Mal-ecule
H(Cm)Md₂(Bi₂Si)
| 0x3fcb | 6e3a310a0a322e31362e3834302e312e | n:1..2.16.840.1. |
| 0x3fdb | 3130312e332e342e322e312d48617368 | 101.3.4.2.1-HashHardcoded external IPv4 address |
| 0x3feb | 3a2f476a4a6e507649 | :/GjJnPvI |
| 0x0 | 4d5a90000300000004000000ffff0000 | MZ..............PE binary has trailing overlay data |
| 0x10 | b8000000000000004000000000000000 | ........@....... |
| 0x20 | 00000000000000000000000000000000 | ................ |
| 0x30 | 000000000000000000000000800000 | ............... |
| 0x239c | 610a0717580b07028e6932f006d22a00 | a...X....i2...*. |
| 0x23ac | 42534a4201000100000000000c000000 | BSJB.............NET Assembly (mscoree.dll) |
| 0x23bc | 76342e30 | v4.0 |
| 0x30bc | 6966666572656e7469616c4461746100 | ifferentialData. |
| 0x30cc | 6d73636f726c696200436f757273654f | mscorlib.CourseOmscorlib reference |
| 0x30dc | 76657247726f756e | verGroun |
| 0x347d | 6572732e4770732e4e6d656130313833 | ers.Gps.Nmea0183 |
| 0x348d | 2e646c6c0053706565644b6d00537065 | .dll.SpeedKm.SpeWindows executable or script file type reference |
| 0x349d | 65644f76 | edOv |
| 0x3605 | 6e64436f6d6d617300636f6d6d617300 | ndCommas.commas. |
| 0x3615 | 53797374656d2e446961676e6f737469 | System.DiagnostiHas code execution capability |
| 0x3625 | 63730053797374656d2e52756e74696d | cs.System.RuntimRuntime interop services |
| 0x3635 | 652e496e7465726f7053657276696365 | e.InteropService |
| 0x3645 | 730053797374656d2e52756e74696d65 | s.System.Runtime |
| 0x3655 | 2e | . |
| 0x399b | 70726572656c6561736500004901001a | prerelease..I... |
| 0x39ab | 2e4e45544672616d65776f726b2c5665 | .NETFramework,Ve.NET Framework reference |
| 0x39bb | 7273696f6e3d76342e380100540e1446 | rsion=v4.8..T..F |
| 0x39cb | 72616d65776f726b4469 | rameworkDi |
| 0x3c4e | 000000000000000000001e0434000000 | ............4... |
| 0x3c5e | 560053005f0056004500520053004900 | V.S._.V.E.R.S.I.PE version resource metadata |
| 0x3c6e | 4f004e005f0049004e0046004f0000 | O.N._.I.N.F.O.. |
| 0x3d2a | 300034006200300000004a0015000100 | 0.4.b.0...J..... |
| 0x3d3a | 43006f006d00700061006e0079004e00 | C.o.m.p.a.n.y.N.PE CompanyName metadata field |
| 0x3d4a | 61006d0065000000000047 | a.m.e.....G |
| 0x3d76 | 4c004c0043000000000080002c000100 | L.L.C.......,... |
| 0x3d86 | 460069006c0065004400650073006300 | F.i.l.e.D.e.s.c.PE FileDescription metadata field |
| 0x3d96 | 720069007000740069006f006e0000 | r.i.p.t.i.o.n.. |
| 0x3df6 | 3000310038003300000036000b000100 | 0.1.8.3...6..... |
| 0x3e06 | 460069006c0065005600650072007300 | F.i.l.e.V.e.r.s.PE FileVersion metadata field |
| 0x3e16 | 69006f006e000000000033 | i.o.n.....3 |
| 0x3e2e | 30003000300000000000800030000100 | 0.0.0.......0... |
| 0x3e3e | 49006e007400650072006e0061006c00 | I.n.t.e.r.n.a.l.PE InternalName metadata field |
| 0x3e4e | 4e0061006d00650000004700 | N.a.m.e...G. |
| 0x3ecc | 70007900720069006700680074000000 | p.y.r.i.g.h.t... |
| 0x3edc | 43006f00700079007200690067006800 | C.o.p.y.r.i.g.h.Copyright notice |
| 0x3eec | 74002000a900200047 | t. ... .G |
Objectives
component severity, 99% confident.
anti-static/obfuscation/payload
PE version resource text
component severity, 90% confident.
anti-static/pack
Reloc section mostly non-relocation bytes
component severity, 95% confident.
command-and-control/backdoor/loader
Staged loader six file archive
component severity, 80% confident.
command-and-control/dropper/delivery
Compact PE import table
component severity, 100% confident.
command-and-control/infrastructure
Binary has 4 or fewer sections
component severity, 95% confident.
evasion/indicator-removal
Regex component marker
component severity, 92% confident.
evasion/process/injection
Regex component marker
component severity, 98% confident.
supply-chain/metadata-anomaly/manifest
NuGet nuspec manifest file
Micro-behaviors
component severity, 90% confident.
communications/proxy
SOCKS5 client greeting bytes
Metadata
notable severity, 100% confident.
signed
Signed by GHI Electronics LLC
baseline severity, 100% confident.
file
Windows DLL extension
baseline severity, 100% confident.
hardening
NO_SEH (SafeSEH not used)
component severity, 95% confident.
binary/anomaly
PE version info numeric fields present
component severity, 90% confident.
binary/metrics
Binary has high overall entropy (packed/encrypted)
component severity, 86% confident.
build
Cargo archive contains Windows native binary
20 of 26 traits shown
Identity
| SHA-256 | fecde4dea1bafa39ec3a236f54cb45e11111f95c067ebdd9dfd1ac6937cd31de |
|---|---|
| Canonical SHA-256 | 13d0bd0f342da1538f773cec35af4d77d24ff67a7f067bbda29ce17ffa606638 |
| Filename | GHIElectronics.TinyCLR.Drivers.Gps.Nmea0183.3.0.0.2000-prerelease.nupkg |
| Package | GHIElectronics.TinyCLR.Drivers.Gps.Nmea0183 |
| Version | 3.0.0.2000-prerelease |
Origin
| Source | harvest |
|---|---|
| Feed | nuget.org |
| Ecosystem | dotnet |
| Domain | nuget.org |
Timeline
| First seen | 11 Jun 2026 22:11 UTC |
|---|---|
| First analyzed | 12 Jun 2026 04:38 UTC |
| Last analyzed | 12 Jun 2026 04:38 UTC |
| Last updated | 12 Jun 2026 04:38 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | harvest |
| Traits version | e31a3 |
Not seeing what you expected? Let us know