Suspicious
Suspect

fb638f33f3e2b00632fb57631db18742

PE Executable
|
MD5: fb638f33f3e2b00632fb57631db18742
|
Size: 1.35 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
fb638f33f3e2b00632fb57631db18742
Sha1
8e76d405a5e2c536b418801130ff8c4aeffe6bd0
Sha256
a9db0fa0c7082292a4f2a98f8ffc47e408edac5182f8705c616ea607faffb01a
Sha384
98fbc7796af0b54507f2ae9a614a150987123caf3c0a46ff47353daddfef253987bac818e06adf1697b0299033f957c1
Sha512
2f53679f878a636111ff1ad5231afdd1eb59c9c42f956f7d0e2e3516f4451f7caae8233185d9ce9af518ce197ca0258ecf0e3bc0f12f36e5c74d9e98396bcd2e
SSDeep
24576:Xqa8m5AzevUBFHYd3wrzwVSMje+omaAMo2jSHjvcY5irmdEnaYa/kWJMU9Ynf:XxN5AoUBZY1qfuetZHIjvcY5irmOnaAy
TLSH
585533886F48863EDEA862B52D395F5FBA2B893365CDC79B0D3FC1283EE07556E45100

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
fb638f33f3e2b00632fb57631db18742
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ixtgmvbspyn.Properties.Resources.resources
Arrsvtgd
 ​       
Informations
Name
 Value
Module Name

Menu.exe
Full Name

Menu.exe
EntryPoint

System.Void  ::()
Scope Name

Menu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Menu
Assembly Version

1.0.192.5316
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream>  /:: dup <null> brtrue.s IL_001F: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream>  /:: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) ret <null>
Module Name

Menu.exe
Full Name

Menu.exe
EntryPoint

System.Void  ::()
Scope Name

Menu.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Menu
Assembly Version

1.0.192.5316
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.6
Total Strings

0
Main Method

System.Void  ::()
Main IL Instruction Count

11
Main IL

ldsfld System.Action`1<System.IO.MemoryStream>  /:: dup <null> brtrue.s IL_001F: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) pop <null> ldsfld  /  /:: ldftn System.Void  /::(System.IO.MemoryStream) newobj System.Void System.Action`1<System.IO.MemoryStream>::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Action`1<System.IO.MemoryStream>  /:: call System.Void  ::(System.Action`1<System.IO.MemoryStream>) ret <null>
fb638f33f3e2b00632fb57631db18742 (1.35 MB)
File Structure
fb638f33f3e2b00632fb57631db18742
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ixtgmvbspyn.Properties.Resources.resources
Arrsvtgd
 ​       
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙