floxif | 565115c0b41d462d76e8b9fab89ffdc0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

565115c0b41d462d76e8b9fab89ffdc0N.exe
Size

203KB
MD5

565115c0b41d462d76e8b9fab89ffdc0
SHA1

859e67175e156300ded0e6e1c03a48ba5b7dc80c
SHA256

3a85c3601e606842ff8050f290d6788d2738fc3e965cce6a0626e4500953672a
SHA512

5ecbe80c1902483b438abdda3dbac823231de25f28a207a3b569da34e65ce1ca934f0671e6ef1451ebe763a8ccdd775c5df98c0006617c4c29ab6f69996f663f
SSDEEP

3072:hJ8IMILmCa3yx6oFEdgVXnFYf7C9Ugfxm3Nep9viMk:0kmCaiEoFEd+FYOtxmdeviMk

Score

10^/10

backdoor upx floxif

Malware Config

Signatures

Detects Floxif payload 1 IoCs

resource	yara_rule
sample	floxif

Floxif family
floxif

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
565115c0b41d462d76e8b9fab89ffdc0N.exe

Files

565115c0b41d462d76e8b9fab89ffdc0N.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

FloodFix
FloodFix
FloodFix2
FloodFix2
crc32
crc32

Sections

UPX0
Size: 119KB - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE