Suspicious
Suspect
Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
d39f58182d7b42f4937ea5d235fd9127
Sha1
ec2c2370801ac600d89c0853255cf647f769a2e5
Sha256
fa975ead71873519e79b3f7e4dfca87812c2acd11483c2e331f2ad563f31670d
Sha384
3050cbd69f7c84511b98279a19a3da7a6600c80ec54048ac183feb8b182933e01d905588e2187b44589fb22b3ce925d8
Sha512
5d5ca8115ceea565a938f52da4bbda92af5f4201f5697fa5c5f45e1bedf26f1b3eb39aa691def6767c9c119c59b26238bdd735b0e2f7e659585446acefb52aaf
SSDeep
24576:DXcrQ8SKxJzck+7eWBRwRR16zA0KKm77yviUSQaZaOwI55l2S62r9cGW/yFoBkkj:DXcrQKTYj77wRGKKm77LrwCB6hqany
TLSH
AC850251B7F98117F2BF2BB9A8B304064B77FA539A36C79E0948905C2EA3740DE50367

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d39f58182d7b42f4937ea5d235fd9127
[Rebuild from dump]_0c9f4501.exe
.Net Resources
Pulsar.Client.FrmRemoteChat.resources
costura.aforge.dll.compressed
costura.aforge.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.dll.compressed
costura.aforge.video.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.directshow.dll.compressed
costura.aforge.video.directshow.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
costura.messagepack.dll.compressed
costura.messagepack.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.messagepack.annotations.dll.compressed
costura.messagepack.annotations.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.core.dll.compressed
costura.naudio.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.wasapi.dll.compressed
costura.naudio.wasapi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.winforms.dll.compressed
costura.naudio.winforms.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NAudio.WinForms.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.WinForms.Gui.VolumeSlider.resources
costura.naudio.winmm.dll.compressed
costura.naudio.winmm.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dll.compressed
costura.sharpdx.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.pdb.compressed
costura.sharpdx.pdb
costura.sharpdx.d3dcompiler.dll.compressed
costura.sharpdx.d3dcompiler.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.d3dcompiler.pdb.compressed
costura.sharpdx.d3dcompiler.pdb
costura.sharpdx.direct2d1.dll.compressed
costura.sharpdx.direct2d1.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct2d1.pdb.compressed
costura.sharpdx.direct2d1.pdb
costura.sharpdx.direct3d11.dll.compressed
costura.sharpdx.direct3d11.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct3d11.pdb.compressed
costura.sharpdx.direct3d11.pdb
costura.sharpdx.dxgi.dll.compressed
costura.sharpdx.dxgi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dxgi.pdb.compressed
costura.sharpdx.dxgi.pdb
costura.sharpdx.mathematics.dll.compressed
costura.sharpdx.mathematics.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.mathematics.pdb.compressed
costura.sharpdx.mathematics.pdb
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_8c38879e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.collections.immutable.dll.compressed
costura.system.collections.immutable.dll
[Authenticode]_937eee08.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Collections.Immutable.SR.resources
ILLink.Substitutions.xml
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_15ab3250.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.numerics.vectors.dll.compressed
costura.system.numerics.vectors.dll
[Authenticode]_ae030d4d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Numerics.Vectors.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_e61c97b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.threading.tasks.extensions.dll.compressed
costura.system.threading.tasks.extensions.dll
[Authenticode]_7121b905.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pulsar.common.dll.compressed
costura.pulsar.common.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_0c9f4501.exe
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.7.4.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1511
Main Method

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Main IL Instruction Count

11
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::EOZuTxYOBr() newobj System.Void cirgrikuewftd.TjRjwtzcFYhWvzRu7CiLn4az6Rznj::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.7.4.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1511
Main Method

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Main IL Instruction Count

11
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::EOZuTxYOBr() newobj System.Void cirgrikuewftd.TjRjwtzcFYhWvzRu7CiLn4az6Rznj::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
d39f58182d7b42f4937ea5d235fd9127 (1.85 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙