Suspect
ca426e431a81b107548e7095a82c94c3
PE Executable | MD5: ca426e431a81b107548e7095a82c94c3 | Size: 782.85 KB | application/x-dosexec
PE Executable
MD5: ca426e431a81b107548e7095a82c94c3
Size: 782.85 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Ofbuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | ca426e431a81b107548e7095a82c94c3
|
| Sha1 | a8a649520786f4eb81f4f336181f287098a8bc40
|
| Sha256 | afafe9eb66c81266d5fc9353912a06f148afc49324605da77250642c9358afa2
|
| Sha384 | 22a1dd50c74ce1c3f49ea6c02a75c3b6a6cf0a64e5dc619bb9a96215f15590165679800766cc7a15685f258665015e4c
|
| Sha512 | dcd54231d954bf8583c1af815061f2d9d20ce9e06a105861f2384a53ac4f3260b325e45d87da70dba215913080fbb607232ac1c6bb22574491f8fcb048759956
|
| SSDeep | 12288:S1GoooooigooonkiHXR4mvjAqz95z+fpSCWB225fQhDEFpV5PVa2i0qZpzJ:yGoooooigooonb3RjA05z+fcCI2QcSLG
|
| TLSH | 74F402653525AC13E8F6A6F008A9C2B843BD0DDD75B1C3CB4EE65CDB3EE9B028601657
|
File Structure
ca426e431a81b107548e7095a82c94c3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Hastane_Projesi.FrmBilgiDuzenle.resources
$this.Icon
[NBF]root.IconData
Hastane_Projesi.FrmDuyurular.resources
Hastane_Projesi.FrmGirisler.resources
Hastane_Projesi.FrmSekreterDetay.resources
Nerde
[NBF]root.Data
Hastane_Projesi.Properties.Resources.resources
qJnx
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\Users\Administrator\Desktop\Client\Temp\LUpjSEhwrI\src\obj\Debug\KGRD.pdb |
| Module Name | KGRD.exe |
| Full Name | KGRD.exe |
| EntryPoint | System.Void Hastane_Projesi.Program::Main() |
| Scope Name | KGRD.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | KGRD |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 464 |
| Main Method | System.Void Hastane_Projesi.Program::Main() |
| Main IL Instruction Count | 6 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Hastane_Projesi.FrmGirisler::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
ca426e431a81b107548e7095a82c94c3 (782.85 KB)
File Structure
ca426e431a81b107548e7095a82c94c3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Hastane_Projesi.FrmBilgiDuzenle.resources
$this.Icon
[NBF]root.IconData
Hastane_Projesi.FrmDuyurular.resources
Hastane_Projesi.FrmGirisler.resources
Hastane_Projesi.FrmSekreterDetay.resources
Nerde
[NBF]root.Data
Hastane_Projesi.Properties.Resources.resources
qJnx
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.