Suspicious
Suspect

09c25b2ddb8d1b7b8d67fba2c8c9a76b

PE Executable
|
MD5: 09c25b2ddb8d1b7b8d67fba2c8c9a76b
|
Size: 1.22 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
09c25b2ddb8d1b7b8d67fba2c8c9a76b
Sha1
0f5a4957a9574b4ddeb507589af6da5149e58005
Sha256
49ca026d8d0b9af34ff8daeca673475a84d249fba5c6a8204b8f9a15c0145820
Sha384
bbb90af26e172fecfa62fc771794fd06826f9180a9e341bb4480fd4674e7635c3f96f9a8dd1a2ee3f915c228513d0863
Sha512
d003fd7a2415ce6d9674f3560e141d885f856809b67948cb7fbc7675afcc9682fcef68fe1ca5796c535ab1f19cd852113d6c63898d2de1b21d147aaa0772d700
SSDeep
24576:1EOpxLJg3LJdnXgSvRukriMcGrON6uvHA:+0o3LJdnXgSvkkriFGypvg
TLSH
3945E00072B84F4AE47A47F80166D63083F65E5D657EE7098EEEBCEB7960B011B94B13

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
09c25b2ddb8d1b7b8d67fba2c8c9a76b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
llVn
timkiem
untitled
Informations
Name
 Value
Module Name

xjff.exe
Full Name

xjff.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

xjff.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

xjff
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

xjff.exe
Full Name

xjff.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

xjff.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

xjff
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

18
Suspicious Type Names (1-2 chars)

0
09c25b2ddb8d1b7b8d67fba2c8c9a76b (1.22 MB)
File Structure
09c25b2ddb8d1b7b8d67fba2c8c9a76b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
llVn
timkiem
untitled
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

18

09c25b2ddb8d1b7b8d67fba2c8c9a76b
Suspicious Type Names (1-2 chars)

0

09c25b2ddb8d1b7b8d67fba2c8c9a76b
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙