Suspicious
Suspect

b770eebc8414ca8cd86baec766890dd3

PE Executable
|
MD5: b770eebc8414ca8cd86baec766890dd3
|
Size: 1.08 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
b770eebc8414ca8cd86baec766890dd3
Sha1
1107790137d196e095dbf26e00236d2aafc2625b
Sha256
60682c9e70f15ee5e31dc5c054417386098c475be469994ea54b5c56847d4aaf
Sha384
9cd16369d10cf006e36863c4dbbd7f95094028afac9956f2ff895020945c45758e37b5d9c3802912295e3d6c05add8e4
Sha512
618212ea40bad7480d588649c36b48bfdc6bffaa39d7f389e093c9df8787fd5715ecc9f4929f3457dd6c44a66906292ed75e80dc49557e5e52c01f963683e05b
SSDeep
24576:gnhzxbBsvnqElwXT6oy/z9T9qm4sLPG93vvJWUmc5xd:Elsv1lweMm1i3Zlnt
TLSH
7435DF3036AE9923D9A496F04160E03537B72EDF2429E9DA4ED67CDB3CE0BC11B94917

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
UPolyX 0.3 -> delikon
File Structure
b770eebc8414ca8cd86baec766890dd3
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLDTDD_FPT.AM_Edit.resources
QLDTDD_FPT.Properties.Resources.resources
tBqb
[NBF]root.Data
[NBF]root.Data-preview.png
QLDTDD_FPT.StaffManagementForm.resources
$this.Icon
[NBF]root.IconData
kc
[NBF]root.Data
Informations
Name
 Value
Module Name

giVC.exe
Full Name

giVC.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

giVC.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

giVC
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

975
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

giVC.exe
Full Name

giVC.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

giVC.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

giVC
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

975
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

giVC.pdb
b770eebc8414ca8cd86baec766890dd3 (1.08 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙