Suspicious
Suspect

fadaffa6df2ff263fc0b1e36cec258ee

PE Executable
|
MD5: fadaffa6df2ff263fc0b1e36cec258ee
|
Size: 1.01 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
fadaffa6df2ff263fc0b1e36cec258ee
Sha1
bc2260698772f42d63b421ed284212e454066f9a
Sha256
9589cd6ddb6b20b15ef6b527a417b2c964dddcd3d79d38d7dbb40aec1c91d431
Sha384
1f9914e78a6cbfa86e9642cc16ad6d88072fbb1b1f2618a692b943f908139413c4c78f020296c91ec4a98a8d77d5ca95
Sha512
454cf2f8cfb22885808fc30e5d5fa41799f2245390c095bda8858646e08b0db562c1257fff3dbb43829423f64372d6d038515e983b182aa6ecf2d2bbc7f54e09
SSDeep
24576:Q33WLgDiO6bjN/zcC+AFvoNSS8qn97kQCtK7:U3WLgDiT/o4voNS897kQCtc
TLSH
7A25E01073529E63C4798AF50A23D27197F64E0F6039D2DA9CE6BCFBB5F5B442820993

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
fadaffa6df2ff263fc0b1e36cec258ee
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
PharmacyProject.FrmDoktorHastaEkle.resources
button2.BackgroundImage
[NBF]root.Data
[NBF]root.Data-preview.png
PharmacyProject.FrmDoktorRecete.resources
PharmacyProject.FrmEczaneGiris.resources
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PharmacyProject.FrmEczaneAna.resources
btnLogin.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button10.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button5.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
button9.Image
[NBF]root.Data
[NBF]root.Data-preview.png
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PharmacyProject.FrmEczaneRecete.resources
$this.Icon
[NBF]root.IconData
PharmacyProject.Properties.Resources.resources
jYZU
[NBF]root.Data
[NBF]root.Data-preview.png
nsh
[NBF]root.Data
Informations
Name
 Value
Module Name

JjCr.exe
Full Name

JjCr.exe
EntryPoint

System.Void PharmacyProject.Program::Main()
Scope Name

JjCr.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JjCr
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1139
Main Method

System.Void PharmacyProject.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void PharmacyProject.FrmAnaGiris::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

JjCr.exe
Full Name

JjCr.exe
EntryPoint

System.Void PharmacyProject.Program::Main()
Scope Name

JjCr.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

JjCr
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1139
Main Method

System.Void PharmacyProject.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void PharmacyProject.FrmAnaGiris::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

JjCr.pdb
Embedded Resources

27
Suspicious Type Names (1-2 chars)

0
fadaffa6df2ff263fc0b1e36cec258ee (1.01 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙