Suspicious
Suspect

ff1f2d86af02f9ae97bdd04e818721fe

PE Executable
|
MD5: ff1f2d86af02f9ae97bdd04e818721fe
|
Size: 519.17 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
ff1f2d86af02f9ae97bdd04e818721fe
Sha1
933fc276335dfa3c635bcf4bd45aff0a2f2c6eb2
Sha256
e645f8ae3d43995692c197630e2b9c241d2b9d8dc6d1709a30a7a31c7257a84d
Sha384
6da1d06c6b42c30b0bedccced6197d2f3fb2c4dfe529f573ee785f6b0f7406a8afab9cfc1176219b8e29e84b61c62412
Sha512
7807e3a8c6907f03bae28ac4ca7f0238e3c284c8bf748047eebd993292b97148338a5a513df7aea0db1f8aad9a34df13178f73caa60b41ac8a008342ec44b119
SSDeep
12288:Zj5KfHvnx/ux/GV7vdVotdMx/Qe6nsWLCdr4qwEZ8VgMjgwFBDFAjBLKex/:ZQxWxeVzdyMxZhfrEVRBO99x
TLSH
07B4E09476A89823C9B953F90E71F2311BF62D9EB510E2CA8DD56DDF38DAF004D04A63

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
ff1f2d86af02f9ae97bdd04e818721fe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0.exif
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Pansiyon_kayıt1.FrmAdminGiris.resources
$this.Icon
[NBF]root.IconData
Pansiyon_kayıt1.FrmAnaForm.resources
evet
[NBF]root.Data
timer1.TrayLocation
Pansiyon_kayıt1.FrmGazeteler.resources
Pansiyon_kayıt1.FrmMüzik.resources
axWindowsMediaPlayer1.OcxState
Pansiyon_kayıt1.Properties.Resources.resources
yJYzrA
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\Administrator\Desktop\Client\Temp\RxFeETHPGB\src\obj\Debug\YzPrCY.pdb
Module Name

YzPrCY.exe
Full Name

YzPrCY.exe
EntryPoint

System.Void Pansiyon_kayıt1.Program::Main()
Scope Name

YzPrCY.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

YzPrCY
Assembly Version

4.2.4.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

678
Main Method

System.Void Pansiyon_kayıt1.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Pansiyon_kayıt1.FrmAnaForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

YzPrCY.exe
Full Name

YzPrCY.exe
EntryPoint

System.Void Pansiyon_kayıt1.Program::Main()
Scope Name

YzPrCY.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

YzPrCY
Assembly Version

4.2.4.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

678
Main Method

System.Void Pansiyon_kayıt1.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void Pansiyon_kayıt1.FrmAnaForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
ff1f2d86af02f9ae97bdd04e818721fe (519.17 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙