Suspicious
Suspect
Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
e164d44d5f7fd734a56464f573807c4a
Sha1
5bde72588e7a9721185e00d978c104d61ca389d3
Sha256
853cfdf61e9f6098348242d11e4cb581ed9bfe8f960fc2f2fd7ea93e5c9e1578
Sha384
1529aaee13f06b6b75681400dde51c2b870c3219c8f74260a3ac78a7e29ecc6afed58e748ada13223d21586aad600de0
Sha512
72186987a700dd2ccb89bfead0741ab626c5d20d4f69d0926f980ab4e3c8187f16270185ff0cb49ed107a0c0d2ee98e0c453f883b613a4ecd26bfebaf70108a1
SSDeep
24576:RXcrQ8SKxJzck+7eWBRwRR16zA0KKm77yviUSQaZaOwI55l2S62r9cGW/yFoBkkj:RXcrQKTYj77wRGKKm77LrwCB6hqany
TLSH
77850251B7F98117F2BF2BB9A8B304064B77FA539A36C79E0948905C2EA3740DE50367

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e164d44d5f7fd734a56464f573807c4a
[Rebuild from dump]_45438263.exe
.Net Resources
Pulsar.Client.FrmRemoteChat.resources
costura.aforge.dll.compressed
costura.aforge.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.dll.compressed
costura.aforge.video.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.aforge.video.directshow.dll.compressed
costura.aforge.video.directshow.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
costura.messagepack.dll.compressed
costura.messagepack.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.messagepack.annotations.dll.compressed
costura.messagepack.annotations.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.core.dll.compressed
costura.naudio.core.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.wasapi.dll.compressed
costura.naudio.wasapi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.naudio.winforms.dll.compressed
costura.naudio.winforms.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NAudio.WinForms.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.WinForms.Gui.VolumeSlider.resources
costura.naudio.winmm.dll.compressed
costura.naudio.winmm.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dll.compressed
costura.sharpdx.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.pdb.compressed
costura.sharpdx.pdb
costura.sharpdx.d3dcompiler.dll.compressed
costura.sharpdx.d3dcompiler.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.d3dcompiler.pdb.compressed
costura.sharpdx.d3dcompiler.pdb
costura.sharpdx.direct2d1.dll.compressed
costura.sharpdx.direct2d1.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct2d1.pdb.compressed
costura.sharpdx.direct2d1.pdb
costura.sharpdx.direct3d11.dll.compressed
costura.sharpdx.direct3d11.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.direct3d11.pdb.compressed
costura.sharpdx.direct3d11.pdb
costura.sharpdx.dxgi.dll.compressed
costura.sharpdx.dxgi.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.dxgi.pdb.compressed
costura.sharpdx.dxgi.pdb
costura.sharpdx.mathematics.dll.compressed
costura.sharpdx.mathematics.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.sharpdx.mathematics.pdb.compressed
costura.sharpdx.mathematics.pdb
costura.system.buffers.dll.compressed
costura.system.buffers.dll
[Authenticode]_8c38879e.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Buffers.SR.resources
costura.system.collections.immutable.dll.compressed
costura.system.collections.immutable.dll
[Authenticode]_937eee08.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Collections.Immutable.SR.resources
ILLink.Substitutions.xml
costura.system.memory.dll.compressed
costura.system.memory.dll
[Authenticode]_15ab3250.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Memory.SR.resources
costura.system.numerics.vectors.dll.compressed
costura.system.numerics.vectors.dll
[Authenticode]_ae030d4d.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
FxResources.System.Numerics.Vectors.SR.resources
costura.system.runtime.compilerservices.unsafe.dll.compressed
costura.system.runtime.compilerservices.unsafe.dll
[Authenticode]_e61c97b9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.threading.tasks.extensions.dll.compressed
costura.system.threading.tasks.extensions.dll
[Authenticode]_7121b905.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.pulsar.common.dll.compressed
costura.pulsar.common.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_45438263.exe
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.7.4.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1511
Main Method

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Main IL Instruction Count

11
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::EOZuTxYOBr() newobj System.Void cirgrikuewftd.TjRjwtzcFYhWvzRu7CiLn4az6Rznj::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.7.4.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1511
Main Method

System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::Main()
Main IL Instruction Count

11
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void cirgrikuewftd.YLPdn45jZpfeOrUsaCiGPyN2GC8af::EOZuTxYOBr() newobj System.Void cirgrikuewftd.TjRjwtzcFYhWvzRu7CiLn4az6Rznj::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
PE Layout

MemoryMapped (process dump suspected)
e164d44d5f7fd734a56464f573807c4a (1.85 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙