2024-05-14_ebd1cba318388d92c1542e816fc0d07a_floxif_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_ebd1cba318388d92c1542e816fc0d07a_floxif_mafia
Size

362KB
MD5

ebd1cba318388d92c1542e816fc0d07a
SHA1

4aa2cf4c97985daf3ddcbd98c3717c8b209e4ceb
SHA256

7c4796d087e142d1cd1d4c657777ffd688702674a2785e09ef38244420eb4e0d
SHA512

ac2f2f151edd707a92e608cf697f1736a1b5da4397f8f4d3e7338362480ae53af936bf3266df313f20e6300f58ffe8e15a5ca8f041e3145096b92b8f451cd8e6
SSDEEP

6144:7Abl1riKqlbaU4L/7hkB7hpB7/R+Id+HLFNmzyvYYg8LA3jJK+sEBV+UdvrEFp7V:4l1WK4dg7hkB7J7/UIdOLTmzyvYYg8LV

Score

1^/10

Malware Config

Signatures

Files

2024-05-14_ebd1cba318388d92c1542e816fc0d07a_floxif_mafia
.exe windows:5 windows x86 arch:x86

6d4d8462316b9abbd782d47c3af040ed

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:87:d5:66:e8:b9:73:9b:04:77:3e:84
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2020, 01:39

Not After

31/07/2023, 02:55

Subject

SERIALNUMBER=91440600747098958H,CN=Global Digital Cybersecurity Authority Co.\, Ltd.,O=Global Digital Cybersecurity Authority Co.\, Ltd.,STREET=南海区狮山镇南海软件科技园科教路（广东省数字证书认证中心）,L=佛山市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#1306464f5348414e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:97:31:71:71:d4:d4:6f
Certificate

Issuer

CN=GDCA TrustAUTH R4 Generic CA,O=Global Digital Cybersecurity Authority Co.\, Ltd.,C=CN

Not Before

14/03/2017, 06:51

Not After

12/03/2027, 06:51

Subject

CN=GDCA Timestamp Signer,OU=数安时代科技股份有限公司,L=广州市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:09:97:fe:f0:47:ea:7a
Certificate

Issuer

CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\,LTD.,C=CN

Not Before

26/11/2014, 05:13

Not After

31/12/2040, 15:59

Subject

CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\,LTD.,C=CN

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:35:6a:9c:70:b4:55:78
Certificate

Issuer

CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\,LTD.,C=CN

Not Before

07/04/2016, 09:58

Not After

30/12/2030, 16:00

Subject

CN=GDCA TrustAUTH R4 Generic CA,O=Global Digital Cybersecurity Authority Co.\, Ltd.,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:a3:9a:48:fa:eb:08:01:11:94:d0:eb:78:d8:c8:6f:e9:0d:03:52
Signer

Actual PE Digest

04:a3:9a:48:fa:eb:08:01:11:94:d0:eb:78:d8:c8:6f:e9:0d:03:52

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
DeleteFileA
CopyFileA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
CopyFileW
TerminateThread
ResumeThread
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
OpenEventA
CreateEventA
GetLastError
GetModuleFileNameW
DeleteCriticalSection
CloseHandle
WaitForSingleObject
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringW
SetStdHandle
CreateFileA
HeapReAlloc
SetFilePointer
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
IsValidLocale
EnumSystemLocalesA
GetStdHandle
GetNativeSystemInfo
CreateProcessW
GetCurrentProcess
GetModuleHandleW
GetTickCount
LoadLibraryW
ReadFile
CreateFileW
GetStartupInfoW
Process32FirstW
ProcessIdToSessionId
Process32NextW
CreateToolhelp32Snapshot
LocalFree
GetTempPathW
GetTempPathA
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetExitCodeProcess
TerminateProcess
lstrcmpiW
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
LocalAlloc
CreateFileMappingW
OpenFileMappingW
WideCharToMultiByte
MultiByteToWideChar
AllocConsole
SetConsoleTextAttribute
FreeConsole
GetConsoleWindow
SetConsoleTitleA
GetConsoleScreenBufferInfo
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetFileAttributesW
GetCommandLineW
HeapSetInformation
GetTimeZoneInformation
GetFileAttributesA
MoveFileW
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
WriteFile
HeapCreate
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA

user32

RegisterDeviceNotificationA
GetShellWindow
RegisterDeviceNotificationW
SetWindowPos
UnregisterDeviceNotification
MessageBoxW
wsprintfW
GetWindowThreadProcessId

advapi32

RegisterServiceCtrlHandlerExW
OpenProcessToken
SetNamedSecurityInfoA
GetUserNameW
GetTokenInformation
LookupPrivilegeValueW
GetSecurityDescriptorSacl
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
AdjustTokenPrivileges
GetSidSubAuthority
GetSidSubAuthorityCount
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
DeleteService
StartServiceCtrlDispatcherW
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

PathFileExistsW
PathIsRelativeW

gdca_common

gc_get_product_version

rpcrt4

UuidFromStringW
UuidFromStringA

winmm

timeKillEvent
timeSetEvent

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d4d8462316b9abbd782d47c3af040ed

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

1d:87:d5:66:e8:b9:73:9b:04:77:3e:84Certificate

Extended Key Usages

Key Usages

6c:97:31:71:71:d4:d4:6fCertificate

Extended Key Usages

Key Usages

7d:09:97:fe:f0:47:ea:7aCertificate

Key Usages

28:35:6a:9c:70:b4:55:78Certificate

Key Usages

04:a3:9a:48:fa:eb:08:01:11:94:d0:eb:78:d8:c8:6f:e9:0d:03:52Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

userenv

shlwapi

gdca_common

rpcrt4

winmm

winhttp

shell32

Sections

.text Size: 207KB - Virtual size: 206KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 18KB - Virtual size: 18KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

1d:87:d5:66:e8:b9:73:9b:04:77:3e:84
Certificate

6c:97:31:71:71:d4:d4:6f
Certificate

7d:09:97:fe:f0:47:ea:7a
Certificate

28:35:6a:9c:70:b4:55:78
Certificate

04:a3:9a:48:fa:eb:08:01:11:94:d0:eb:78:d8:c8:6f:e9:0d:03:52
Signer

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 18KB - Virtual size: 18KB