Suspicious
Suspect

8bfacc8b51c1e1307dca389a9046e56f

PE Executable
|
MD5: 8bfacc8b51c1e1307dca389a9046e56f
|
Size: 870.4 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
8bfacc8b51c1e1307dca389a9046e56f
Sha1
9501c28c6593ab6f1c6c47d6a1ed74f9d583672a
Sha256
7172038f14cef204db7a82ed54e724d9c6a83bd7f9a3e6fd21a8e501a95ab0cd
Sha384
1797853ee0188500e712b50761959da3aa617194ca516a043000dd6b9ec4a5b98b0f2ec31e1228cdf08ce4e6870c8dc0
Sha512
7a4d52be12f299249cf32a8f25b041c380aea923d81c9b837353ac7f52059d0e8c19564d5183b337d119292b8e76c46b3f6d6bdb73ac2ba79c3f364318488957
SSDeep
12288:AW0d7Ux3PENo+ggvx4ZdnTU+LaMdi5zCfWfbHapZAxzmDDtsCSNy8FBAqyYcVV:AW872UJgg6ZdnQ+LcfzazAxmD+fju
TLSH
6105E01026604F27EA7697F24510D03203B85EAD69ADE2156FC2BDDF3CB9F906990F1B

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
8bfacc8b51c1e1307dca389a9046e56f
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLDTDD_FPT.AM_Edit.resources
QLDTDD_FPT.Login.resources
$this.Icon
QLDTDD_FPT.Mainform.resources
DF
menuStrip1.TrayLocation
QLDTDD_FPT.Properties.Resources.resources
Ksbo
Informations
Name
 Value
Module Name

XKWp.exe
Full Name

XKWp.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

XKWp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XKWp
Assembly Version

5.2.1024.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

998
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

XKWp.exe
Full Name

XKWp.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

XKWp.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XKWp
Assembly Version

5.2.1024.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

998
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Artefacts
Name
 Value
Embedded Resources

18
Suspicious Type Names (1-2 chars)

0
8bfacc8b51c1e1307dca389a9046e56f (870.4 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙