Suspicious
Suspect

PE Executable
MD5: ee358da8d1af5829af1f7d29caf63d47
Size: 835.07 KB
application/x-dosexec

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Low
MD5 ee358da8d1af5829af1f7d29caf63d47
Sha1 580acf88dd70cda1dbdbf4ebcd6f4031d0f64402
Sha256 a6a9b636acea176d2d225f18d8f28797631b1ce4c5b2e46ed4cbe18f1a71fa6e
Sha384 c90df7d2896256df34492444a6452bd83e44f2a97bb9337f7b830fa510be9c80f545ae4c22c9db170facd7f38b4e43fa
Sha512 be29322da98b6d346c96d54f1bbac4c412ff78123cc543c98e63f843dfe24c6e165124aeb723656c8fd94a242a280699b4366fb91a299625d1fb8da664595c7b
SSDeep 12288:jyXGefJUyIrB9MpYqacykOogPEK4ry31nnFG2CgcqOI7LFDwyIATJHe/:vMJU7VmqqRy68D4YE2bt7LFsVAVHe/
TLSH 160502117799ED13D4B98AF55932E37003B26E5DA026D3CB9DE8BCE738E5B012810B97
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Dorixona.Bimor.resources
Dorixona.Dorixona.resources
Dorixona.Firma.resources
Dorixona.Form1.resources
$this.Icon
[NBF]root.IconData
Dorixona.Properties.Resources.resources
fpaC
[NBF]root.Data
[NBF]root.Data-preview.png
nd
[NBF]root.Data
Name Value
Module Name
fIGB.exe
Full Name
fIGB.exe
EntryPoint
System.Void Dorixona.Program::Main()
Scope Name
fIGB.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
fIGB
Assembly Version
2.8.5.1
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
473
Main Method
System.Void Dorixona.Program::Main()
Main IL Instruction Count
6
Main IL
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
newobj System.Void Dorixona.Login::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
Module Name
fIGB.exe
Full Name
fIGB.exe
EntryPoint
System.Void Dorixona.Program::Main()
Scope Name
fIGB.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
fIGB
Assembly Version
2.8.5.1
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.0
Total Strings
473
Main Method
System.Void Dorixona.Program::Main()
Main IL Instruction Count
6
Main IL
call System.Void System.Windows.Forms.Application::EnableVisualStyles()
ldc.i4.0 <null>
call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean)
newobj System.Void Dorixona.Login::.ctor()
call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form)
ret <null>
PDB Path PATH
fIhuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Dorixona.Bimor.resources
Dorixona.Dorixona.resources
Dorixona.Firma.resources
Dorixona.Form1.resources
$this.Icon
[NBF]root.IconData
Dorixona.Properties.Resources.resources
fpaC
[NBF]root.Data
[NBF]root.Data-preview.png
nd
[NBF]root.Data
No malware configuration was found at this point.
PDB Path PATH
fIhuhuhuhu
ee358da8d1af5829af1f7d29caf63d47
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙