Suspicious
Suspect

dc2ba7f95ce2bb76195dec33f6a1af16

PE Executable
|
MD5: dc2ba7f95ce2bb76195dec33f6a1af16
|
Size: 756.74 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
dc2ba7f95ce2bb76195dec33f6a1af16
Sha1
a29369439141b71869a3d04e46577df92bef1f8e
Sha256
b38a505654d50e6b7dedec7a014bb133fa767650a23f9f40a963d4da9bedaa85
Sha384
1d66722974167661aef79331389a0557cdac1ffc992b2b9f4787366617abdaea299ff958ac70a4f59bf65ced329c7c22
Sha512
7e0bd64991ac0bc491ce670fbc374099892404740abda35657f54d8ea3a6a4535cfce00529b77d519c6fd59cc08954aa22dc9e22b75a79bdb11fc1174dc10849
SSDeep
12288:C9MKq1uUUQeIL+AE7ng6/vgEqg/G5a5YFdd3bPXoVmSCur4gdhO7xKqX:Y6uUUQeW+A2GRHrPXlSCBGs1
TLSH
BFF41248671ADB02D92253F9A5B0F2782B3A5EFEA811D3168FD97CDB7936B044C44387

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
dc2ba7f95ce2bb76195dec33f6a1af16
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
HourlyChime.Forms.MainForm.resources
HourlyChime.Properties.Resources.resources
RPAt
[NBF]root.Data
[NBF]root.Data-preview.png
de
[NBF]root.Data
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: tkJh.pdb
Module Name

tkJh.exe
Full Name

tkJh.exe
EntryPoint

System.Void HourlyChime.Program::Main()
Scope Name

tkJh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

tkJh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

174
Main Method

System.Void HourlyChime.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void HourlyChime.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

tkJh.exe
Full Name

tkJh.exe
EntryPoint

System.Void HourlyChime.Program::Main()
Scope Name

tkJh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

tkJh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

174
Main Method

System.Void HourlyChime.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void HourlyChime.Forms.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
dc2ba7f95ce2bb76195dec33f6a1af16 (756.74 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙