Suspicious
Suspect

eaf0049a205d98a99a5cbb4e5b76f1d5

PE Executable
|
MD5: eaf0049a205d98a99a5cbb4e5b76f1d5
|
Size: 207.36 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
eaf0049a205d98a99a5cbb4e5b76f1d5
Sha1
2dc2251cd163ca9b1c7a7b2b5022bde36fb13bfa
Sha256
19faa35e4a88f88a37632b1ddb78318c66f38210d7662c4a0103f8472c518c30
Sha384
53e9eb37fea8f1398b43f09b918cf1a865ac139891bb56f92f2ffd63437a275167b9b76a596b2e6e71c98c1041441b80
Sha512
67b01a421cb6eedccbe1ace07c94cfb20135c74f68b9beea6afe7fe77522df376147ad73b836399052746869e580e97a213a005fb43b7171802155aba2e44019
SSDeep
3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI5T8JS04/B4tD77heYN1uadhNV:wLV6Bta6dtJmakIM5o8PhhekEWNV
TLSH
6314C05637A88A2FE2DE8679715206178379C2E29CC3F3DE28E454B25F667E50A071C3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
eaf0049a205d98a99a5cbb4e5b76f1d5
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.reloc
.rsrc
Resources
RT_RCDATA
ID:0001
ID:0
.Net Resources
ClientLoaderForm.resources
     ​     
Informations
Name
 Value
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

NanoCore Client.exe
Full Name

NanoCore Client.exe
EntryPoint

System.Void ClientLoaderForm::Main()
Scope Name

NanoCore Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

NanoCore Client
Assembly Version

1.2.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

2
Main Method

System.Void ClientLoaderForm::Main()
Main IL Instruction Count

4
Main IL

call #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw== #=q_jQLaNdtSDa6ovA0VGw50w==::#=qqROT7DfncW7strhZvp0iRQ==() callvirt ClientLoaderForm #=q_jQLaNdtSDa6ovA0VGw50w==/#=qlsj4Kl0M6SYgZMJLZ$QkSw==::#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
Embedded Resources

2
Suspicious Type Names (1-2 chars)

0
eaf0049a205d98a99a5cbb4e5b76f1d5 (207.36 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙