floxif | 2435eab68b73dbc8157921c61a5f40a0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2435eab68b73dbc8157921c61a5f40a0N.exe
Size

203KB
MD5

2435eab68b73dbc8157921c61a5f40a0
SHA1

8928bbdbe2c95de3cefc3e3030dfd33cb4400df7
SHA256

4083bb12c45a400b82914e94987bcf35813f82cb6c9dc06c5b8978e435e0295a
SHA512

87da9f2574cd1979b4f2acb01b42e5c052be8e1841335be0436d35c4a8f9e92a934d121aa5164c41957ea5113c3b2c1c52f819340f8ebbf1d26eefec14849608
SSDEEP

3072:hJ8IMILmCa3yx6oFEdgVXnFYf7C9Ugfxm3Nep9viM0LU/vN5ui+:0kmCaiEoFEd+FYOtxmdeviMu2vbui+

Score

10^/10

backdoor upx floxif

Malware Config

Signatures

Detects Floxif payload 1 IoCs

resource	yara_rule
sample	floxif

Floxif family
floxif

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2435eab68b73dbc8157921c61a5f40a0N.exe

Files

2435eab68b73dbc8157921c61a5f40a0N.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

FloodFix
FloodFix
FloodFix2
FloodFix2
crc32
crc32

Sections

UPX0
Size: 119KB - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE