Suspect
d39f58182d7b42f4937ea5d235fd9127
PE Executable | MD5: d39f58182d7b42f4937ea5d235fd9127 | Size: 1.85 MB | application/x-dosexec
PE Executable
MD5: d39f58182d7b42f4937ea5d235fd9127
Size: 1.85 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | d39f58182d7b42f4937ea5d235fd9127
|
| Sha1 | ec2c2370801ac600d89c0853255cf647f769a2e5
|
| Sha256 | fa975ead71873519e79b3f7e4dfca87812c2acd11483c2e331f2ad563f31670d
|
| Sha384 | 3050cbd69f7c84511b98279a19a3da7a6600c80ec54048ac183feb8b182933e01d905588e2187b44589fb22b3ce925d8
|
| Sha512 | 5d5ca8115ceea565a938f52da4bbda92af5f4201f5697fa5c5f45e1bedf26f1b3eb39aa691def6767c9c119c59b26238bdd735b0e2f7e659585446acefb52aaf
|
| SSDeep | 24576:DXcrQ8SKxJzck+7eWBRwRR16zA0KKm77yviUSQaZaOwI55l2S62r9cGW/yFoBkkj:DXcrQKTYj77wRGKKm77LrwCB6hqany
|
| TLSH | AC850251B7F98117F2BF2BB9A8B304064B77FA539A36C79E0948905C2EA3740DE50367
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d39f58182d7b42f4937ea5d235fd9127
[Rebuild from dump]_0c9f4501.exe
.Net Resources
Pulsar.Client.FrmRemoteChat.resources
costura.aforge.dll.compressed
costura.aforge.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.dll.compressed
costura.aforge.video.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.directshow.dll.compressed
costura.aforge.video.directshow.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
costura.messagepack.dll.compressed
costura.messagepack.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.messagepack.annotations.dll.compressed
costura.messagepack.annotations.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.core.dll.compressed
costura.naudio.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.wasapi.dll.compressed
costura.naudio.wasapi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.winforms.dll.compressed
costura.naudio.winforms.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NAudio.WinForms.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.WinForms.Gui.VolumeSlider.resources
costura.naudio.winmm.dll.compressed
costura.naudio.winmm.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dll.compressed
costura.sharpdx.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.pdb.compressed
costura.sharpdx.d3dcompiler.dll.compressed
costura.sharpdx.d3dcompiler.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.d3dcompiler.pdb.compressed
costura.sharpdx.direct2d1.dll.compressed
costura.sharpdx.direct2d1.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct2d1.pdb.compressed
costura.sharpdx.direct3d11.dll.compressed
costura.sharpdx.direct3d11.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct3d11.pdb.compressed
costura.sharpdx.dxgi.dll.compressed
costura.sharpdx.dxgi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dxgi.pdb.compressed
costura.sharpdx.mathematics.dll.compressed
costura.sharpdx.mathematics.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.mathematics.pdb.compressed
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_8c38879e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.collections.immutable.dll.compressed
costura.system.collections.immutable.dll
[Authenticode]_937eee08.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Collections.Immutable.SR.resources
ILLink.Substitutions.xml
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_15ab3250.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.numerics.vectors.dll.compressed
costura.system.numerics.vectors.dll
[Authenticode]_ae030d4d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Numerics.Vectors.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_e61c97b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.threading.tasks.extensions.dll.compressed
costura.system.threading.tasks.extensions.dll
[Authenticode]_7121b905.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pulsar.common.dll.compressed
costura.pulsar.common.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_0c9f4501.exe |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main() |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.7.4.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 1511 |
| Main Method | System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main() |
| Main IL Instruction Count | 11 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::EOZuTxYOBr() newobj System.Void cirgrikuewftd.TjRjwtzcFYhWvzRu7CiLn4az6Rznj::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main() |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.7.4.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 1511 |
| Main Method | System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main() |
| Main IL Instruction Count | 11 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::EOZuTxYOBr() newobj System.Void cirgrikuewftd.TjRjwtzcFYhWvzRu7CiLn4az6Rznj::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
Artefacts
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
| PE Layout | MemoryMapped (process dump suspected) |
d39f58182d7b42f4937ea5d235fd9127 (1.85 MB)
File Structure
d39f58182d7b42f4937ea5d235fd9127
[Rebuild from dump]_0c9f4501.exe
.Net Resources
Pulsar.Client.FrmRemoteChat.resources
costura.aforge.dll.compressed
costura.aforge.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.dll.compressed
costura.aforge.video.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.directshow.dll.compressed
costura.aforge.video.directshow.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
costura.messagepack.dll.compressed
costura.messagepack.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.messagepack.annotations.dll.compressed
costura.messagepack.annotations.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.core.dll.compressed
costura.naudio.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.wasapi.dll.compressed
costura.naudio.wasapi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.winforms.dll.compressed
costura.naudio.winforms.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NAudio.WinForms.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.WinForms.Gui.VolumeSlider.resources
costura.naudio.winmm.dll.compressed
costura.naudio.winmm.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dll.compressed
costura.sharpdx.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.pdb.compressed
costura.sharpdx.d3dcompiler.dll.compressed
costura.sharpdx.d3dcompiler.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.d3dcompiler.pdb.compressed
costura.sharpdx.direct2d1.dll.compressed
costura.sharpdx.direct2d1.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct2d1.pdb.compressed
costura.sharpdx.direct3d11.dll.compressed
costura.sharpdx.direct3d11.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct3d11.pdb.compressed
costura.sharpdx.dxgi.dll.compressed
costura.sharpdx.dxgi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dxgi.pdb.compressed
costura.sharpdx.mathematics.dll.compressed
costura.sharpdx.mathematics.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.mathematics.pdb.compressed
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_8c38879e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.collections.immutable.dll.compressed
costura.system.collections.immutable.dll
[Authenticode]_937eee08.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Collections.Immutable.SR.resources
ILLink.Substitutions.xml
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_15ab3250.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.numerics.vectors.dll.compressed
costura.system.numerics.vectors.dll
[Authenticode]_ae030d4d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Numerics.Vectors.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_e61c97b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.threading.tasks.extensions.dll.compressed
costura.system.threading.tasks.extensions.dll
[Authenticode]_7121b905.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pulsar.common.dll.compressed
costura.pulsar.common.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
d39f58182d7b42f4937ea5d235fd9127 |
| PE Layout | MemoryMapped (process dump suspected) |
d39f58182d7b42f4937ea5d235fd9127 > [Rebuild from dump]_0c9f4501.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.