Suspicious
Suspect

ff6d5147e78b5c900d16f6a2b5e4d382

PE Executable
|
MD5: ff6d5147e78b5c900d16f6a2b5e4d382
|
Size: 551.42 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
ff6d5147e78b5c900d16f6a2b5e4d382
Sha1
4f7cb63d85e80a87cc46a8e3ba83566e8181aec4
Sha256
dbc0e8b108b4e270877bd6bab0e90e45a206065733483d47481bd8f3638a3001
Sha384
b36c184c990494e594f34e603e90b0bf25572b0d769b5b181e21608364a514faae1c098f5173e64c9d0bcef6bd0df102
Sha512
b3a67fb2807e2d5c9f95032ddbc24f87304ddb4e21609869cedab6a479a8d73279b1409369d0c92f92f95ecacd1d1572e8e9740d482f999764be366b7dc0c8ee
SSDeep
12288:gNbrQ6QcE8OGQw0kXIErJYJmH6jBQ+399J4eDdUc:wfROGQ03rJYooBQmzUc
TLSH
57C4DF6322ABF832F5B2D6322862F3F852BC5DB45503831247DB7FA73E260B915056D6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
ff6d5147e78b5c900d16f6a2b5e4d382
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ping_Pong.Form1.resources
$this.Icon
[NBF]root.IconData
nch
[NBF]root.Data
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
timer1.TrayLocation
ListingMatcher.Properties.Resources.resources
vBrJ
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: lvtj.pdb
Module Name

lvtj.exe
Full Name

lvtj.exe
EntryPoint

System.Void ListingMatcher.Program::Main()
Scope Name

lvtj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

lvtj
Assembly Version

1.8.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

58
Main Method

System.Void ListingMatcher.Program::Main()
Main IL Instruction Count

22
Main IL

nop <null> newobj System.Void Ping_Pong.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ldstr products.txt call System.Collections.Generic.List`1<ListingMatcher.Product> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Product>(System.String) stloc.0 <null> ldstr listings.txt call System.Collections.Generic.List`1<ListingMatcher.Listing> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Listing>(System.String) stloc.1 <null> ldloc.0 <null> ldloc.1 <null> call System.Collections.Generic.List`1<ListingMatcher.Result> ListingMatcher.Matcher::FindProductToListingMatching(System.Collections.Generic.List`1<ListingMatcher.Product>,System.Collections.Generic.List`1<ListingMatcher.Listing>) stloc.2 <null> ldloc.2 <null> call System.String[] ListingMatcher.JsonIO::JsonSerialize<ListingMatcher.Result>(System.Collections.Generic.List`1<ListingMatcher.Result>) stloc.3 <null> ldstr results.txt ldloc.3 <null> call System.Void System.IO.File::WriteAllLines(System.String,System.String[]) nop <null> ret <null>
Module Name

lvtj.exe
Full Name

lvtj.exe
EntryPoint

System.Void ListingMatcher.Program::Main()
Scope Name

lvtj.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

lvtj
Assembly Version

1.8.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

58
Main Method

System.Void ListingMatcher.Program::Main()
Main IL Instruction Count

22
Main IL

nop <null> newobj System.Void Ping_Pong.Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ldstr products.txt call System.Collections.Generic.List`1<ListingMatcher.Product> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Product>(System.String) stloc.0 <null> ldstr listings.txt call System.Collections.Generic.List`1<ListingMatcher.Listing> ListingMatcher.JsonIO::JsonDeserialize<ListingMatcher.Listing>(System.String) stloc.1 <null> ldloc.0 <null> ldloc.1 <null> call System.Collections.Generic.List`1<ListingMatcher.Result> ListingMatcher.Matcher::FindProductToListingMatching(System.Collections.Generic.List`1<ListingMatcher.Product>,System.Collections.Generic.List`1<ListingMatcher.Listing>) stloc.2 <null> ldloc.2 <null> call System.String[] ListingMatcher.JsonIO::JsonSerialize<ListingMatcher.Result>(System.Collections.Generic.List`1<ListingMatcher.Result>) stloc.3 <null> ldstr results.txt ldloc.3 <null> call System.Void System.IO.File::WriteAllLines(System.String,System.String[]) nop <null> ret <null>
ff6d5147e78b5c900d16f6a2b5e4d382 (551.42 KB)
File Structure
ff6d5147e78b5c900d16f6a2b5e4d382
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Ping_Pong.Form1.resources
$this.Icon
[NBF]root.IconData
nch
[NBF]root.Data
pictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
timer1.TrayLocation
ListingMatcher.Properties.Resources.resources
vBrJ
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙