2024-10-17_d882edf9617b0f0f522f39b40e6a5de6_floxif_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-17_d882edf9617b0f0f522f39b40e6a5de6_floxif_mafia
Size

2.5MB
MD5

d882edf9617b0f0f522f39b40e6a5de6
SHA1

eaea57cec34f3a0c5dbf18f121a6765d84f60e4c
SHA256

b6dce55dc2756b77395bf8799e91b9e6abf2570441bfc2de7875c6f2d0cb929b
SHA512

f20bfa2a76b26d3e9a1a2d9f6307913f628a137ec957ca65d5439e043fe31e6bbc1de33ec57d473bbda3d066c4bd9d02f4c14c4905dca82b29f3dc12172b40bf
SSDEEP

49152:+uIIKpofs2hPd2l177BTK2VbDsar1YDj6:+jEfs2hPIl1/V

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_d882edf9617b0f0f522f39b40e6a5de6_floxif_mafia
.exe windows:5 windows x86 arch:x86

97f5c5cdc5e80758b7adff3a733244ad

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30-09-2010 00:00

Not After

01-01-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14-11-2011 00:00

Not After

13-11-2014 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:a5:70:6a:27:40:3e:1e:92:45:41:18:ce:b4:37:b3:5f:f5:a2:3f
Signer

Actual PE Digest

40:a5:70:6a:27:40:3e:1e:92:45:41:18:ce:b4:37:b3:5f:f5:a2:3f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\p\agents\hpam2.eem\recipes\201152726\base\branches\inputtools_win_release_branch\googleclient\ime\goopy\scons-out\opt\obj\components\win_frontend\ipc_console.pdb

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
ConvertSidToStringSidW
GetLengthSid
GetSecurityInfo
CopySid
GetUserNameW
GetTokenInformation
OpenProcessToken
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenCurrentUser
RegQueryValueExW
RegNotifyChangeKeyValue
GetSidSubAuthority
GetSidSubAuthorityCount
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
IsValidSid

kernel32

TerminateProcess
GetModuleFileNameA
IsDebuggerPresent
GetCurrentThreadId
OutputDebugStringA
ReleaseMutex
CloseHandle
DebugBreak
GetTempPathA
GlobalAlloc
LocalFree
ResetEvent
SetEvent
WaitForMultipleObjects
CreateThread
Sleep
GetVersionExW
InterlockedCompareExchange
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
QueryPerformanceCounter
FindFirstFileW
FindNextFileW
GetFullPathNameW
DeleteFileW
RemoveDirectoryW
GetSystemTime
LockResource
FindResourceExW
FindClose
MulDiv
SetProcessWorkingSetSize
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateFileW
GetTickCount
WriteFile
ExitThread
LoadLibraryW
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapFree
GetProcessHeap
ConnectNamedPipe
CreateNamedPipeW
CancelIo
ReadFile
GetOverlappedResult
FlushInstructionCache
SetLastError
InterlockedExchange
EncodePointer
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
HeapSetInformation
GetStartupInfoW
ExitProcess
VirtualProtect
VirtualQuery
RtlUnwind
GetCPInfo
LCMapStringW
GetStdHandle
HeapCreate
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetThreadLocale
CopyFileW
SetFileAttributesW
GetTempPathW
GetFileSizeEx
CreateDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
CreateMutexW
WaitForSingleObject
GetCurrentProcess
CreateProcessW
GlobalFree
GlobalLock
GlobalUnlock
SetThreadPriority
ResumeThread
OpenThread
FormatMessageA
GetModuleHandleA
AllocConsole
LoadLibraryA
GetLongPathNameW
GetTempFileNameW
MoveFileW
GetFileAttributesExW
GetDiskFreeSpaceExW
GetDriveTypeW
GetUserDefaultUILanguage
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileExW
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeA
FindFirstFileExA
GetFullPathNameA
GetCommandLineW
InitializeCriticalSection
CreateEventW
GetCurrentProcessId
ProcessIdToSessionId
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindResourceW
LoadResource
GetFileSize
SizeofResource
RaiseException
lstrcmpiW
lstrlenW
FreeLibrary
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetLastError
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar

user32

SetWindowPos
LoadCursorW
DestroyMenu
CreatePopupMenu
TrackPopupMenu
TrackPopupMenuEx
GetShellWindow
GetDC
ReleaseDC
AppendMenuW
SetMenuItemBitmaps
SendMessageW
UnregisterClassA
MoveWindow
GetWindowRect
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
ShowWindow
IsWindowVisible
CharNextW
IsWindowEnabled
SetCapture
SetWindowRgn
GetClassInfoExW
SetRect
TrackMouseEvent
GetKeyState
ReleaseCapture
UpdateLayeredWindow
OffsetRect
SetCursor
IntersectRect
MessageBoxA
wvsprintfW
wsprintfW
MessageBoxW
IsWindow
DispatchMessageW
DefWindowProcW
CreateWindowExW
SetWindowLongW
PeekMessageW
GetWindowLongW
RegisterClassExW
TranslateMessage
KillTimer
PostMessageW
PostQuitMessage
GetMessageW
SetTimer
DestroyWindow
GetMonitorInfoW
SetWindowTextW
GetCursorPos
EndDialog
GetDlgItem
SetCursorPos
GetForegroundWindow
SetFocus
DialogBoxParamW
MonitorFromPoint
ScreenToClient
ClientToScreen

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysStringLen
SysAllocString
VarUI4FromStr

gdi32

EnumEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
GetCurrentObject
GetFontUnicodeRanges
GetTextMetricsW
GetOutlineTextMetricsW
GetObjectA
AddFontMemResourceEx
DeleteEnhMetaFile
CreateFontIndirectW
CreateRectRgn
BitBlt
CreateCompatibleDC
DeleteDC
CombineRgn
ExtCreateRegion
GetDIBits
CreateDCW
GetObjectW
DeleteObject
RemoveFontMemResourceEx
SelectObject
GetDeviceCaps
CreateDIBSection

gdiplus

GdipCreateFromHDC
GdipGraphicsClear
GdiplusStartup
GdipCloneImage
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipCreateBitmapFromScan0
GdipFree
GdipRestoreGraphics
GdiplusShutdown
GdipBitmapGetPixel
GdipGetImagePixelFormat
GdipDrawImageRectRectI
GdipPrivateAddFontFile
GdipDrawImageI
GdipSetClipGraphics
GdipCloneFontFamily
GdipCreateRegion
GdipDeleteRegion
GdipSetEmpty
GdipCombineRegionRect
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipSetImageAttributesRemapTable
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipCreateBitmapFromStream
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawDriverString
GdipFillRectangleI
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreateTextureIAI
GdipSetTextureWrapMode
GdipCreatePen1
GdipDeletePen
GdipGetPenWidth
GdipSetCompositingQuality
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipScaleWorldTransform
GdipRotateWorldTransform
GdipDrawLine
GdipFillRectangle
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRegion
GdipResetClip
GdipSaveGraphics
GdipCreateTextureIA
GdipGetFamilyName
GdipSaveImageToStream

winmm

timeGetTime

crypt32

CryptFindOIDInfo

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW

shlwapi

PathCanonicalizeW
PathCombineW
PathFileExistsW
StrDupW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathIsDirectoryW
PathIsRelativeW

secur32

CompleteAuthToken
FreeCredentialsHandle
AcquireCredentialsHandleA
InitializeSecurityContextA
DeleteSecurityContext
QueryCredentialsAttributesW
FreeContextBuffer
QueryContextAttributesW
DecryptMessage
EncryptMessage
ApplyControlToken
AcquireCredentialsHandleW

usp10

ScriptItemize
ScriptBreak
ScriptShape
ScriptStringFree
ScriptStringOut
ScriptStringAnalyse
ScriptCPtoX
ScriptLayout
ScriptPlace
ScriptFreeCache

ws2_32

getsockopt
socket
getsockname
getpeername
bind
connect
setsockopt
send
sendto
recv
recvfrom
listen
WSACloseEvent
closesocket
ioctlsocket
WSAEnumNetworkEvents
WSAGetLastError
WSAWaitForMultipleEvents
WSAEventSelect
WSAStartup
WSACleanup
WSACreateEvent
getaddrinfo
freeaddrinfo
WSAResetEvent
WSASetEvent
accept
WSCEnumProtocols

wininet

InternetQueryOptionW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97f5c5cdc5e80758b7adff3a733244ad

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

40:a5:70:6a:27:40:3e:1e:92:45:41:18:ce:b4:37:b3:5f:f5:a2:3fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ole32

oleaut32

gdi32

gdiplus

winmm

crypt32

shell32

shlwapi

secur32

usp10

ws2_32

wininet

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 360KB - Virtual size: 360KB

.data Size: 108KB - Virtual size: 119KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 161KB - Virtual size: 161KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

40:a5:70:6a:27:40:3e:1e:92:45:41:18:ce:b4:37:b3:5f:f5:a2:3f
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 360KB - Virtual size: 360KB

.data
Size: 108KB - Virtual size: 119KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 161KB - Virtual size: 161KB