Suspicious
Suspect

c6ab9f46783de1c7069c23d0e4c029a4

PE Executable
|
MD5: c6ab9f46783de1c7069c23d0e4c029a4
|
Size: 3.29 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
c6ab9f46783de1c7069c23d0e4c029a4
Sha1
ba41763f6288cda9e0c16791e2d54148f4cf8632
Sha256
7eacb8f767c39fcdb30818d01a825e13f3908fa5d782e5d45a4b26d903dd0891
Sha384
8dbe39a3fd88c16a406187f4b1fe61d6f6f07130766cd819bc0684bd2b602c857229065305dfa76801ad37e41bc0fb12
Sha512
43ca915c7920f232b27f6e9b545430b110cb36e0873890f16a5beb543912895d863832ec95b1732c84837653d1b83c3d9bf4aa46ebc08fcde50728a6bc638729
SSDeep
49152:avOe821/aQWl8P0lSk3aKA3Z+nXhN84mz8OoGd39THHB72eh2NT:avN821/aQWl8P0lSk3DA3Z+nRN81
TLSH
9BE55A0577F85E62E1AAD3B3D5F0541363F0F82AF3A3EB0B5191677A1C93B4098426A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c6ab9f46783de1c7069c23d0e4c029a4
[Rebuild from dump]_211d5d18.exe
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_211d5d18.exe
Module Name

Client
Full Name

Client
EntryPoint

System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::⻈�旬૽밧啁굶병彷锉�탵렬挲沠墓⊴�(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::臱眛᫪䑗냊⑔틪�Ô븉쒏囕㏌칛�᢬觸⟶(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void �웧šᖱ吃ﱧ︳㶯눈먤芏㭵퇓捝ޚ㮱⃁៺᲼::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::⻈�旬૽밧啁굶병彷锉�탵렬挲沠墓⊴�(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 떳煀鄑艨趀ꢪ��燄℡嚫鹝껡綉ヂ덺⅌::臱眛᫪䑗냊⑔틪�Ô븉쒏囕㏌칛�᢬觸⟶(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void �웧šᖱ吃ﱧ︳㶯눈먤芏㭵퇓捝ޚ㮱⃁៺᲼::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
c6ab9f46783de1c7069c23d0e4c029a4 (3.29 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙