2024-07-04_1a3016e8b96409323ebb62dafc237ce2_floxif_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_1a3016e8b96409323ebb62dafc237ce2_floxif_mafia
Size

2.5MB
MD5

1a3016e8b96409323ebb62dafc237ce2
SHA1

c88f027a864f387aa862b1a0e9fc16d4777e3458
SHA256

e4f9d19539fa7cb08fc79cbdf0f0efe52c97aba63a5554a0607a148f2549ef46
SHA512

91fdfe4173e2a0058338f9c6f1bea6e8ec487346fc4803052fb5f93353da8f6a2e057013c625ce0d68fa1906e80ed6f20e19c04828bc4fc41a278435f2d0ec63
SSDEEP

49152:0fXgD1MSP31Ke3a69MqGsGVcrzMsX5kxsX2VtdxxWM9GvcZE+U7UGNW:31MSdrr9MqGHVazMsX5ad3WM9GceIG4

Score

1^/10

Malware Config

Signatures

Files

2024-07-04_1a3016e8b96409323ebb62dafc237ce2_floxif_mafia
.exe windows:5 windows x86 arch:x86

aaaedb3a01a97f24e9c933afd968eabf

Code Sign

51:b8:04:3b:2d:ed:31:42:a7:c3:8f:95:bc:d7:65:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/03/2014, 00:00

Not After

02/03/2017, 23:59

Subject

CN=LENOVO,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LENOVO,L=Morrisville,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:f8:d7:37:ae:ba:8d:2f:aa:20:d2:2d:ed:5a:95:4c:41:8f:02:45
Signer

Actual PE Digest

5c:f8:d7:37:ae:ba:8d:2f:aa:20:d2:2d:ed:5a:95:4c:41:8f:02:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hudson\workspace\4-10.LePlus.WinApp.row\4-10.LePlus.WinApp.row\WinApp\Leplus\Release\MagicPlus_helper.pdb

Imports

psapi

GetModuleFileNameExA
EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

CreateDirectoryA
GetTimeFormatA
GetDateFormatA
ExitThread
HeapAlloc
HeapReAlloc
RtlUnwind
ExitProcess
HeapQueryInformation
HeapSize
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
UnhandledExceptionFilter
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
FindNextFileA
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
SetEnvironmentVariableA
DecodePointer
FindFirstFileExA
HeapCreate
GetFileAttributesA
FindResourceW
LoadResource
SizeofResource
LockResource
EncodePointer
GetStartupInfoW
SetUnhandledExceptionFilter
GetSystemInfo
HeapSetInformation
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateThread
RaiseException
IsDebuggerPresent
ReleaseMutex
GetCommandLineW
GetUserDefaultLCID
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileW
lstrcmpiW
DeleteFileW
GetCurrentDirectoryW
GetSystemDirectoryW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToSystemTime
GetThreadLocale
lstrlenA
GlobalGetAtomNameW
GlobalFlags
InitializeCriticalSection
MapViewOfFile
UnmapViewOfFile
FindResourceExW
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
FormatMessageW
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalLock
GlobalUnlock
MulDiv
ActivateActCtx
DeactivateActCtx
WideCharToMultiByte
OpenEventW
CreateToolhelp32Snapshot
OpenFileMappingW
Process32NextW
CreateEventW
Process32FirstW
LoadLibraryA
ResetEvent
MultiByteToWideChar
CreateEventA
OutputDebugStringW
SetEvent
LocalFree
GetCurrentProcessId
OutputDebugStringA
GetModuleFileNameA
LocalAlloc
GetProcAddress
SetLastError
TerminateProcess
GetVersionExW
OpenProcess
GetCurrentThread
GetCurrentProcess
FreeLibrary
CreateMutexW
GetFullPathNameA
DeleteFileA
lstrcpyW
GetStdHandle
lstrlenW
GetModuleFileNameW
ReadFile
LoadLibraryW
WaitForSingleObject
CreateProcessW
CloseHandle
CreateFileMappingA
GetLastError
HeapDestroy

user32

CopyIcon
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadImageW
GetIconInfo
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
UnregisterClassW
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
IntersectRect
DestroyMenu
GetMenuItemInfoW
InflateRect
DrawStateW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
PostQuitMessage
ShowWindow
CharUpperBuffW
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
CopyRect
EnableWindow
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetMenu
SetWindowPos
GetWindow
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
UnhookWindowsHookEx
GetSysColor
EndPaint
GetWindowRgn
MoveWindow
InvalidateRect
OffsetRect
wsprintfW
GetForegroundWindow
SendMessageW
IsWindowVisible
GetSystemMetrics
RegisterDeviceNotificationW
AppendMenuW
LoadIconW
GetClientRect
DrawIcon
KillTimer
PostMessageW
IsIconic
SetTimer
GetSystemMenu
ReleaseDC
SetRect
PtInRect
GetWindowDC
GetWindowRect
SetWindowRgn
SystemParametersInfoW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetSubMenu
LoadMenuW
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetDC
BeginPaint
HideCaret

gdi32

RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetNearestPaletteIndex
GetTextFaceW
SetPixelV
GetPaletteEntries
Polygon
CreatePalette
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
CreateDIBSection
CreateRoundRectRgn
GetRgnBox
GetTextColor
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateDIBitmap
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontIndirectW
CreateDCW
CopyMetaFileW
CreateHatchBrush
CreateSolidBrush
CreatePen
GetDeviceCaps
GetObjectType
SelectPalette
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
CreateBitmap
SaveDC
RestoreDC
SetBkColor
GetBoundsRect
SetBkMode
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
BitBlt
GetStockObject
CreateRectRgn
DeleteObject
OffsetViewportOrgEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyW
RegCreateKeyW
RegCreateKeyExW
RegSetValueW
RegQueryValueExA
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
SetNamedSecurityInfoA
RegDeleteValueW
GetLengthSid
IsValidSecurityDescriptor
FreeSid
RevertToSelf
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathA
ShellExecuteW
ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetFileInfoW
SHChangeNotify

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
SHDeleteKeyW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoLockObjectExternal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RegisterDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoRevokeClassObject
CoUninitialize
CoTaskMemFree
RevokeDragDrop
OleGetClipboard
CoInitialize
CoRegisterMessageFilter

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString
VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW
timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaaedb3a01a97f24e9c933afd968eabf

Code Sign

51:b8:04:3b:2d:ed:31:42:a7:c3:8f:95:bc:d7:65:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5c:f8:d7:37:ae:ba:8d:2f:aa:20:d2:2d:ed:5a:95:4c:41:8f:02:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 27KB - Virtual size: 61KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 666KB - Virtual size: 665KB

.reloc Size: 181KB - Virtual size: 181KB

51:b8:04:3b:2d:ed:31:42:a7:c3:8f:95:bc:d7:65:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5c:f8:d7:37:ae:ba:8d:2f:aa:20:d2:2d:ed:5a:95:4c:41:8f:02:45
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 27KB - Virtual size: 61KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 666KB - Virtual size: 665KB

.reloc
Size: 181KB - Virtual size: 181KB