FluxusLinux[.]zip

Resubmissions

07/06/2023, 01:01

230607-bdfrxagg61 3

07/06/2023, 00:49

230607-a6hxasgc25 3

Sharing

Copy URL Twitter E-mail

General

Target

FluxusLinux.zip
Size

4.4MB
MD5

dc54317647536086aa4946ea9fe73bb0
SHA1

7cc39ed2aaadd1dc6100a39700ba5f01b6726c33
SHA256

f4574886759ef38c96300dd06784b6274972a1089ba7ee754f866cdc2854116c
SHA512

975e08b7d036306d6d2149984cd83953e42c6836355bcfa640ce0c5b23c84a36541c7b7d31aeda50a5ac551f9906d2fecae84ed69ef59503f1918935f627499e
SSDEEP

98304:nKCNU+1aEnxEHmJ2XPH2Qe1F+QNsHQAezQvCYeSF0ysDYWganYh:nzU+5xHkXf0FyHyQrsDdxM

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FluxusLinux/FluxusAuth.dll
unpack001/FluxusLinux/FluxusLinux.exe

Files

FluxusLinux.zip
.zip
FluxusLinux/FluxusAuth.dll
.dll windows x86

fb75dfe7a2679ed8f896cc4c752c122a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
WideCharToMultiByte
GetFileSizeEx
CreateFileA
FormatMessageA
IsProcessorFeaturePresent
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
CloseHandle
MoveFileExA
Sleep
GetTickCount
QueryPerformanceCounter
GetEnvironmentVariableA
VerifyVersionInfoA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
VerSetConditionMask
SleepEx
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
OutputDebugStringW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
SetLastError
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CryptEncrypt
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
GetCurrentHwProfileA
RegCloseKey
RegCreateKeyExW
RegGetValueA
CryptAcquireContextA

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

msvcp140

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

vcruntime140

__std_exception_copy
__std_exception_destroy
__std_terminate
_CxxThrowException
_except_handler4_common
__CxxFrameHandler3
memcpy
__std_type_info_destroy_list
memmove
memset
memchr
strrchr
strstr
strchr
__current_exception
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
strerror
__sys_nerr
terminate
_initialize_onexit_table
_getpid
_invalid_parameter_noinfo_noreturn
_beginthreadex

api-ms-win-crt-string-l1-1-0

strncmp
strncpy
tolower
isupper
isalnum
strspn
strpbrk
_strdup
strcspn

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh
realloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fgets
__stdio_common_vsprintf
fflush
fread
_open
fseek
_write
_read
_lseeki64
_close
__stdio_common_vsscanf
fputs
fwrite
fputc
fclose
feof
ftell
fopen

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_access
_unlink

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
strtoll

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

ws2_32

accept
htonl
listen
WSAStartup
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSACleanup
WSAGetLastError
send
recv
closesocket
ioctlsocket

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

wldap32

ord217
ord60
ord45
ord46
ord211
ord50
ord301
ord200
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord143
ord30

normaliz

IdnToAscii

Exports

Exports

HWID
IsPremium
Verify
VerifyLogin

Sections

.text
Size: - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cvX
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.]Pw
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Imy
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FluxusLinux/FluxusLinux.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fb75dfe7a2679ed8f896cc4c752c122a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

ws2_32

crypt32

wldap32

normaliz

Exports

Exports

Sections

.text Size: - Virtual size: 345KB

.rdata Size: - Virtual size: 64KB

.data Size: - Virtual size: 3KB

.cvX Size: - Virtual size: 2.0MB

.]Pw Size: 1KB - Virtual size: 1KB

.Imy Size: 4.2MB - Virtual size: 4.2MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 317KB - Virtual size: 317KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 345KB

.rdata
Size: - Virtual size: 64KB

.data
Size: - Virtual size: 3KB

.cvX
Size: - Virtual size: 2.0MB

.]Pw
Size: 1KB - Virtual size: 1KB

.Imy
Size: 4.2MB - Virtual size: 4.2MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: 317KB - Virtual size: 317KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 12B