flux-setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

flux-setup.exe
Size

670KB
MD5

e604d6b03c57dd03e30cf77508b0f70c
SHA1

42214333b9df3f23a6d30bf31050acb46f4c6a2d
SHA256

e31117d7501b618074abde3c54fbe01a9f7f3f3948d0f5da6a292ef6e6996978
SHA512

9b3f85d34615873519b495f54e2d1055331316760de969c625347243195b7159d973954b7d5dde172f71fcc0c1e591030d31acf24b1f40ffbe8d3d33a5b6bd54
SSDEEP

12288:8yxKBckjieUs/+h7kgePwPOqUShBlI6ch68+cXmhx226tNRe6JbLUNJwNN:ZxraiAjtelhBlyh51NRe6GON

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ShellExecAsUser.dll
unpack001/$PLUGINSDIR/nsProcess.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

flux-setup.exe
.exe windows:4 windows x86 arch:x86

b76363e9cb88bf9390860da8e50999d2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/04/2023, 00:00

Not After

13/04/2026, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/04/2023, 00:00

Not After

13/04/2026, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:fc:e1:64:46:6f:bb:cd:16:31:b3:9c:b4:5e:ee:8b:f2:25:72:22:04:c8:e6:c2:40:20:52:ae:de:72:75:6d
Signer

Actual PE Digest

d4:fc:e1:64:46:6f:bb:cd:16:31:b3:9c:b4:5e:ee:8b:f2:25:72:22:04:c8:e6:c2:40:20:52:ae:de:72:75:6d

Digest Algorithm

sha256

PE Digest Matches

true

dd:cc:e7:4b:07:2b:0c:46:c3:35:07:5a:d9:38:99:f0:43:ab:71:b2
Signer

Actual PE Digest

dd:cc:e7:4b:07:2b:0c:46:c3:35:07:5a:d9:38:99:f0:43:ab:71:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
Sleep
lstrcmpiA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
lstrlenA
GetCommandLineA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellExecAsUser.dll
.dll windows:4 windows x86 arch:x86

fb89301642ac2a39aefdd3cc2610ed81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
CloseHandle
WaitForSingleObject
OutputDebugStringA
MultiByteToWideChar
lstrlenA
GetModuleHandleA
lstrcmpA
SetEvent
GlobalFree
lstrcpyA
GetProcAddress
CreateEventA
GetVersionExA

user32

CreateWindowExA
PostMessageA
GetMessageA
SetWindowLongA
RegisterClassExA
TranslateMessage
DispatchMessageA
DefWindowProcA
DestroyWindow
GetWindowLongA
PostQuitMessage
wsprintfA

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

shlwapi

ord176

msvcrt

malloc
_initterm
free
_beginthreadex
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_adjust_fdiv

Exports

Exports

ShellExecAsUser

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

a49b0342971aa199fc6349725b90146d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
lstrcpynA
lstrlenA
LoadLibraryA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExA
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA
PostMessageA

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flux.exe
.exe windows:5 windows x86 arch:x86

51ee72c638ee0200ff8b37fb1213b605

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/04/2023, 00:00

Not After

13/04/2026, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/04/2023, 00:00

Not After

13/04/2026, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:3e:0d:f7:57:ce:bf:28:ee:9a:11:f7:9a:6f:b3:cd:68:77:e8:d6:00:ae:cf:ea:b0:67:f0:ae:ee:f4:ba:a1
Signer

Actual PE Digest

32:3e:0d:f7:57:ce:bf:28:ee:9a:11:f7:9a:6f:b3:cd:68:77:e8:d6:00:ae:cf:ea:b0:67:f0:ae:ee:f4:ba:a1

Digest Algorithm

sha256

PE Digest Matches

true

02:e5:91:d9:8d:5b:44:60:a7:4c:3c:1b:58:ce:54:72:fe:98:26:fd
Signer

Actual PE Digest

02:e5:91:d9:8d:5b:44:60:a7:4c:3c:1b:58:ce:54:72:fe:98:26:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\mherf\git\projects\flux\NoAccount\flux.pdb

Imports

netapi32

NetApiBufferFree
NetGetJoinInformation

wsock32

bind
socket
closesocket
send
recv
sendto
setsockopt
htons
select
ioctlsocket
WSAStartup
connect

winmm

timeGetTime
timeBeginPeriod

kernel32

GetModuleFileNameA
LoadLibraryExA
ExitProcess
GetDiskFreeSpaceExA
QueryPerformanceCounter
TerminateProcess
OpenProcess
GetCurrentProcess
ResetEvent
WaitForSingleObject
DeleteCriticalSection
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetProcAddress
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetCurrentProcessId
CloseHandle
EnterCriticalSection
CreateMutexA
GetLastError
LeaveCriticalSection
CreateEventA
Sleep
GetTickCount
SetEvent
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
GetFileType
SetStdHandle
GetStartupInfoA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
ReadFile
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
FreeLibrary
lstrcmpiA
IsDBCSLeadByte
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFilePointer
lstrcmpW
WriteConsoleA
FlushInstructionCache
SetLastError
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
SetThreadPriority
TerminateThread
GetCurrentThreadId
lstrcpynA
LocalFree
FormatMessageA
LoadLibraryA
GetComputerNameA
GetProcessHandleCount
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetVersion
GetVersionExA
GetLocaleInfoA
GetStdHandle
VerSetConditionMask
VerifyVersionInfoA
GetSystemPowerStatus
SetThreadExecutionState
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetTimeFormatA
QueryPerformanceFrequency
GetFileAttributesExA
DeleteFileA
GetFileAttributesA
MulDiv
GetModuleHandleA
VirtualQuery
CreateDirectoryA
lstrlenW
RaiseException
LoadResource
SizeofResource
FindResourceA
lstrlenA
lstrcmpA

user32

GetWindowThreadProcessId
DestroyMenu
UnregisterHotKey
AdjustWindowRect
RegisterHotKey
SetWindowTextW
EnableWindow
LoadImageA
SetWindowTextA
SystemParametersInfoA
SetMenuDefaultItem
PostMessageA
AppendMenuA
IsDlgButtonChecked
CreatePopupMenu
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
EndPaint
GetClassNameA
GetClassInfoExA
BeginPaint
GetSysColor
EnumDisplayMonitors
MessageBeep
ExitWindowsEx
UpdateWindow
ClientToScreen
SetTimer
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
LoadStringA
SetFocus
IsIconic
SetActiveWindow
GetWindowLongA
GetClassInfoA
SetWindowLongA
GetWindow
EnumThreadWindows
IsWindow
DestroyWindow
RegisterWindowMessageA
GetParent
CreateWindowExA
IsWindowVisible
ShowWindowAsync
SetMenu
RegisterClassA
SetClassLongA
DefWindowProcA
SetWindowPos
MoveWindow
GetSystemMetrics
ReleaseCapture
GetActiveWindow
FlashWindowEx
PostQuitMessage
CallWindowProcA
wsprintfA
GetAsyncKeyState
LoadCursorA
SetCursor
ShowCursor
UnregisterClassA
GetCursorPos
SetCursorPos
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
MessageBoxA
EnumChildWindows
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetDlgItemTextA
FillRect
SetCapture
CharNextA
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
IsChild
RegisterClassExA
DestroyAcceleratorTable
GetFocus
CreateAcceleratorTableA
EndDialog
DialogBoxParamA
AdjustWindowRectEx
GetMenu
SetParent
GetTopWindow
GetMessageExtraInfo
KillTimer
SetForegroundWindow
LoadIconA
FindWindowExA
WindowFromPoint
GetClientRect
SendMessageA
GetDC
GetForegroundWindow
TrackPopupMenuEx
AppendMenuW
ReleaseDC
GetDlgItem
GetDesktopWindow
CheckDlgButton
GetLastInputInfo
ShowWindow

gdi32

CreateCompatibleDC
DeleteDC
CreateDCA
GetStockObject
GetDeviceCaps
SetDeviceGammaRamp
GetICMProfileA
GetDeviceGammaRamp
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
BitBlt
GetObjectA
GetKerningPairsA
GetGlyphOutlineA
CreateFontIndirectA
SetBkMode
StretchBlt
SetStretchBltMode
CreateDIBSection
Rectangle
CreatePen
SelectObject

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CreateWellKnownSid
CryptAcquireContextA
CheckTokenMembership
CryptGenRandom
OpenProcessToken

ole32

CoTaskMemRealloc
StringFromGUID2
CoRegisterClassObject
CoTaskMemAlloc
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleInitialize
OleUninitialize
CoResumeClassObjects
CoInitialize
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString

psapi

GetProcessMemoryInfo
GetModuleFileNameExA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetConnectA
HttpEndRequestA
HttpSendRequestExA
InternetOpenA
DeleteUrlCacheEntry
InternetCrackUrlA
HttpOpenRequestA
InternetWriteFile
HttpQueryInfoA
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle
HttpAddRequestHeadersA
InternetSetOptionA
InternetReadFile

urlmon

URLDownloadToFileA
UrlMkSetSessionOption
URLDownloadToCacheFileA

dbghelp

MiniDumpWriteDump

comctl32

PropertySheetA
InitCommonControlsEx
CreatePropertySheetPageA

shlwapi

SHDeleteValueA
PathAddBackslashA

wintrust

WinVerifyTrust

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 506KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtime/flux.preset.json
runtime/flux.psd
runtime/flux.tre
runtime/uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b76363e9cb88bf9390860da8e50999d2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d4:fc:e1:64:46:6f:bb:cd:16:31:b3:9c:b4:5e:ee:8b:f2:25:72:22:04:c8:e6:c2:40:20:52:ae:de:72:75:6dSigner

dd:cc:e7:4b:07:2b:0c:46:c3:35:07:5a:d9:38:99:f0:43:ab:71:b2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 22KB - Virtual size: 22KB

fb89301642ac2a39aefdd3cc2610ed81

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 732B

.reloc Size: 512B - Virtual size: 426B

a49b0342971aa199fc6349725b90146d

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d4:fc:e1:64:46:6f:bb:cd:16:31:b3:9c:b4:5e:ee:8b:f2:25:72:22:04:c8:e6:c2:40:20:52:ae:de:72:75:6d
Signer

dd:cc:e7:4b:07:2b:0c:46:c3:35:07:5a:d9:38:99:f0:43:ab:71:b2
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 732B

.reloc
Size: 512B - Virtual size: 426B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 250B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

1e:76:07:71:52:58:3a:37:2c:33:8a:f1:1a:6e:cf:83
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

32:3e:0d:f7:57:ce:bf:28:ee:9a:11:f7:9a:6f:b3:cd:68:77:e8:d6:00:ae:cf:ea:b0:67:f0:ae:ee:f4:ba:a1
Signer

02:e5:91:d9:8d:5b:44:60:a7:4c:3c:1b:58:ce:54:72:fe:98:26:fd
Signer