2024-05-07_eeb2c02e2ecb63ddbe92cc23bca8ea6d_floxif_robinhood

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_eeb2c02e2ecb63ddbe92cc23bca8ea6d_floxif_robinhood
Size

3.2MB
MD5

eeb2c02e2ecb63ddbe92cc23bca8ea6d
SHA1

6742462e77f0771e6b90dfc173016de10baeeb62
SHA256

be662cdc7f9d986bb0d01d0c39b6f208753ba84144bdc4ab66559652159965be
SHA512

0566645a6e5438a3741f53893f0b96063ab7321ba504ba7a62dc23ee5f542641af1eb6ec5b0014e876942594d46a8d0cd05a6e74f888f0d9932943b2107a9c00
SSDEEP

49152:QndeZM3kEHsvIjD1UkUjECIKS0rwjHPigmbkVBZheJudkaZyaTVX+sNyEKymxXs7:Qnd938vsD1UkUjbS0rwjHaydzK5xtu0w

Score

1^/10

Malware Config

Signatures

Files

2024-05-07_eeb2c02e2ecb63ddbe92cc23bca8ea6d_floxif_robinhood
.exe windows:6 windows x86 arch:x86

ce1fdeebafcd9927433265484a7f2722

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:f2:1f:17:a0:fa:8c:c5:42:c8:9f:77:c6:50:7b:33
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/12/2018, 00:00

Not After

06/01/2022, 23:59

Subject

CN=Check Point Software Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Check Point Software Technologies Ltd.,L=TEL AVIV-JAFFA,ST=Ramat-Gan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:5b:52:66:4c:50:25:c1:75:02:76:74:47:d1:55:c3:ac:25:79:24:5a:7f:7f:9e:0d:09:ba:3f:30:23:33:b1
Signer

Actual PE Digest

5a:5b:52:66:4c:50:25:c1:75:02:76:74:47:d1:55:c3:ac:25:79:24:5a:7f:7f:9e:0d:09:ba:3f:30:23:33:b1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\ckp\src\EFR\E84_70\CMPUB\Release\x86\EFRService.pdb

Imports

sqlite3

sqlite3_close
sqlite3_exec
sqlite3_backup_finish
sqlite3_backup_step
sqlite3_backup_init
sqlite3_reset
sqlite3_finalize
sqlite3_column_type
sqlite3_column_text16
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_int
sqlite3_step
sqlite3_expanded_sql
sqlite3_column_name
sqlite3_column_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_parameter_count
sqlite3_bind_text16
sqlite3_bind_text
sqlite3_bind_null
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_prepare_v2
sqlite3_errmsg
sqlite3_errcode
sqlite3_open
sqlite3_free
sqlite3_mprintf
sqlite3_busy_timeout
sqlite3_changes
sqlite3_last_insert_rowid

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest

kernel32

RemoveDirectoryW
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
GetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetTickCount64
Wow64DisableWow64FsRedirection
CreateFileW
Wow64RevertWow64FsRedirection
ReadFile
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
FormatMessageW
LocalAlloc
GetProcAddress
GetModuleHandleW
FreeLibrary
LocalFree
WaitForSingleObject
OpenProcess
K32GetProcessImageFileNameW
GetModuleFileNameW
LoadLibraryW
Sleep
CreateNamedPipeW
CreateEventW
WaitForMultipleObjects
ConnectNamedPipe
SetEvent
DisconnectNamedPipe
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
MoveFileExW
CreateDirectoryW
CompareFileTime
GetDiskFreeSpaceExW
InitializeCriticalSection
RaiseException
DecodePointer
GetFileSize
GlobalFree
GetSystemTimes
GetProcessTimes
GetCurrentProcess
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcessId
SetLastError
FormatMessageA
WriteFile
SetFilePointer
UnmapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GetTickCount
GetEnvironmentVariableW
OutputDebugStringW
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
VerSetConditionMask
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFileAttributesW
GetLongPathNameW
GetShortPathNameW
GetExitCodeProcess
CreateProcessW
GetComputerNameExW
GetModuleHandleExW
lstrlenW
GetComputerNameW
VerifyVersionInfoW
GetTimeZoneInformation
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
GetCurrentThread
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
UnregisterWaitEx
RtlUnwind
DeleteFileW
ExitThread
ExitProcess
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetSystemInfo
VirtualQuery
GetFullPathNameW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
RegisterWaitForSingleObject
GetStdHandle
GetCommandLineA
GetCommandLineW
TlsGetValue
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
EncodePointer
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
SetFilePointerEx
SetEndOfFile
GetFileAttributesExW
FindFirstFileExW
QueryPerformanceCounter
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
GetStringTypeW
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW

user32

GetDesktopWindow

advapi32

RegDeleteValueW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenThreadToken
CreateProcessAsUserW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertSidToStringSidW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
CopySid
AllocateAndInitializeSid
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ord155
CommandLineToArgvW
SHGetPropertyStoreFromParsingName

ole32

StringFromGUID2
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

GetErrorInfo
SysAllocStringLen
SysStringLen
VariantChangeType
VariantInit
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathIsRelativeW
PathFileExistsW

wevtapi

EvtCreateRenderContext
EvtRender
EvtSubscribe
EvtClose

ws2_32

shutdown
WSAStartup
inet_addr
send
socket
__WSAFDIsSet
connect
recvfrom
recv
WSACleanup
ntohl
gethostname
getaddrinfo
freeaddrinfo
InetNtopW
getsockopt
htons
sendto
ioctlsocket
setsockopt
WSAGetLastError
select
gethostbyname
closesocket
bind
accept

userenv

LoadUserProfileW
UnloadUserProfile
GetProfileType
CreateEnvironmentBlock
DestroyEnvironmentBlock

ntdll

NtQuerySystemInformation

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce1fdeebafcd9927433265484a7f2722

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

02:f2:1f:17:a0:fa:8c:c5:42:c8:9f:77:c6:50:7b:33Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5a:5b:52:66:4c:50:25:c1:75:02:76:74:47:d1:55:c3:ac:25:79:24:5a:7f:7f:9e:0d:09:ba:3f:30:23:33:b1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sqlite3

wtsapi32

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

shlwapi

wevtapi

ws2_32

userenv

ntdll

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 590KB - Virtual size: 590KB

.data Size: 52KB - Virtual size: 76KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 240KB - Virtual size: 240KB

.reloc Size: 107KB - Virtual size: 107KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

02:f2:1f:17:a0:fa:8c:c5:42:c8:9f:77:c6:50:7b:33
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5a:5b:52:66:4c:50:25:c1:75:02:76:74:47:d1:55:c3:ac:25:79:24:5a:7f:7f:9e:0d:09:ba:3f:30:23:33:b1
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 590KB - Virtual size: 590KB

.data
Size: 52KB - Virtual size: 76KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 240KB - Virtual size: 240KB

.reloc
Size: 107KB - Virtual size: 107KB