Suspicious
Suspect

130885914105ffcc7be507d9c2db1808

PE Executable
|
MD5: 130885914105ffcc7be507d9c2db1808
|
Size: 800.77 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
130885914105ffcc7be507d9c2db1808
Sha1
c3581ebf4876b7cd903843d1f4df759069c3df63
Sha256
f8c1683dbfc0d40b23f720566b527ea31d96a1e24e605805c1d4646af7fde61c
Sha384
b611a7414504fbada49a9ed2d98c99bb67b2e628992697aac1249a070f2ff8d0129d24b9ecaef607f3e249df13681007
Sha512
4bd9a28fb6141fd3d06e667786d5e85ac7afa24a7fa0f2a91c90c2712afaec9a407cdb39230340fa7f7573aebec59ff8bf55dcef60360647cba7922ed0bee3aa
SSDeep
12288:vvYwd7GASYfVsFlEIU+pN6vu+ob79bXLzqIrggCO9d+zOUiTv:vRd7OpxnRaIrxC2EzmTv
TLSH
BB05AE00B2744F4AE47A47F90126D73097F65E6DB47EE7098DE9BCEB7961B012A80B13

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
130885914105ffcc7be507d9c2db1808
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
LayL
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
timkiem
untitled
Informations
Name
 Value
Module Name

bvVz.exe
Full Name

bvVz.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

bvVz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

bvVz
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

bvVz.exe
Full Name

bvVz.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

bvVz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

bvVz
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

18
Suspicious Type Names (1-2 chars)

0
130885914105ffcc7be507d9c2db1808 (800.77 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙