Suspicious
Suspect

df150002991d77dd1718ce35ea3552a1

PE Executable
|
MD5: df150002991d77dd1718ce35ea3552a1
|
Size: 44.56 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
df150002991d77dd1718ce35ea3552a1
Sha1
bb277083d91b0c0db6415918fd60269355f56290
Sha256
d26166162cd1c86a92faf8ac6a92fce91ac8a71915b4583e9ab7fcbf6dbf0ad6
Sha384
61060dd8cd6a6336898655991d7605c6c1e29719b4fef88960d2c1a1abf552e369af07a4c07502a8659ca6ceecd8f8db
Sha512
39c5b2dfd8abdd003f69e2e8208703fd2548d8ad156a2137ebc030a70defb16a07eacbefdae0ab3268fa16305b3b58e56e1cf04bed5d851811cbe4fca0c4e40a
SSDeep
768:XUjAxYSfWJW50Sla96XZSm5E7Z9p85a3jUq/mfGJhqpRlv82ADB1XgNF1QDr:XUslfWJW50SlawVM9p8Nq/mfG7q/lv8t
TLSH
38136C2BA64C6E67E68F4ABC98A523163EFC8312A053F34E5D8885DD19773C16A053C7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
df150002991d77dd1718ce35ea3552a1
[Authenticode]_577ee7a4.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
JavaUpdateService.Properties.Resources.resources
             
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x9600 size 6160 bytes
Module Name

JavaUpdateService.exe
Full Name

JavaUpdateService.exe
EntryPoint

System.Void  ::()
Scope Name

JavaUpdateService.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JavaUpdateService
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

25
Main IL

call System.Boolean  ::() brtrue.s IL_0025: call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 801980195 call System.String ::(System.Int32) ldc.i4 801980296 call System.String ::(System.Int32) ldc.i4.0 <null> ldc.i4.s 16 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ret <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void  ::() call System.Threading.Tasks.Task  ::() ldc.i4.0 <null> callvirt System.Runtime.CompilerServices.ConfiguredTaskAwaitable System.Threading.Tasks.Task::ConfigureAwait(System.Boolean) stloc.0 <null> ldloca.s V_0 call System.Runtime.CompilerServices.ConfiguredTaskAwaitable/ConfiguredTaskAwaiter System.Runtime.CompilerServices.ConfiguredTaskAwaitable::GetAwaiter() stloc.1 <null> ldloca.s V_1 call System.Void System.Runtime.CompilerServices.ConfiguredTaskAwaitable/ConfiguredTaskAwaiter::GetResult() ret <null>
Module Name

JavaUpdateService.exe
Full Name

JavaUpdateService.exe
EntryPoint

System.Void  ::()
Scope Name

JavaUpdateService.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JavaUpdateService
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

25
Main IL

call System.Boolean  ::() brtrue.s IL_0025: call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4 801980195 call System.String ::(System.Int32) ldc.i4 801980296 call System.String ::(System.Int32) ldc.i4.0 <null> ldc.i4.s 16 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ret <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void  ::() call System.Threading.Tasks.Task  ::() ldc.i4.0 <null> callvirt System.Runtime.CompilerServices.ConfiguredTaskAwaitable System.Threading.Tasks.Task::ConfigureAwait(System.Boolean) stloc.0 <null> ldloca.s V_0 call System.Runtime.CompilerServices.ConfiguredTaskAwaitable/ConfiguredTaskAwaiter System.Runtime.CompilerServices.ConfiguredTaskAwaitable::GetAwaiter() stloc.1 <null> ldloca.s V_1 call System.Void System.Runtime.CompilerServices.ConfiguredTaskAwaitable/ConfiguredTaskAwaiter::GetResult() ret <null>
df150002991d77dd1718ce35ea3552a1 (44.56 KB)
File Structure
df150002991d77dd1718ce35ea3552a1
[Authenticode]_577ee7a4.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
JavaUpdateService.Properties.Resources.resources
             
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙