General
Structural Analysis
Config.0
Yara Rules30
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | f4cde3214e8bbeda958685706ba2fe88
|
| Sha1 | 941abf06eea943eea75fdf52e2babb984972f15f
|
| Sha256 | 650fb8c1fe8462ddaee07df5613b4832965b8d029846255d46d131c251616823
|
| Sha384 | 41facb5109065fd0e43bebc8405bcc8b8ea01884b3c04f967c45f592d8def65bd42625a58e63238f48c6a7635b934970
|
| Sha512 | 66c9bc48d77a5a8da7585811b7ebc92fbfa78ec00b2ba0766e79c36ae266d1f86dd657b05900d6ab5ee9212c58e89623d01cd7cf4da222afce604b3ec0efb5a0
|
| SSDeep | 12288:/2y6VlZzuN2kx0A5ohanZ3R3JzOVCFnFeMFGxm8BSRx9ftucM4pfqC9T/kR:uyYZzrFAcapR5zmCFnFxtgKhucM4JW
|
| TLSH | F8157BF037689A07C5A6DAF30623CA7047B5EEC55612D2DADDE1FADF34B8B005A14227
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f4cde3214e8bbeda958685706ba2fe88
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
HospitalMS.LoginForm.resources
$this.Icon
[NBF]root.IconData
ml
[NBF]root.Data
HospitalMS.CustomMessageBox2.resources
$this.Icon
[NBF]root.IconData
pictureClose.Image
[NBF]root.Data
[NBF]root.Data-preview.png
pictureQuantityBackground.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HospitalMS.DisplayReportsForm.resources
HospitalMS.DisplayBillsForm.resources
HospitalMS.AddBillForm.resources
HospitalMS.AddReportForm.resources
HospitalMS.AppointmentForm.resources
HospitalMS.ClinicForm.resources
HospitalMS.HomeForm.resources
btnAppointment.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnBill.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnChangeNID.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnChangePassword.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnClinic.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnHome.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnLogout.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnMedicine.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnPatients.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnReports.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnShowReports.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnShowRooms.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picAsk.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picClose.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
picFacebook.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picInstagram.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picLogo.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picMinimize.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
picSettings.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
picTwitter.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HospitalMS.PatientsForm.resources
HospitalMS.Properties.Resources.resources
ZZlZ
[NBF]root.Data
[NBF]root.Data-preview.png
calendarDark
[NBF]root.Data
[NBF]root.Data-preview.png
calendarWhite
[NBF]root.Data
[NBF]root.Data-preview.png
HospitalMS.Forms.UserDataForm.resources
HospitalMS.RegisterForm.resources
pictureFirstnameIcon.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
pictureLastnameIcon.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
HospitalMS.ChangePasswordForm.resources
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
picturePasswordIcon.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
HospitalMS.CrystalReports.BillReport.rpt
Root Entry
Contents
QESession
ReportInfo
SummaryInformation
TotallerStream 212l
DataSourceManager 211l
SavedRecordsStream 213l
AnalysisGridsStream 215l
FormulaRecordsStream 214l
ReportParametersStream 0l
CrystalReportDesignerStream
HospitalMS.CrystalReports.ReportData.rpt
Root Entry
Contents
QESession
PromptManager
TotallerStream 38l
SummaryInformation
DataSourceManager 37l
SavedRecordsStream 39l
AnalysisGridsStream 40l
ReportParametersStream 0l
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Authenticode present at 0xE6000 size 13832 bytes |
| Info | PDB Path: ? |
| Module Name | SPYi.exe |
| Full Name | SPYi.exe |
| EntryPoint | System.Void HospitalMS.Program::Main() |
| Scope Name | SPYi.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | SPYi |
| Assembly Version | 15.7.3.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 1070 |
| Main Method | System.Void HospitalMS.Program::Main() |
| Main IL Instruction Count | 6 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void HospitalMS.LoginForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | SPYi.exe |
| Full Name | SPYi.exe |
| EntryPoint | System.Void HospitalMS.Program::Main() |
| Scope Name | SPYi.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | SPYi |
| Assembly Version | 15.7.3.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 1070 |
| Main Method | System.Void HospitalMS.Program::Main() |
| Main IL Instruction Count | 6 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void HospitalMS.LoginForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
f4cde3214e8bbeda958685706ba2fe88 (955.91 KB)
File Structure
f4cde3214e8bbeda958685706ba2fe88
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
HospitalMS.LoginForm.resources
$this.Icon
[NBF]root.IconData
ml
[NBF]root.Data
HospitalMS.CustomMessageBox2.resources
$this.Icon
[NBF]root.IconData
pictureClose.Image
[NBF]root.Data
[NBF]root.Data-preview.png
pictureQuantityBackground.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HospitalMS.DisplayReportsForm.resources
HospitalMS.DisplayBillsForm.resources
HospitalMS.AddBillForm.resources
HospitalMS.AddReportForm.resources
HospitalMS.AppointmentForm.resources
HospitalMS.ClinicForm.resources
HospitalMS.HomeForm.resources
btnAppointment.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnBill.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnChangeNID.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnChangePassword.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnClinic.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnHome.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnLogout.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnMedicine.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnPatients.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnReports.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnShowReports.Image
[NBF]root.Data
[NBF]root.Data-preview.png
btnShowRooms.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picAsk.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picClose.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
picFacebook.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picInstagram.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picLogo.Image
[NBF]root.Data
[NBF]root.Data-preview.png
picMinimize.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
picSettings.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
picTwitter.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HospitalMS.PatientsForm.resources
HospitalMS.Properties.Resources.resources
ZZlZ
[NBF]root.Data
[NBF]root.Data-preview.png
calendarDark
[NBF]root.Data
[NBF]root.Data-preview.png
calendarWhite
[NBF]root.Data
[NBF]root.Data-preview.png
HospitalMS.Forms.UserDataForm.resources
HospitalMS.RegisterForm.resources
pictureFirstnameIcon.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
pictureLastnameIcon.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
HospitalMS.ChangePasswordForm.resources
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
picturePasswordIcon.Image
[NBF]root.Data
[NBF]root.Data.exif
[NBF]root.Data-preview.png
HospitalMS.CrystalReports.BillReport.rpt
Root Entry
Contents
QESession
ReportInfo
SummaryInformation
TotallerStream 212l
DataSourceManager 211l
SavedRecordsStream 213l
AnalysisGridsStream 215l
FormulaRecordsStream 214l
ReportParametersStream 0l
CrystalReportDesignerStream
HospitalMS.CrystalReports.ReportData.rpt
Root Entry
Contents
QESession
PromptManager
TotallerStream 38l
SummaryInformation
DataSourceManager 37l
SavedRecordsStream 39l
AnalysisGridsStream 40l
ReportParametersStream 0l
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.