floxif | 1de25ba90fa35242d2f415f00de5a3d0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1de25ba90fa35242d2f415f00de5a3d0N.exe
Size

203KB
MD5

1de25ba90fa35242d2f415f00de5a3d0
SHA1

299ae475faea7f97fd806e60203ee5b5decab802
SHA256

48166e9db69258c061064ee2ae40f1effe9c51a9824887f7b9c1723b8285cdbf
SHA512

f02be718625bcfb335a1654657f7e3603ce1c0bb1fa1bf907b0001f2343aa481cd183a6603c3ec0b0b49819c6155fceee5e15d8246d6dfb64563b096db4dfc6e
SSDEEP

3072:hJ8IMILmCa3yx6oFEdgVXnFYf7C9Ugfxm3Nep9viM+qK:0kmCaiEoFEd+FYOtxmdeviM+r

Score

10^/10

backdoor upx floxif

Malware Config

Signatures

Detects Floxif payload 1 IoCs

resource	yara_rule
sample	floxif

Floxif family
floxif

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1de25ba90fa35242d2f415f00de5a3d0N.exe

Files

1de25ba90fa35242d2f415f00de5a3d0N.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

FloodFix
FloodFix
FloodFix2
FloodFix2
crc32
crc32

Sections

UPX0
Size: 119KB - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE