop <null> call System.Void ModularCalculator.Program::‫‎‭‭‍‌‍‏‭‮‎‌‪‌‏​​‭​‏‍‏‮‏​‏‪‮‮() ldc.i4 218903548 ldc.i4 869276277 xor <null> dup <null> stloc.0 <null> ldc.i4.3 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_003E: nop nop <null> ldc.i4.0 <null> call System.Void ModularCalculator.Program::‏‪‭‌‫‫​‪‬​‍‮‪‏‭‌‍‭‫‭‎‎‌‮(System.Boolean) ldloc.0 <null> ldc.i4 1084867013 mul <null> ldc.i4 284522477 xor <null> br.s IL_000B: ldc.i4 869276277 nop <null> newobj System.Void ModularCalculator.Forms.MainForm::.ctor() call System.Void ModularCalculator.Program::‏‫‪‭​‏‪‍‪‭‏‌​‌‭‭‌‌‫‪‭​‎‮‍‮(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

gmgB.exe
Full Name

gmgB.exe
EntryPoint

System.Void ModularCalculator.Program::Main()
Scope Name

gmgB.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gmgB
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

175
Main Method

System.Void ModularCalculator.Program::Main()
Main IL Instruction Count

25
Main IL

nop <null> call System.Void ModularCalculator.Program::‫‎‭‭‍‌‍‏‭‮‎‌‪‌‏​​‭​‏‍‏‮‏​‏‪‮‮() ldc.i4 218903548 ldc.i4 869276277 xor <null> dup <null> stloc.0 <null> ldc.i4.3 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_003E: nop nop <null> ldc.i4.0 <null> call System.Void ModularCalculator.Program::‏‪‭‌‫‫​‪‬​‍‮‪‏‭‌‍‭‫‭‎‎‌‮(System.Boolean) ldloc.0 <null> ldc.i4 1084867013 mul <null> ldc.i4 284522477 xor <null> br.s IL_000B: ldc.i4 869276277 nop <null> newobj System.Void ModularCalculator.Forms.MainForm::.ctor() call System.Void ModularCalculator.Program::‏‫‪‭​‏‪‍‪‭‏‌​‌‭‭‌‌‫‪‭​‎‮‍‮(System.Windows.Forms.Form) nop <null> ret <null>
c15da4a18ba2b29bd8b44b8218ff1105 (818.18 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙