Suspicious
Suspect

66dac3aa64fe9033b388d60cccd4bbd4

PE Executable
|
MD5: 66dac3aa64fe9033b388d60cccd4bbd4
|
Size: 7.23 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
66dac3aa64fe9033b388d60cccd4bbd4
Sha1
90cb42fe8715d6a78f514b9945114e5ca6f913e6
Sha256
451202f7640bc0ba50330e90b7d4496707f2bedbd851cc8be2a7a38dc91ebc1c
Sha384
0756864b04618a519a8bda75cf7b063504022c0306a60cff08c70c59ef9753d94665e7729f39430da41b4267049ea752
Sha512
1493c4bcbcdd112fb9917ee0a4095b9cd56b15994eec62404da15324d901dbc4f479758dbc9358a1bbbbf75bc0af5c5060b670faf09a13173eeff34bba48613d
SSDeep
196608:Zpo4kbJ8Wbb1TMWj/xonpNIm/8OSzU1Tbe3L:ZrklLbDxopNaOgiTy3L
TLSH
75762334A1A74F44E87657F9412ACB30A7B6AE1DB46DEB0DDDDCB8DB3571B101A80A03

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
66dac3aa64fe9033b388d60cccd4bbd4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
timkiem
untitled
yepc
Informations
Name
 Value
Module Name

KmlB.exe
Full Name

KmlB.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

KmlB.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

KmlB
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

KmlB.exe
Full Name

KmlB.exe
EntryPoint

System.Void QLNS.Program::Main()
Scope Name

KmlB.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

KmlB
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1919
Main Method

System.Void QLNS.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLNS.FrmMain::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

18
Suspicious Type Names (1-2 chars)

0
66dac3aa64fe9033b388d60cccd4bbd4 (7.23 MB)
File Structure
66dac3aa64fe9033b388d60cccd4bbd4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLNS.frmbaocao.resources
QLNS.frmdangki.resources
button1.Image
button2.Image
QLNS.frmbangcong.resources
button15.Image
button9.Image
QLNS.frmbophan.resources
button4.Image
QLNS.frmchedo.resources
button4.Image
QLNS.frmcoban.resources
$this.Icon
button4.Image
QLNS.frmhosothuviec.resources
button4.Image
QLNS.FrmMain.resources
axWindowsMediaPlayer1.OcxState
emn
mainMenu1.TrayLocation
statusStrip1.TrayLocation
toolStrip1.TrayLocation
toolStrip2.TrayLocation
toolStrip3.TrayLocation
toolStripButton2.Image
toolStripButton3.Image
toolStripButton4.Image
toolStripButton5.Image
toolStripButton6.Image
toolStripButton8.Image
QLNS.frmthongtincanhan.resources
$this.Icon
QLNS.frmtrogiup.resources
QLNS.Properties.Resources.resources
anh
button1.Image
button2.Image
button3.Image
button5.Image
button6.Image
button7.Image
button8.Image
timkiem
untitled
yepc
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Embedded Resources

18

66dac3aa64fe9033b388d60cccd4bbd4
Suspicious Type Names (1-2 chars)

0

66dac3aa64fe9033b388d60cccd4bbd4
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙