Suspicious
Suspect

130885914105ffcc7be507d9c2db1808

PE Executable
|
MD5: 130885914105ffcc7be507d9c2db1808
|
Size: 800.77 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
130885914105ffcc7be507d9c2db1808
Sha1
c3581ebf4876b7cd903843d1f4df759069c3df63
Sha256
f8c1683dbfc0d40b23f720566b527ea31d96a1e24e605805c1d4646af7fde61c
Sha384
b611a7414504fbada49a9ed2d98c99bb67b2e628992697aac1249a070f2ff8d0129d24b9ecaef607f3e249df13681007
Sha512
4bd9a28fb6141fd3d06e667786d5e85ac7afa24a7fa0f2a91c90c2712afaec9a407cdb39230340fa7f7573aebec59ff8bf55dcef60360647cba7922ed0bee3aa
SSDeep
12288:vvYwd7GASYfVsFlEIU+pN6vu+ob79bXLzqIrggCO9d+zOUiTv:vRd7OpxnRaIrxC2EzmTv
TLSH
BB05AE00B2744F4AE47A47F90126D73097F65E6DB47EE7098DE9BCEB7961B012A80B13

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
130885914105ffcc7be507d9c2db1808
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
LayL
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
timkiem
untitled
Informations
Name
 Value
Module Name

bvVz.exe
Full Name

bvVz.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

bvVz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

bvVz
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

bvVz.exe
Full Name

bvVz.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

bvVz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

bvVz
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

18
Suspicious Type Names (1-2 chars)

0
130885914105ffcc7be507d9c2db1808 (800.77 KB)
File Structure
130885914105ffcc7be507d9c2db1808
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
LayL
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
timkiem
untitled
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

18

130885914105ffcc7be507d9c2db1808
Suspicious Type Names (1-2 chars)

0

130885914105ffcc7be507d9c2db1808
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙