Suspicious
Suspect

f8cba2f2ef9a99c35d72786583cc641d

PE Executable
|
MD5: f8cba2f2ef9a99c35d72786583cc641d
|
Size: 366.59 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
f8cba2f2ef9a99c35d72786583cc641d
Sha1
f8b828c6ba7f6342b5d92ac53ac2fa43be8519b1
Sha256
421d3f629a4a48bd6650d4b95a6755caba05197c35e698a9bec408eff3ccff3f
Sha384
4a4b099ab10b6ce458484f82a1a30d8d7296b67cc18ee2cadff9c380040ad222646d9f9759e31537ec2f9c00b53f192e
Sha512
3482be9ae1623509a603e04316fd3195fbd0cbe099358cb952daae415a6de890e3545350a0a003d48f933c82009d3b845a26ff723847962c367ec6569da3660c
SSDeep
6144:WUeDP0CDOBIZHctcojDuUlALNM+ytmjEIop0F3lY9:WaCPZHcieDuUlY3yybop0FW
TLSH
ED743A241B99C617E1BE1B79E0F233658B34F832A55BE74F194136FA2E12340AD4727B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f8cba2f2ef9a99c35d72786583cc641d
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

SCAN COPY 202507 DOCUMENT_pdf.exe
Full Name

SCAN COPY 202507 DOCUMENT_pdf.exe
EntryPoint

System.Void Gurxaofs.Nsiitloveun::Main()
Scope Name

SCAN COPY 202507 DOCUMENT_pdf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SCAN COPY 202507 DOCUMENT_pdf
Assembly Version

1.0.6570.13605
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1144
Main Method

System.Void Gurxaofs.Nsiitloveun::Main()
Main IL Instruction Count

14
Main IL

call System.Byte[] Gurxaofs.Oukbkxuufvs::Aagqsf() stloc.0 <null> newobj System.Void Gurxaofs.Maqkcl::.ctor() ldloc.0 <null> call System.Reflection.Assembly Gurxaofs.Maqkcl::Yyapd(System.Byte[]) stloc.1 <null> newobj System.Void Gurxaofs.Rrgdawhgkba::.ctor() ldloc.1 <null> call System.Type Gurxaofs.Rrgdawhgkba::Qsqdfw(System.Reflection.Assembly) stloc.2 <null> newobj System.Void Gurxaofs.Cefoxwoh::.ctor() ldloc.2 <null> call System.Void Gurxaofs.Cefoxwoh::Wnfxqnvepwy(System.Type) ret <null>
Module Name

SCAN COPY 202507 DOCUMENT_pdf.exe
Full Name

SCAN COPY 202507 DOCUMENT_pdf.exe
EntryPoint

System.Void Gurxaofs.Nsiitloveun::Main()
Scope Name

SCAN COPY 202507 DOCUMENT_pdf.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SCAN COPY 202507 DOCUMENT_pdf
Assembly Version

1.0.6570.13605
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

1144
Main Method

System.Void Gurxaofs.Nsiitloveun::Main()
Main IL Instruction Count

14
Main IL

call System.Byte[] Gurxaofs.Oukbkxuufvs::Aagqsf() stloc.0 <null> newobj System.Void Gurxaofs.Maqkcl::.ctor() ldloc.0 <null> call System.Reflection.Assembly Gurxaofs.Maqkcl::Yyapd(System.Byte[]) stloc.1 <null> newobj System.Void Gurxaofs.Rrgdawhgkba::.ctor() ldloc.1 <null> call System.Type Gurxaofs.Rrgdawhgkba::Qsqdfw(System.Reflection.Assembly) stloc.2 <null> newobj System.Void Gurxaofs.Cefoxwoh::.ctor() ldloc.2 <null> call System.Void Gurxaofs.Cefoxwoh::Wnfxqnvepwy(System.Type) ret <null>
Artefacts
Name
 Value
Embedded Resources

7
Suspicious Type Names (1-2 chars)

0
f8cba2f2ef9a99c35d72786583cc641d (366.59 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙