2024-09-28_6212d1658872630598809208389a0526_floxif_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-28_6212d1658872630598809208389a0526_floxif_mafia
Size

192KB
MD5

6212d1658872630598809208389a0526
SHA1

6274d3c4d62c9ba247d267c6dc6e77b3d31c34e5
SHA256

16095ef8a09db37af4de848905a3f214cdc618af8b29984db883008c7307ba9d
SHA512

e30850d042f035fad571ca1d939a2f7d59e3b2b6ce83947de9425d9849247a5ff1ec47b3d99ec8b1c1499286b965ac40f3996cfe24e6f676e2500ada256d5e3b
SSDEEP

3072:IHPB3ErZhUrQWQXLcln5+JgiM0H2lQBV+UdE+rECWp7hKCa:WPBAUJQbc15ioABV+UdvrEFp7hK/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-28_6212d1658872630598809208389a0526_floxif_mafia

Files

2024-09-28_6212d1658872630598809208389a0526_floxif_mafia
.exe windows:5 windows x86 arch:x86

79a6d0a2f3147943a651e965147d60ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\SkyVirtual\Desktop\WCN Sample (Mod)\Release\WpsWin.pdb

Imports

wlanapi

WlanOpenHandle
WlanCloseHandle
WlanEnumInterfaces
WlanSetProfile
WlanFreeMemory

kernel32

SetUnhandledExceptionFilter
LoadLibraryW
SetStdHandle
WriteConsoleW
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetCurrentThreadId
SetEvent
GetVersion
CreateEventW
ResetEvent
CloseHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetStringTypeW
SetFilePointer
ReadFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
HeapFree
GetCommandLineW
HeapSetInformation
LCMapStringW
MultiByteToWideChar
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateFileW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetProcAddress
GetModuleHandleW
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapSize
GetModuleFileNameW
GetLocaleInfoW
FreeEnvironmentStringsW

user32

PostThreadMessageW

ole32

CoCreateInstance
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
StringFromGUID2
PropVariantClear
CoAddRefServerProcess

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79a6d0a2f3147943a651e965147d60ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wlanapi

kernel32

user32

ole32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 8KB - Virtual size: 7KB