Suspicious
Suspect

cd598f29cc2fc19c1d5de8e9cb156096

PE Executable
|
MD5: cd598f29cc2fc19c1d5de8e9cb156096
|
Size: 490.5 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
cd598f29cc2fc19c1d5de8e9cb156096
Sha1
105f6489a045bfebfe2959d23c073a0759e0a22f
Sha256
27a028ec14e0d0a72a308a7bd7d46722d52bfd988e0776ceb0a60db751af7c3a
Sha384
db977e076be0bb9182ec66ebf446dec292f11c9b7209299e888217bb14534f91d494d48331dbf792abd7ee12d8a93374
Sha512
63fd37356521a920f9e5c0e16de66cc827d787784cdc743ac1fe629e834f86e0e474f80604765082b1d7e324087443a152576f47a33ec6a399e756510d76293d
SSDeep
12288:biirOhhzAFtYmQNGjGBMCg6/wreskhgbOhan2UOUmLHs:bod/mHqBMCBQesY
TLSH
95A4CF8D3210F06FC4939A724CA0DEB4A6696D669207C30396E72DEF7D1E587DE051F2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
cd598f29cc2fc19c1d5de8e9cb156096
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WorldClock.Form1.resources
WorldClock.Properties.Resources.resources
ZUKv
[NBF]root.Data
[NBF]root.Data-preview.png
shu
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Hkek.exe
Full Name

Hkek.exe
EntryPoint

System.Void WorldClock.Program::Main()
Scope Name

Hkek.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hkek
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

165
Main Method

System.Void WorldClock.Program::Main()
Main IL Instruction Count

43
Main IL

nop <null> ldc.i4 318889494 ldc.i4 802567575 xor <null> dup <null> stloc.0 <null> ldc.i4.6 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_0083: ret newobj System.Void WorldClock.Form1::.ctor() call System.Void WorldClock.Program::‎‫‪‍​‍‌‎‌‮‏‪‭‫‫‍‭‌‭​‫‫​‮‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 662787219 mul <null> ldc.i4 987866395 xor <null> br.s IL_0006: ldc.i4 802567575 nop <null> ldc.i4.0 <null> call System.Void WorldClock.Program::‫‭‪‍‌‎‎‮‭‫‪‫‍‫‌‪‮​‬‫‬‎‭‎‮(System.Boolean) nop <null> ldloc.0 <null> ldc.i4 1825359875 mul <null> ldc.i4 -2091114212 xor <null> br.s IL_0006: ldc.i4 802567575 call System.Void WorldClock.Program::‬‌‏‫‎‮​​‬‎‮‍‭‏‫‏‭‏‫‎‭‫‬‍‍‮‏‪‮() ldloc.0 <null> ldc.i4 1765068810 mul <null> ldc.i4 -1668301853 xor <null> br.s IL_0006: ldc.i4 802567575 nop <null> ldloc.0 <null> ldc.i4 -400397591 mul <null> ldc.i4 -380939522 xor <null> br.s IL_0006: ldc.i4 802567575 ret <null>
Module Name

Hkek.exe
Full Name

Hkek.exe
EntryPoint

System.Void WorldClock.Program::Main()
Scope Name

Hkek.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Hkek
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

165
Main Method

System.Void WorldClock.Program::Main()
Main IL Instruction Count

43
Main IL

nop <null> ldc.i4 318889494 ldc.i4 802567575 xor <null> dup <null> stloc.0 <null> ldc.i4.6 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_0083: ret newobj System.Void WorldClock.Form1::.ctor() call System.Void WorldClock.Program::‎‫‪‍​‍‌‎‌‮‏‪‭‫‫‍‭‌‭​‫‫​‮‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 662787219 mul <null> ldc.i4 987866395 xor <null> br.s IL_0006: ldc.i4 802567575 nop <null> ldc.i4.0 <null> call System.Void WorldClock.Program::‫‭‪‍‌‎‎‮‭‫‪‫‍‫‌‪‮​‬‫‬‎‭‎‮(System.Boolean) nop <null> ldloc.0 <null> ldc.i4 1825359875 mul <null> ldc.i4 -2091114212 xor <null> br.s IL_0006: ldc.i4 802567575 call System.Void WorldClock.Program::‬‌‏‫‎‮​​‬‎‮‍‭‏‫‏‭‏‫‎‭‫‬‍‍‮‏‪‮() ldloc.0 <null> ldc.i4 1765068810 mul <null> ldc.i4 -1668301853 xor <null> br.s IL_0006: ldc.i4 802567575 nop <null> ldloc.0 <null> ldc.i4 -400397591 mul <null> ldc.i4 -380939522 xor <null> br.s IL_0006: ldc.i4 802567575 ret <null>
cd598f29cc2fc19c1d5de8e9cb156096 (490.5 KB)
File Structure
cd598f29cc2fc19c1d5de8e9cb156096
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
WorldClock.Form1.resources
WorldClock.Properties.Resources.resources
ZUKv
[NBF]root.Data
[NBF]root.Data-preview.png
shu
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙