2024-10-01_e5a59fdd1a1dbce74ec5af38ca03814e_floxif_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-01_e5a59fdd1a1dbce74ec5af38ca03814e_floxif_mafia
Size

2.0MB
MD5

e5a59fdd1a1dbce74ec5af38ca03814e
SHA1

8c5baa2b8706f57de8ab8817d0930be28bef655b
SHA256

1087cf9100dc032ea06099edfb4e86104d7ad8f030d722b3743029d9f7ed3b7a
SHA512

1bdfb83579b69835ffd60a85b28cf095af92b1bb9704105aa139feae2d34c571052694721fa7c95dee731fd184f59ce42b656fd710245bd4101f2eeb7f027b45
SSDEEP

49152:BZM1428tFOB32uKbBZXd/869T/m9V35uF8mMOzLjKJTzOmkHamhTBg8fSuUhMq3D:bU3Jm/lT/uVpuF8mMEi/6HamX9SuI6h+

Score

1^/10

Malware Config

Signatures

Files

2024-10-01_e5a59fdd1a1dbce74ec5af38ca03814e_floxif_mafia
.exe windows:5 windows x86 arch:x86

6ad3ddc970c36d182cfed57e3082aa62

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:91:6d:1c:40:a6:e1:97:0d:69:5f:07:f6:5f:91:dd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/11/2019, 00:00

Not After

04/11/2021, 23:59

Subject

CN=주식회사 아이스토리지,OU=IT Team,O=주식회사 아이스토리지,L=Gangnam-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:8f:f2:00:75:27:f2:87:ff:ff:4f:61:19:81:07:91:7e:c9:7a:69
Signer

Actual PE Digest

be:8f:f2:00:75:27:f2:87:ff:ff:4f:61:19:81:07:91:7e:c9:7a:69

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\FileSun.com\FileSunLauncher.pdb

Imports

ws2_32

inet_addr
socket
connect
ntohl
htons
WSASocketA
setsockopt
WSAGetLastError
inet_ntoa
gethostname
gethostbyname
ntohs
closesocket
WSACleanup
WSARecv
WSAIoctl
WSAStartup
WSARecvFrom
WSASend
WSASendTo

kernel32

GetStdHandle
GetCPInfo
GetACP
GetOEMCP
FileTimeToSystemTime
GetLocalTime
TerminateProcess
GetExitCodeProcess
RaiseException
GetDriveTypeW
GetLogicalDrives
GetDiskFreeSpaceExA
GetCurrentThread
GetFileAttributesW
CreateDirectoryW
CreateProcessW
TlsSetValue
VerifyVersionInfoW
VerSetConditionMask
SetLastError
InterlockedCompareExchange
GetQueuedCompletionStatus
CreateIoCompletionPort
QueueUserAPC
TerminateThread
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
FreeLibrary
lstrcmpiW
GetCurrentProcess
lstrlenA
TlsGetValue
SetEvent
GetSystemTimeAsFileTime
CreateWaitableTimerW
SetWaitableTimer
SleepEx
VirtualAlloc
GetTickCount
WaitForSingleObject
CreateEventW
HeapCreate
IsProcessorFeaturePresent
GetCommandLineW
Process32NextW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetStdHandle
VirtualQuery
HeapSize
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
CloseHandle
IsDebuggerPresent
OpenProcess
Sleep
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
TlsFree
VirtualFree
WideCharToMultiByte
lstrlenW
GetComputerNameA
PostQueuedCompletionStatus
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetLastError
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CreateFileA
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapQueryInformation
ExitProcess
HeapReAlloc
RtlUnwind
GetConsoleMode
GetConsoleCP
HeapSetInformation
GetFileType
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
SetEnvironmentVariableA
FormatMessageA
ReleaseSemaphore
WaitForSingleObjectEx
OpenEventA
ResetEvent
DecodePointer
EncodePointer
MultiByteToWideChar
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
FreeResource
GlobalFindAtomW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
CompareStringW
ReleaseActCtx
CreateActCtxW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GlobalGetAtomNameW
FileTimeToLocalFileTime
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
CreateFileW
GetCurrentProcessId
SetErrorMode
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
LoadLibraryW
DeactivateActCtx
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
CreateEventA
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
CreateDirectoryA
GetFileAttributesA
ResumeThread
SetThreadPriority

user32

AdjustWindowRectEx
RegisterClassW
DestroyIcon
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetClassInfoExW
EqualRect
DeferWindowPos
CreateWindowExW
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MonitorFromWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
LoadIconW
InflateRect
GetMenuItemInfoW
DestroyMenu
IsRectEmpty
OffsetRect
IsIconic
IsZoomed
SetWindowRgn
SetParent
GetScrollInfo
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
IntersectRect
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
CopyImage
TranslateAcceleratorW
InsertMenuItemW
LoadImageW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
SetFocus
SetScrollPos
GetScrollPos
CheckDlgButton
GetDlgItem
SendDlgItemMessageW
IsDialogMessageW
IsWindow
SetWindowLongW
MoveWindow
ShowWindow
SetWindowPos
GetMenu
DestroyAcceleratorTable
GetUpdateRect
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetMenuDefaultItem
GetParent
GetWindowThreadProcessId
IsWindowVisible
GetWindow
PostMessageW
RegisterWindowMessageW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetIconInfo
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
InvertRect
HideCaret
GetNextDlgGroupItem
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
CallWindowProcW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
PostQuitMessage
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
SendMessageW
GetSystemMetrics
CharUpperW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
UnhookWindowsHookEx
GetWindowTextW
GetWindowTextLengthW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
ShowOwnedPopups
DeleteMenu
CopyRect
SetRectEmpty
GetMonitorInfoW
SystemParametersInfoW
EnumDisplayMonitors
SetLayeredWindowAttributes
GetClientRect
MapWindowPoints
DefWindowProcW
GetClassInfoW
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
SetWindowTextW
PtInRect
GetClassNameW
GetWindowRect
GetDlgCtrlID
RealChildWindowFromPoint
GetDesktopWindow

iphlpapi

GetAdaptersInfo

gdi32

SetPixelV
GetTextFaceW
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Rectangle
SetPixel
StretchBlt
RealizePalette
SetDIBColorTable
GetRgnBox
OffsetRgn
DPtoLP
SetRectRgn
Polygon
Ellipse
Polyline
CreateEllipticRgn
PatBlt
GetTextColor
GetBkColor
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
CreateDIBitmap
GetStockObject
CreatePen
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateRectRgnIndirect
CreateCompatibleDC
BitBlt
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

StartServiceCtrlDispatcherW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegQueryValueW
RegDeleteKeyW
DuplicateTokenEx
DeleteService
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHAppBarMessage
SHGetSpecialFolderPathW

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW
AssocQueryStringW

ole32

CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
StringFromGUID2
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
IsAccelerator

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantChangeType
VarBstrFromDate

mswsock

GetAcceptExSockaddrs
AcceptEx

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rpcrt4

UuidCreate

wsock32

listen
htonl
bind

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipDrawImageI
GdipGetImageGraphicsContext
GdipGetImageHeight

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad3ddc970c36d182cfed57e3082aa62

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3b:91:6d:1c:40:a6:e1:97:0d:69:5f:07:f6:5f:91:ddCertificate

Extended Key Usages

Key Usages

be:8f:f2:00:75:27:f2:87:ff:ff:4f:61:19:81:07:91:7e:c9:7a:69Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

iphlpapi

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

mswsock

wtsapi32

userenv

rpcrt4

wsock32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.3MB

.rdata Size: 315KB - Virtual size: 314KB

.data Size: 31KB - Virtual size: 62KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 188KB - Virtual size: 187KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3b:91:6d:1c:40:a6:e1:97:0d:69:5f:07:f6:5f:91:dd
Certificate

be:8f:f2:00:75:27:f2:87:ff:ff:4f:61:19:81:07:91:7e:c9:7a:69
Signer

.text
Size: 1.4MB - Virtual size: 1.3MB

.rdata
Size: 315KB - Virtual size: 314KB

.data
Size: 31KB - Virtual size: 62KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 188KB - Virtual size: 187KB