2024-09-06_5309ef5423b63ccba919aa410d43663c_floxif_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-06_5309ef5423b63ccba919aa410d43663c_floxif_mafia
Size

6.3MB
MD5

5309ef5423b63ccba919aa410d43663c
SHA1

2003458d3f093fab5d88ef6b243c8fd8bd7ba14f
SHA256

07c5001891f95333442dbeebd73cbfc14ae6daa43970056f1fb583ba511d9fb0
SHA512

ca37f1610c63c6de178c46cb7072af7ac5d4f756aba04a56309373c70401b677dea08402488cccdc7021341d10ff18f6488881b77395b7108f1f1411ab2bd56d
SSDEEP

196608:7DXbNtD6Cp3XHxPXBs72S3CKCXCv2a/As:7DXhtOCpHRPXOR39Uk20d

Score

1^/10

Malware Config

Signatures

Files

2024-09-06_5309ef5423b63ccba919aa410d43663c_floxif_mafia
.exe windows:5 windows x86 arch:x86

88ba4820f2d988b7dd9d9a4e95060122

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:47:16:b6:73:13:b3:03:5e:03:d1:e7:8d:30:88:63
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-04-2012 00:00

Not After

13-04-2015 23:59

Subject

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,POSTALCODE=94110,STREET=\#202+STREET=3388 17th St,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:d1:37:d7:d2:94:6b:ef:42:1d:5e:8e:92:5b:ff:6f:00:1e:75:50
Signer

Actual PE Digest

73:d1:37:d7:d2:94:6b:ef:42:1d:5e:8e:92:5b:ff:6f:00:1e:75:50

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\kkowalczyk\src\sumatrapdf30\obj-rel\SumatraPDF.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegOpenKeyExW
RegEnumKeyW

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
HeapFree
GetVersionExW
HeapDestroy
HeapCreate
TerminateProcess
GetEnvironmentVariableA
GlobalMemoryStatusEx
Module32FirstW
GetSystemInfo
CreateToolhelp32Snapshot
GetCurrentThreadId
OutputDebugStringA
Module32NextW
GetLogicalDrives
GetUserDefaultUILanguage
AllocConsole
CreateProcessW
VerSetConditionMask
SetConsoleScreenBufferSize
FormatMessageA
LoadLibraryW
GetModuleFileNameW
VerifyVersionInfoW
GetStdHandle
GetConsoleScreenBufferInfo
lstrcpyW
GetTempFileNameW
GetDriveTypeW
CreateDirectoryW
WriteFile
GetVolumePathNameW
ReadFile
CreateFileW
WritePrivateProfileStringW
GetTempPathW
GetPrivateProfileIntW
GetFileSizeEx
GetLongPathNameW
GetFileTime
GetFileAttributesExW
GetShortPathNameW
DeleteFileW
GetFileInformationByHandle
RaiseException
CompareFileTime
ReadDirectoryChangesW
WaitForMultipleObjectsEx
QueueUserAPC
CancelIo
WideCharToMultiByte
MultiByteToWideChar
GetThreadContext
VirtualQuery
GetCurrentThread
Thread32First
Thread32Next
OpenThread
GetModuleHandleA
SuspendThread
ResumeThread
GetEnvironmentVariableW
GetExitCodeProcess
TryEnterCriticalSection
GetACP
SetFilePointer
lstrcpynW
CompareStringW
WriteConsoleW
GetTimeZoneInformation
CreateProcessA
GetProcessHeap
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
LCMapStringW
SetHandleCount
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
FindFirstFileExW
SetConsoleCtrlHandler
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
DuplicateHandle
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
MoveFileA
DecodePointer
EncodePointer
GetFullPathNameW
ExitProcess
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
SetErrorMode
MoveFileExW
QueryPerformanceCounter
GetModuleHandleW
GetSystemTimeAsFileTime
Sleep
FileTimeToDosDateTime
CopyFileW
FormatMessageW
GetFileAttributesW
MulDiv
GetLastError
CreateFileMappingW
QueryPerformanceFrequency
CloseHandle
GetCurrentProcessId
LocalFree
SetFileAttributesW
EnterCriticalSection
CreateEventA
InitializeCriticalSection
InterlockedExchange
WaitForSingleObject
LeaveCriticalSection
ResetEvent
SetEvent
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetModuleFileNameA
GetTickCount
GetFullPathNameA
GetFileAttributesA
FindClose
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
DeleteCriticalSection
CreateThread
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalDeleteAtom
GlobalAddAtomW
FindFirstFileW
FindNextFileW
GetProcAddress
GetDateFormatW
GetLocaleInfoW
GetTimeFormatW
CreateEventW
SystemTimeToFileTime
SetThreadExecutionState
GetSystemTime
FindResourceW
LoadResource
SizeofResource
LockResource
HeapReAlloc
GetLocaleInfoA
HeapAlloc

user32

IsDlgButtonChecked
CheckRadioButton
SetDlgItemTextW
EnableWindow
GetWindow
IsCharAlphaNumericW
GetUpdateRect
ValidateRect
CloseClipboard
EmptyClipboard
OpenClipboard
GetSystemMenu
GetWindowDC
TrackMouseEvent
InvalidateRgn
DrawEdge
GetMenuItemInfoW
OffsetRect
ReleaseDC
GetMenuItemCount
SetMenuDefaultItem
DrawFrameControl
RedrawWindow
GetMessagePos
GetWindowTextLengthW
ShowWindowAsync
ReuseDDElParam
SetForegroundWindow
MessageBeep
IsWindowUnicode
UnpackDDElParam
HideCaret
LoadImageW
ShowCaret
SetClassLongW
CallWindowProcW
PostMessageW
SetActiveWindow
DrawTextW
CopyImage
TrackPopupMenu
GetMenuItemID
CreateMenu
ModifyMenuW
GetMenu
CheckMenuRadioItem
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetPropW
SetLayeredWindowAttributes
ClientToScreen
DdeInitializeW
EnumDisplayMonitors
DdeCreateStringHandleW
GetWindowInfo
DdeFreeStringHandle
CheckDlgButton
RemoveMenu
DispatchMessageW
MoveWindow
GetWindowThreadProcessId
DefWindowProcW
GetScrollPos
SetScrollInfo
EndDeferWindowPos
DestroyMenu
UpdateWindow
SendMessageW
AllowSetForegroundWindow
IsWindowVisible
GetSystemMetrics
BeginDeferWindowPos
ReleaseCapture
MessageBoxW
DeferWindowPos
GetCursor
CreateWindowExW
ShowScrollBar
FindWindowExW
IsWindow
LoadBitmapW
SetMenu
ShowWindow
SetWindowPos
GetSysColor
SetWindowLongW
SystemParametersInfoW
GetAncestor
GetWindowLongW
InvalidateRect
GetScrollInfo
LoadIconW
RegisterClassExW
GetForegroundWindow
LoadAcceleratorsW
TranslateMessage
GetCapture
CharLowerW
IsCharUpperW
BeginPaint
SetFocus
GetClientRect
FindWindowW
SetParent
LoadCursorW
GetParent
GetFocus
GetKeyState
IsZoomed
KillTimer
SetCapture
FillRect
IsIconic
PostQuitMessage
GetMessageW
SendDlgItemMessageW
EndDialog
GetDlgItem
DialogBoxParamW
DialogBoxIndirectParamW
wsprintfA
GetDC
MonitorFromRect
DdeFreeDataHandle
RemovePropW
DdeUninitialize
MonitorFromWindow
GetDesktopWindow
GetCursorPos
AdjustWindowRectEx
DdeClientTransaction
DdeConnect
SetClipboardData
SetMenuItemInfoW
DdeDisconnect
SetPropW
GetWindowRect
ScreenToClient
SetTimer
MapVirtualKeyW
TranslateAcceleratorW
SetCursor
DestroyWindow
EndPaint
CheckMenuItem
MapWindowPoints
InsertMenuW
GetMonitorInfoW

gdi32

PatBlt
SetBrushOrgEx
CreateBitmap
CreatePatternBrush
SetROP2
ExtTextOutW
MoveToEx
SetGraphicsMode
LineTo
CreateDIBSection
GetDIBits
SetDIBColorTable
CreateCompatibleBitmap
SetDIBits
GetDIBColorTable
GetObjectW
CreateFontIndirectW
SetBkColor
SetWorldTransform
IntersectClipRect
GetObjectA
BitBlt
SetViewportOrgEx
ExcludeClipRect
CreateRectRgn
GetClipBox
ExtSelectClipRgn
SetLayout
GetTextExtentPoint32W
SetBkMode
SelectClipRgn
CreateRoundRectRgn
RoundRect
TextOutW
EndPage
StartPage
GetDeviceCaps
CreateDCW
SetMapMode
SetStretchBltMode
StartDocW
EndDoc
AbortDoc
SetTextColor
DeleteDC
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
CreatePen
GetStockObject
CreateSolidBrush

comdlg32

CommDlgExtendedError
PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW

shell32

SHBindToParent
SHGetFolderPathW
ShellExecuteExW
SHGetDesktopFolder
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetFileInfoW
SHAddToRecentDocs
SHChangeNotify

gdiplus

GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateBitmapFromGraphics
GdipDrawRectangleI
GdipAddPathLine
GdipGetImageHorizontalResolution
GdipDrawImageRectRect
GdipDrawRectangle
GdipDrawLine
GdipGetFamilyName
GdipSetPenDashArray
GdipSetWorldTransform
GdipGetFamily
GdipTransformMatrixPoints
GdipInvertMatrix
GdipSetPenDashOffset
GdipSetImageAttributesWrapMode
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipGetFontCollectionFamilyList
GdipSetImageAttributesColorMatrix
GdipGetEmHeight
GdipAddPathPath
GdipFillPolygon
GdipPrivateAddFontFile
GdipSetClipRect
GdipDrawImagePointsRect
GdipSetPageScale
GdipGetDpiY
GdipGetFontCollectionFamilyCount
GdipGetMatrixElements
GdipTransformRegion
GdipGraphicsClear
GdipCreateRegionRectI
GdipSetPenLineCap197819
GdipDeleteFontFamily
GdipIsStyleAvailable
GdipSaveGraphics
GdipCreateMatrix2
GdipSetImagePalette
GdipNewPrivateFontCollection
GdipGetWorldTransform
GdipDeletePrivateFontCollection
GdipSetPenTransform
GdipGetCellAscent
GdipGetLogFontW
GdipCloneFontFamily
GdipSetPixelOffsetMode
GdipSetPenLineJoin
GdipGetClipBounds
GdiplusShutdown
GdiplusStartup
GdipFree
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipSaveImageToFile
GdipCloneImage
GdipGetImageWidth
GdipRotateMatrix
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipBitmapUnlockBits
GdipGetRegionBounds
GdipBitmapSetResolution
GdipCreateBitmapFromStream
GdipMeasureString
GdipGetStringFormatFlags
GdipScaleMatrix
GdipCloneBitmapAreaI
GdipFillEllipseI
GdipCreateLineBrushFromRect
GdipDeleteMatrix
GdipFillRectangle
GdipClonePath
GdipTransformPath
GdipGetPathWorldBoundsI
GdipSetPenMiterLimit
GdipSetPenMode
GdipCreateMatrix
GdipCreateStringFormat
GdipMeasureCharacterRanges
GdipDrawImageI
GdipCreateBitmapFromGdiDib
GdipSetPropertyItem
GdipReleaseDC
GdipWidenPath
GdipGetDC
GdipDeleteBrush
GdipDeletePen
GdipCreateRegion
GdipSetClipRectI
GdipGetClip
GdipSetClipRegion
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipCreateFromHWND
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipGetPathData
GdipSetCompositingQuality
GdipSetSolidFillColor
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipCloneStringFormat
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipRestoreGraphics
GdipGetImageEncoders
GdipDrawString
GdipTransformPointsI
GdipDeleteRegion
GdipSetPageUnit
GdipResetWorldTransform
GdipCreateRegionPath
GdipSetPenWidth
GdipSetPenColor
GdipDeletePathIter
GdipPathIterNextMarkerPath
GdipAddPathArcI
GdipCreatePen2
GdipCreatePathIter
GdipAddPathLineI
GdipClosePathFigure
GdipSetSmoothingMode
GdipAddPathEllipseI
GdipDeleteFont
GdipSetTextRenderingHint
GdipSetPathMarker
GdipIsVisiblePathPointI
GdipStartPathFigure
GdipSetStringFormatLineAlign
GdipStringFormatGetGenericDefault
GdipCreatePath2
GdipGetRegionHRgn
GdipPathIterRewind
GdipCreateFontFromLogfontA
GdipIsVisibleRectI
GdipGetPointCount
GdipSetStringFormatFlags
GdipCreatePath
GdipFillPath
GdipDeletePath
GdipDrawPath
GdipWindingModeOutline
GdipAddPathRectangleI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteGraphics
GdipCloneBrush
GdipGetFontHeight

ole32

CoCreateInstance
ReleaseStgMedium
CoGetMalloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
OleInitialize

comctl32

ord412
ord410
ord413
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Create
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Draw
ImageList_Destroy

msimg32

GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
GetPrinterW
ClosePrinter
DeviceCapabilitiesW
ord203

wininet

HttpSendRequestA
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetConnectW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

urlmon

CoInternetGetSession

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
VariantInit
VariantClear
SysFreeString

shlwapi

ord219
PathIsRelativeW
StrStrW
StrRStrIW
StrStrIW
SHGetValueW
SHDeleteKeyW
PathAppendW
SHSetValueW
PathIsNetworkPathW
SHDeleteValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88ba4820f2d988b7dd9d9a4e95060122

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

c5:47:16:b6:73:13:b3:03:5e:03:d1:e7:8d:30:88:63Certificate

Extended Key Usages

Key Usages

73:d1:37:d7:d2:94:6b:ef:42:1d:5e:8e:92:5b:ff:6f:00:1e:75:50Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

comdlg32

shell32

gdiplus

ole32

comctl32

msimg32

winspool.drv

wininet

urlmon

oleaut32

shlwapi

version

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 159KB - Virtual size: 216KB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 135KB - Virtual size: 134KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

c5:47:16:b6:73:13:b3:03:5e:03:d1:e7:8d:30:88:63
Certificate

73:d1:37:d7:d2:94:6b:ef:42:1d:5e:8e:92:5b:ff:6f:00:1e:75:50
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 159KB - Virtual size: 216KB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 135KB - Virtual size: 134KB