Suspicious
Suspect

e715b90edac6ea3b5f86fa141568cecf

Share on LinkedIn Add to favorites
Re-Scan
Delete
PE Executable
MD5: e715b90edac6ea3b5f86fa141568cecf
Size: 164.35 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
e715b90edac6ea3b5f86fa141568cecf
Sha1
126effaf1a7333e5cd4e267b050a534096d94ce9
Sha256
ce30c0c7a239afa58ebeb99eedca014f8d52341a6bdc4b0c1e68773bb6e561ba
Sha384
63d309a0934e0919b8981c9948cf872281a3d06927599ed6310ea2e15f5a374738b9805cc563e3fccadc86f7b5e21a7b
Sha512
4f1249e935878c27a08537465cdebc0ea2a0a5be8f9d4280706d5825c6905f33e196716c95eb621db723dcfae88edb66d093b5693d384dff7b86dfaffecbba54
SSDeep
3072:tYHXh/pn0boetfuGvSDHu6JLN4kVRay6kscj0wWl:t8RVKoWKzJHzasTow
TLSH
A0F3C6202FEA4C3AF4FEEE797BD471B6956BFE7226C29859145C02460633AC189F053D

PeID

Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
e715b90edac6ea3b5f86fa141568cecf
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ZwjDINEXpgJERcxkTNFikOumLqwxkdSgOlrmwh.rHQfowylWiCPgICtJTdAWBBHKYKsNpFrXjaRSCUiywDVcssFwGZsgKxlOJgusYgbJdLyjRGjQsEJstw.resources
LogoPictureBox.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SE.Resources.resources
NoIsHere
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
NoIsHere.Resources.resources
Informations
Name
 Value
Module Name

shutdown.exe
Full Name

shutdown.exe
EntryPoint

System.Void cQUgGuBMbLRJQlHySwOzBgYvmrBZYMDFuxRChfediGvk.ZgurhSBRCEOsWfxSbzgJcTWwZMIpsLesoatpxCNzZYLraR::aDaNXEIUTUpfHsJhHDqcTcIUwcsSNzJdcGVhUefBNtgBQwca(System.String[])
Scope Name

shutdown.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

shutdown
Assembly Version

6.2.26100.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

33
Main Method

System.Void cQUgGuBMbLRJQlHySwOzBgYvmrBZYMDFuxRChfediGvk.ZgurhSBRCEOsWfxSbzgJcTWwZMIpsLesoatpxCNzZYLraR::aDaNXEIUTUpfHsJhHDqcTcIUwcsSNzJdcGVhUefBNtgBQwca(System.String[])
Main IL Instruction Count

6
Main IL

call System.Boolean Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase::get_UseCompatibleTextRendering() call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call cQUgGuBMbLRJQlHySwOzBgYvmrBZYMDFuxRChfediGvk.ZgurhSBRCEOsWfxSbzgJcTWwZMIpsLesoatpxCNzZYLraR SVMKyhvyUlCuEOhEXYFqQZHDRBaSseSUonVCWzIKIkylUKHXGFkGfqYyARbfHoedDuDNFbLS.qkGepHWhIQkeARcDMsWCZmtFRCdAKWMPKdxboarxer::get_Application() ldarg.0 <null> callvirt System.Void Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase::Run(System.String[]) ret <null>
Artefacts
Name
 Value
Embedded Resources

2
Suspicious Type Names (1-2 chars)

0
Embedded Resources

1
Suspicious Type Names (1-2 chars)

0
e715b90edac6ea3b5f86fa141568cecf (164.35 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙