Suspect
feb1af2e50b59bd1becdd48e0eb2f860
PE Executable | MD5: feb1af2e50b59bd1becdd48e0eb2f860 | Size: 855.04 KB | application/x-dosexec
PE Executable
MD5: feb1af2e50b59bd1becdd48e0eb2f860
Size: 855.04 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | feb1af2e50b59bd1becdd48e0eb2f860
|
| Sha1 | ed218270a49c59a97d7eba7b32c77145a5473b08
|
| Sha256 | fb6d4ce94013385b31b30ec1ab8f1a6b2c34252a13062f880eae47b2b5cfc4e7
|
| Sha384 | c7b7a7f4128934edc652f9ef29a899c298264406fc7618506fb8455b0291531e665680b811af0d45f124c5a11d4b7e70
|
| Sha512 | ece7b788ae5b681d532c20a313968e69e34b975e04531a4d319eeb048e4b4f9d20c3f99111b7ac51c8a58154bb2ef457375509b65b0b8ef044f7604dd6e349d8
|
| SSDeep | 24576:5xM5ZSDWRSC1p46rn4YUFs4Yej/qSJJSHw:5C5gCT1p/hJ4Yej/qqUw
|
| TLSH | 4405E1483359DE01C9A65FF45DB0D3B407B85D98A422E3178EFA7EEBBA3871169043D2
|
File Structure
feb1af2e50b59bd1becdd48e0eb2f860
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
MRI_Simulator.Form1.resources
MRI_Simulator.Properties.Resources.resources
bYlo
[NBF]root.Data
[NBF]root.Data-preview.png
finn
[NBF]root.Data
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | hOBS.exe |
| Full Name | hOBS.exe |
| EntryPoint | System.Void MRI_Simulator.Program::Main() |
| Scope Name | hOBS.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | hOBS |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5 |
| Total Strings | 390 |
| Main Method | System.Void MRI_Simulator.Program::Main() |
| Main IL Instruction Count | 10 |
| Main IL | nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void MRI_Simulator.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null> |
feb1af2e50b59bd1becdd48e0eb2f860 (855.04 KB)
File Structure
feb1af2e50b59bd1becdd48e0eb2f860
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
MRI_Simulator.Form1.resources
MRI_Simulator.Properties.Resources.resources
bYlo
[NBF]root.Data
[NBF]root.Data-preview.png
finn
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.