Suspicious
Suspect

bff892d16f1bf32529be8d5452226f06

PE Executable
|
MD5: bff892d16f1bf32529be8d5452226f06
|
Size: 860.68 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
bff892d16f1bf32529be8d5452226f06
Sha1
a940d26c9313fa5c61e30160bb21ca64c8635473
Sha256
ab560f8779a244097805aae7b6c95eecd6de7909c9ca0bffa7f6a7fda28eb6b2
Sha384
564727d0c9fbfa3f519851dc259c02e4c760ebe37ec24ca1c6e9ab69f8b1cd8c4a37b321afd150fa87f8305693292694
Sha512
20d7c5d0460a861e79cfff21b59af1d84bfbd4d1cc4b895c8e489beda2a903f4aebb7cd072d41347d27b8142061a0186eb2a3ab0540cb5933db5bd44c72c5af4
SSDeep
12288:ZHAAD4WEC7BbXVQrRsYsJs86qPd0rFAA1ed0T19QgAS/6gne50kR:ZHA04wBoRPcsHK000HKCte5z
TLSH
CC051100E2EF9311CD35CEB18FFDA6612722BE4C6AE8C5099EE73846A47165C716F217

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
bff892d16f1bf32529be8d5452226f06
[Authenticode]_a32ace3a.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ExtensionSearch.MainForm.resources
ExtensionSearch.Properties.Resources.resources
Mars
[NBF]root.Data
wBtB
[NBF]root.Data
[NBF]root.Data-preview.png
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Authenticode present at 0xCEC00 size 13832 bytes
Info

PDB Path: cqnh.pdb
Module Name

cqnh.exe
Full Name

cqnh.exe
EntryPoint

System.Void ExtensionSearch.Program::Main()
Scope Name

cqnh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

cqnh
Assembly Version

9.7.9.8
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

96
Main Method

System.Void ExtensionSearch.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void ExtensionSearch.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
Module Name

cqnh.exe
Full Name

cqnh.exe
EntryPoint

System.Void ExtensionSearch.Program::Main()
Scope Name

cqnh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

cqnh
Assembly Version

9.7.9.8
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

96
Main Method

System.Void ExtensionSearch.Program::Main()
Main IL Instruction Count

10
Main IL

nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void ExtensionSearch.MainForm::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> ret <null>
bff892d16f1bf32529be8d5452226f06 (860.68 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙