Suspicious
Suspect

f7760f591f251625e206de38bdcb0346

PE Executable
|
MD5: f7760f591f251625e206de38bdcb0346
|
Size: 3.98 MB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
f7760f591f251625e206de38bdcb0346
Sha1
e14a108cf8c21698ce1dbc1d66d1f703e1d5f3e4
Sha256
de22cc3be940674331be243141c5b3e99c375bef12b433c93c17785710647a51
Sha384
7c548e6d58496ee81c934ac75e986bfdd2554d6b85c3645c65ff3f20eb78fd753e73c4bf76d6d6ab5864dd5e6c2bde27
Sha512
22295dfbadd9a18901838e9277a21679a02d7eb26cb31b24fe2ec970c9edf9b1cee6435cc0f9fa78874abfbe4edd728f114cd6f0e730273b3d4a978af268901d
SSDeep
98304:SDE01b8mDnGPbhdiG6WXpEAzUcU/fBSSU80JnS:So01bbnG76wp+k80k
TLSH
9A0622B031ADA923DAA551F00191D83537B36ECF6818E2D94DD6BDEB7CE4BC40B41987

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f7760f591f251625e206de38bdcb0346
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLDTDD_FPT.AM_Edit.resources
QLDTDD_FPT.Properties.Resources.resources
QXtx
[NBF]root.Data
[NBF]root.Data-preview.png
QLDTDD_FPT.StaffManagementForm.resources
$this.Icon
[NBF]root.IconData
kc
[NBF]root.Data
Informations
Name
 Value
Module Name

CyYh.exe
Full Name

CyYh.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

CyYh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CyYh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

975
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

CyYh.exe
Full Name

CyYh.exe
EntryPoint

System.Void QLDTDD_FPT.Program::Main()
Scope Name

CyYh.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

CyYh
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

975
Main Method

System.Void QLDTDD_FPT.Program::Main()
Main IL Instruction Count

6
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void QLDTDD_FPT.Mainform::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
PDB Path

CyYh.pdb
f7760f591f251625e206de38bdcb0346 (3.98 MB)
File Structure
f7760f591f251625e206de38bdcb0346
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
QLDTDD_FPT.AM_Edit.resources
QLDTDD_FPT.Properties.Resources.resources
QXtx
[NBF]root.Data
[NBF]root.Data-preview.png
QLDTDD_FPT.StaffManagementForm.resources
$this.Icon
[NBF]root.IconData
kc
[NBF]root.Data
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
PDB Path

CyYh.pdb

f7760f591f251625e206de38bdcb0346
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙