Suspicious
Suspect

f4d39526066eea25288d9b2ea8d3515f

PE Executable
|
MD5: f4d39526066eea25288d9b2ea8d3515f
|
Size: 98.3 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
f4d39526066eea25288d9b2ea8d3515f
Sha1
e2fcc46427317b77cdcd1066467ec58a3e3b979f
Sha256
f340b73cc89e25e6726a019b3e79c0b491b69b0c54ae3f02ba062879c48253df
Sha384
f732e5b7b93f3edc1cd743bbc983aac79154663f055a429c52e9b554230d1f7b6dc6835387e7cf2d5c459c068f5a6b20
Sha512
768caeb5b397a43bb3c3a99eed6ccc8d0f1423d11a49fc523c94c7e70f3d092ad7ede849c4631b23051d370feee92dadd93b11fe8a3a9fe3f9738ab27b06f0d3
SSDeep
1536:1p6Xnq7RQXwiBdO9Ww9CDjrzs8K5vvnb8NC5LFxlE76WaqkSZZZ3gZzpb6:T6X9EcES48oHnboC55xlo6WEUcb6
TLSH
BDA36B29378A9FF2C98C487D54F727901B70DC27E283F3075989367A9DB13A6462294F

PeID

.NET SmartAssemby Obfuscator 6.0 (chars) sign ASL
Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
File Structure
f4d39526066eea25288d9b2ea8d3515f
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
testpowershell.Form1.resources
{490d53b7-88b9-4f19-8136-194d6f841f26}
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

testpowershell.exe
Full Name

testpowershell.exe
EntryPoint

System.Void testpowershell.sha::Main()
Scope Name

testpowershell.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

testpowershell
Assembly Version

5.0.4.12
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

8
Main Method

System.Void testpowershell.sha::Main()
Main IL Instruction Count

39
Main IL

ldc.i4.0 <null> brtrue.s IL_0025: nop nop <null> ldsfld  :: ldc.i4.7 <null> br.s IL_0035: call System.String ::Invoke(System.Environment/SpecialFolder) ldc.i4.7 <null> brtrue.s IL_003C: stloc.0 pop <null> ldsfld  ::Ž ldc.i4.0 <null> br.s IL_003F: call System.Void ::Invoke(System.Boolean) ldc.i4.0 <null> brtrue.s IL_0034: ret nop <null> ldsfld  :: br.s IL_0046: newobj System.Void testpowershell.Form1::.ctor() br.s IL_004D: call System.Void ::Invoke(System.Windows.Forms.Form) nop <null> ldc.i4.0 <null> brtrue.s IL_0025: nop ldc.i4.0 <null> brtrue.s IL_0025: nop ldsfld  :: br.s IL_0054: call System.Void ::Invoke() nop <null> ret <null> call System.String ::Invoke(System.Environment/SpecialFolder) br.s IL_000C: ldc.i4.7 stloc.0 <null> br.s IL_0010: ldsfld  ::Ž call System.Void ::Invoke(System.Boolean) br.s IL_0018: ldc.i4.0 newobj System.Void testpowershell.Form1::.ctor() br.s IL_0023: br.s IL_004D call System.Void ::Invoke(System.Windows.Forms.Form) br.s IL_0025: nop call System.Void ::Invoke() br.s IL_0033: nop
f4d39526066eea25288d9b2ea8d3515f (98.3 KB)
File Structure
f4d39526066eea25288d9b2ea8d3515f
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
testpowershell.Form1.resources
{490d53b7-88b9-4f19-8136-194d6f841f26}
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙