Suspicious
Suspect

d314c3e25d8d2e04d9cdee49a292221e

PE Executable
|
MD5: d314c3e25d8d2e04d9cdee49a292221e
|
Size: 1.27 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
d314c3e25d8d2e04d9cdee49a292221e
Sha1
14021c97f2d208d57056bb35ee30af2f3e1ad8f1
Sha256
979c210790a888cc219a2f44ddf6ec4ada7f1ddf527ce6e70fb1e96fc8f73508
Sha384
6dac6af3adc53ca1e54de5286fce8ee980fd612a377f35321331328cfa1966cc32f3957cd5e43696bfb8ab418024d363
Sha512
07c21dbd6237bbd2e341f137c10de84b1b1914028454d6fc406302dd3ad60dd66006581d5555934d6dfbd2a761fc35ca5455fdc5d17d93e5b39ea6fe268e0843
SSDeep
24576:4Zt5+93ic3DQyjzcQjRSNngAANjTlZXDqEML1HH18LyZMtUhYQlmA+T:4ZjA3iczNjAyRkANzM9VOyZsURIA+T
TLSH
B2451258212ADA03E0A29FF44E32E3F80B746FA5E911D247AFD1BEDF75367545A81203

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d314c3e25d8d2e04d9cdee49a292221e
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
TravBot.Form1.resources
$this.Icon
[NBF]root.IconData
Timer_Cycle.TrayLocation
Timer_List.TrayLocation
squid
[NBF]root.Data
TravBot.UnmanagedCode.resources
TravBot.Properties.Resources.resources
Jcbf
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Administrator\Desktop\Client\Temp\FQSCBOvHHJ\src\obj\Debug\gCai.pdb
Module Name

gCai.exe
Full Name

gCai.exe
EntryPoint

System.Void TravBot.Program::Main()
Scope Name

gCai.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gCai
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

300
Main Method

System.Void TravBot.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void TravBot.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

gCai.exe
Full Name

gCai.exe
EntryPoint

System.Void TravBot.Program::Main()
Scope Name

gCai.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

gCai
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

300
Main Method

System.Void TravBot.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void TravBot.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
d314c3e25d8d2e04d9cdee49a292221e (1.27 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙