Suspicious
Suspect

f74f3f6b49690cfb9ab7aff6222d3849

PE Executable
|
MD5: f74f3f6b49690cfb9ab7aff6222d3849
|
Size: 112.25 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
f74f3f6b49690cfb9ab7aff6222d3849
Sha1
bfff9668119ed34c9a73a1b53fabdf48b5cd1dae
Sha256
24a8da093779cbbb0d5dbbaf6f1a4873ae22202aa5047912a753a29885f52204
Sha384
5babad797cbc3b39b213f5a98e8268237cdbdc1f46e31903f7c4f4e3b60e8b0fa1fa37b028abcb657c494993d8bd7eda
Sha512
c94bdf92c9d5c03ac77fe49561ac06899a905b70d3dcd1c81d6a7d94aad55d3bf9bd9bfbdc66c32f5f27485f80c6d2aa25383d934df927c196a13ae04da7860c
SSDeep
1536:KhmNLk8u2qHlllllllOdQlwEn+glllllllllllllllllll5xw5lasiJ/mH:2qtYwiVxw5las2/Y
TLSH
11B30F82C15811D9ED1A1F7AA4365815216B7F6EFD7C686F6A2DB4620F332C3007AD2F

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f74f3f6b49690cfb9ab7aff6222d3849
[Authenticode]_c3e86401.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0x18800 size 11896 bytes
Module Name

Nqhnzjogq.exe
Full Name

Nqhnzjogq.exe
EntryPoint

System.Void Vchlepjkppe.Ouavnrheyid::Main()
Scope Name

Nqhnzjogq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nqhnzjogq
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

5
Main Method

System.Void Vchlepjkppe.Ouavnrheyid::Main()
Main IL Instruction Count

11
Main IL

newobj System.Void Vchlepjkppe.Ijdruwokay::.ctor() call System.Byte[] Vchlepjkppe.Ijdruwokay::Xwwqouhfs() stloc.0 <null> newobj System.Void Vchlepjkppe.Qnqdpdn::.ctor() ldloc.0 <null> call System.Byte[] Vchlepjkppe.Qnqdpdn::Qezhjhzgx(System.Byte[]) stloc.1 <null> newobj System.Void Vchlepjkppe.Kqdknrwno::.ctor() ldloc.1 <null> call System.Void Vchlepjkppe.Kqdknrwno::Tatjtr(System.Byte[]) ret <null>
Module Name

Nqhnzjogq.exe
Full Name

Nqhnzjogq.exe
EntryPoint

System.Void Vchlepjkppe.Ouavnrheyid::Main()
Scope Name

Nqhnzjogq.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Nqhnzjogq
Assembly Version

5.5.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

5
Main Method

System.Void Vchlepjkppe.Ouavnrheyid::Main()
Main IL Instruction Count

11
Main IL

newobj System.Void Vchlepjkppe.Ijdruwokay::.ctor() call System.Byte[] Vchlepjkppe.Ijdruwokay::Xwwqouhfs() stloc.0 <null> newobj System.Void Vchlepjkppe.Qnqdpdn::.ctor() ldloc.0 <null> call System.Byte[] Vchlepjkppe.Qnqdpdn::Qezhjhzgx(System.Byte[]) stloc.1 <null> newobj System.Void Vchlepjkppe.Kqdknrwno::.ctor() ldloc.1 <null> call System.Void Vchlepjkppe.Kqdknrwno::Tatjtr(System.Byte[]) ret <null>
f74f3f6b49690cfb9ab7aff6222d3849 (112.25 KB)
File Structure
f74f3f6b49690cfb9ab7aff6222d3849
[Authenticode]_c3e86401.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙