Suspicious
Suspect

e687156548e1918f924bbe03c9751ffe

PE Executable
|
MD5: e687156548e1918f924bbe03c9751ffe
|
Size: 792.58 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
e687156548e1918f924bbe03c9751ffe
Sha1
5af16e1a715e910e647ee682325b3eae173b3310
Sha256
a5a6f09dbfef79a19d216620a173e636ad05e97f28a90bd4a08f12cc0254d24b
Sha384
0bbce3e83d1c244ae79d8f119c032cd0a669e87e4d4e8bbe4938064a5afaac5aa46c9ea53005e55803fb36793857fe6d
Sha512
60cd4d16afef9de7aba8b5713de7782c43b4777bb7aff0fd9e42e21c8787d438d209dee8b3d986f2fe9ac85452989de328deef4e61961bbc21da46513643fd61
SSDeep
12288:Lgnd3mq8lB00fIhzf6YC4zgQohWwzT3kuEfhvEnI+X0Wxezvw5vlfSIAD85BM+TN:Imt706Ih9C4z8XTyfh8IdWxezvp1D8
TLSH
3AF4D09C3250B49FC857C93689A4EC74AA607CAB9717C20790D71EAFBA4D957CF102B3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e687156548e1918f924bbe03c9751ffe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ModularCalculator.Forms.MainForm.resources
ModularCalculator.Properties.Resources.resources
Abstimmung
[NBF]root.Data
[NBF]root.Data-preview.png
Bukkit_Logo
[NBF]root.Data
[NBF]root.Data-preview.png
Linux_Figur
[NBF]root.Data
[NBF]root.Data-preview.png
Moon
[NBF]root.Data
Nblc
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

PhnQ.exe
Full Name

PhnQ.exe
EntryPoint

System.Void ModularCalculator.Program::Main()
Scope Name

PhnQ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

PhnQ
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

175
Main Method

System.Void ModularCalculator.Program::Main()
Main IL Instruction Count

37
Main IL

nop <null> call System.Void ModularCalculator.Program::‭‬‏‭‬‭‫‬‌‭‏​‭‬‫‌‫‎‏‫‪‏‫‫‪‮() ldc.i4 -1479347049 ldc.i4 -812523980 xor <null> dup <null> stloc.0 <null> ldc.i4.5 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_006F: nop nop <null> ldloc.0 <null> ldc.i4 -336715787 mul <null> ldc.i4 -644823185 xor <null> br.s IL_000B: ldc.i4 -812523980 ldc.i4.0 <null> call System.Void ModularCalculator.Program::‎‮​‫‏‪‍‪‮‪​‭‍‏‭‏‭‌‪​‏‎‬‮‍‮(System.Boolean) nop <null> ldloc.0 <null> ldc.i4 -2064850044 mul <null> ldc.i4 -1033121736 xor <null> br.s IL_000B: ldc.i4 -812523980 newobj System.Void ModularCalculator.Forms.MainForm::.ctor() call System.Void ModularCalculator.Program::‪‪‍‭‌‎‫‌‮‍‮‏‏‮‫‮​‫‏‪‫‍‮‮‬‎‫‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 1891018336 mul <null> ldc.i4 -1559943798 xor <null> br.s IL_000B: ldc.i4 -812523980 nop <null> ret <null>
Module Name

PhnQ.exe
Full Name

PhnQ.exe
EntryPoint

System.Void ModularCalculator.Program::Main()
Scope Name

PhnQ.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

PhnQ
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

175
Main Method

System.Void ModularCalculator.Program::Main()
Main IL Instruction Count

37
Main IL

nop <null> call System.Void ModularCalculator.Program::‭‬‏‭‬‭‫‬‌‭‏​‭‬‫‌‫‎‏‫‪‏‫‫‪‮() ldc.i4 -1479347049 ldc.i4 -812523980 xor <null> dup <null> stloc.0 <null> ldc.i4.5 <null> rem.un <null> switch dnlib.DotNet.Emit.Instruction[] br.s IL_006F: nop nop <null> ldloc.0 <null> ldc.i4 -336715787 mul <null> ldc.i4 -644823185 xor <null> br.s IL_000B: ldc.i4 -812523980 ldc.i4.0 <null> call System.Void ModularCalculator.Program::‎‮​‫‏‪‍‪‮‪​‭‍‏‭‏‭‌‪​‏‎‬‮‍‮(System.Boolean) nop <null> ldloc.0 <null> ldc.i4 -2064850044 mul <null> ldc.i4 -1033121736 xor <null> br.s IL_000B: ldc.i4 -812523980 newobj System.Void ModularCalculator.Forms.MainForm::.ctor() call System.Void ModularCalculator.Program::‪‪‍‭‌‎‫‌‮‍‮‏‏‮‫‮​‫‏‪‫‍‮‮‬‎‫‮(System.Windows.Forms.Form) ldloc.0 <null> ldc.i4 1891018336 mul <null> ldc.i4 -1559943798 xor <null> br.s IL_000B: ldc.i4 -812523980 nop <null> ret <null>
e687156548e1918f924bbe03c9751ffe (792.58 KB)
File Structure
e687156548e1918f924bbe03c9751ffe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ModularCalculator.Forms.MainForm.resources
ModularCalculator.Properties.Resources.resources
Abstimmung
[NBF]root.Data
[NBF]root.Data-preview.png
Bukkit_Logo
[NBF]root.Data
[NBF]root.Data-preview.png
Linux_Figur
[NBF]root.Data
[NBF]root.Data-preview.png
Moon
[NBF]root.Data
Nblc
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙