Suspicious
Suspect

d685e41be249a9730d865f2570e6b4c5

PE Executable
|
MD5: d685e41be249a9730d865f2570e6b4c5
|
Size: 2.6 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
d685e41be249a9730d865f2570e6b4c5
Sha1
7a4669eadf1ae26d9026ddad2d15b459cc01f012
Sha256
b46c2cb0bca50540123bbde92aa6f434b0d587a7de93916dd5a03682563b1141
Sha384
92c3ff4df6bfa798f7c1cd2efd4be186de1bf40b9ceb03f0772a0e9f0eca0733c8574580155af28e06cc2d50c9679b44
Sha512
1874dd622fe9eef224e51317661be2f5122b467b96bedf111bc8b22273683241c3bd387b14eabd55adcf0f9984ab87530c3e300b520fe3e9f3ec003287845e1b
SSDeep
24576:m8//TYvom1SKVYJLKRupPbi+3TlIOHPzkWYqMKPSKUAoKUrLXN0Yw2dRy+QcEI8D:mf8Di+3TzHLvfUr+YJRy+QAfc89E
TLSH
FFC53910BBCDEA59E40420F0E86A902766B1DD1BBBC1D327CA61B17E7EB2F112F1516C

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d685e41be249a9730d865f2570e6b4c5
[Authenticode]_c3e86401.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
CNzaQ
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x278000 size 11896 bytes
Module Name

3028116.exe
Full Name

3028116.exe
EntryPoint

System.Void Sdnfoazo.Tsbtsw::Main()
Scope Name

3028116.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

3028116
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

375
Main Method

System.Void Sdnfoazo.Tsbtsw::Main()
Main IL Instruction Count

5
Main IL

newobj System.Void a::.ctor() call System.Byte[] a::a() call System.Byte[] b::a(System.Byte[]) call System.Void c::a(System.Byte[]) ret <null>
Module Name

3028116.exe
Full Name

3028116.exe
EntryPoint

System.Void Sdnfoazo.Tsbtsw::Main()
Scope Name

3028116.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

3028116
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

375
Main Method

System.Void Sdnfoazo.Tsbtsw::Main()
Main IL Instruction Count

5
Main IL

newobj System.Void a::.ctor() call System.Byte[] a::a() call System.Byte[] b::a(System.Byte[]) call System.Void c::a(System.Byte[]) ret <null>
d685e41be249a9730d865f2570e6b4c5 (2.6 MB)
File Structure
d685e41be249a9730d865f2570e6b4c5
[Authenticode]_c3e86401.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
CNzaQ
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙