Suspicious
Suspect

01903662acbbbed78141c1bbfd44e273

PE Executable
|
MD5: 01903662acbbbed78141c1bbfd44e273
|
Size: 753.66 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
01903662acbbbed78141c1bbfd44e273
Sha1
83ab343f3fe43f8e6ce8c620b846a9cdbb38336e
Sha256
24756c0e13f3650f2d0c082d6938a9228eeb5befb6af1b02bd278e07b8488ea4
Sha384
d5374205a384cb1ad6059f06c919b9a44cfb128bec92e9315e23b8e2474e7bac66714bcad2b262989d4d3c87d19544de
Sha512
5aa7ef76a8393f499a7282bd475e411879926c653da5016bfb72c043affe70347743104b5e257f226ef18e6a328c44c1852a935829e2dffcc6b51ab69049224d
SSDeep
12288:Prdd7Ux31WPIFZQNwjk6LJOuS5P61U23vyW7UkXVkL:Prf721WAF11Sd69vt7L
TLSH
AAF4DF1036645F16E97A8BF64011D13213F89E9DB56EE61A5FC1BCDF387AF802890E27

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
01903662acbbbed78141c1bbfd44e273
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLDTDD_FPT.AM_Edit.resources
QLDTDD_FPT.Login.resources
$this.Icon
QLDTDD_FPT.Mainform.resources
DF
menuStrip1.TrayLocation
QLDTDD_FPT.Properties.Resources.resources
YrRI
Informations
Name
 Value
Module Name

joed.exe
Full Name

joed.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

joed.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

joed
Assembly Version

5.2.1024.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

998
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

joed.exe
Full Name

joed.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

joed.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

joed
Assembly Version

5.2.1024.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

998
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

18
Suspicious Type Names (1-2 chars)

0
01903662acbbbed78141c1bbfd44e273 (753.66 KB)
File Structure
01903662acbbbed78141c1bbfd44e273
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLDTDD_FPT.AM_Edit.resources
QLDTDD_FPT.Login.resources
$this.Icon
QLDTDD_FPT.Mainform.resources
DF
menuStrip1.TrayLocation
QLDTDD_FPT.Properties.Resources.resources
YrRI
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

18

01903662acbbbed78141c1bbfd44e273
Suspicious Type Names (1-2 chars)

0

01903662acbbbed78141c1bbfd44e273
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙