2025-01-20_4a4f7a47f92c501892266713b7d49591_floxif_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-20_4a4f7a47f92c501892266713b7d49591_floxif_mafia
Size

1.0MB
MD5

4a4f7a47f92c501892266713b7d49591
SHA1

cb1e4e794cee73c06094655c240a58ab940db5c5
SHA256

3d1480ecac3c23a8f75156ad8012599464ce2f40f93309b0302f7ed5638024ed
SHA512

f42d06dcf72d716009f116f1f7dea76a19af8ccba4d12e602abf628cab93d6963ded7336c8c8c4df64aeb33e91bbf2fdf10e79b3a2234b468362eaf3e0a2d07f
SSDEEP

24576:POsjHDy7VjaXRqgw1335WehSkBeS+evv0ojrEH7Fr:POOy7VjaXR9W335fSkBeS+evv0owr

Score

1^/10

Malware Config

Signatures

Files

2025-01-20_4a4f7a47f92c501892266713b7d49591_floxif_mafia
.exe windows:5 windows x86 arch:x86

12efd840a25354efb68cb54afd593aee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/09/2011, 00:00

Not After

01/09/2014, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:1d:1c:d6:28:22:6e:64:b1:9d:86:7f:97:40:c3:66:fe:93:0d:9c
Signer

Actual PE Digest

50:1d:1c:d6:28:22:6e:64:b1:9d:86:7f:97:40:c3:66:fe:93:0d:9c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r304\r304_00\drivers\notifius\ComUpdatus\exe\Win32\Release\ComUpdatus.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiSetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiDestroyDeviceInfoList

kernel32

EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetVersionExW
GetNativeSystemInfo
PeekNamedPipe
SystemTimeToFileTime
GetTickCount
GetSystemTimeAsFileTime
WriteFile
FileTimeToSystemTime
ReadFile
CreateFileW
SetThreadPriority
FlushFileBuffers
FileTimeToLocalFileTime
ResumeThread
WideCharToMultiByte
GetModuleHandleExW
GetSystemDirectoryW
GetFileAttributesW
GetStartupInfoW
GetStdHandle
SetLastError
FindClose
GetWindowsDirectoryW
InitializeCriticalSection
GetCurrentDirectoryW
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetUserDefaultUILanguage
DeviceIoControl
GetProcessAffinityMask
SetThreadAffinityMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
DebugBreak
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
WriteConsoleW
VirtualQuery
GetProcessHeap
SetFilePointer
LoadLibraryW
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
IsWow64Process
GetCurrentThread
LocalFree
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
Sleep
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SetEvent
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapSize
HeapReAlloc
ExitProcess
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
GetFileInformationByHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
QueryPerformanceCounter
TlsFree
TerminateProcess
LCMapStringW
RtlUnwind
GetCPInfo
FindFirstFileExA
GetDriveTypeA
GetFileType
SetStdHandle
ExitThread
HeapSetInformation
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
TlsSetValue
TlsGetValue
TlsAlloc

user32

EnumDisplayDevicesW
CharNextW
CharUpperW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
EnumDisplaySettingsExW

advapi32

RegCreateKeyExW
IsValidSid
LookupAccountNameW
CopySid
AddAce
AddAccessAllowedAce
GetAce
EqualSid
GetAclInformation
DeleteAce
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorSacl
FreeSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorGroup
RevertToSelf
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
OpenThreadToken
ImpersonateSelf
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoCreateGuid
CoSetProxyBlanket
CoTaskMemFree

oleaut32

SafeArrayGetElement
VariantCopy
SafeArrayGetLBound
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12efd840a25354efb68cb54afd593aee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

50:1d:1c:d6:28:22:6e:64:b1:9d:86:7f:97:40:c3:66:fe:93:0d:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 641KB - Virtual size: 641KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 143KB - Virtual size: 143KB

.reloc Size: 61KB - Virtual size: 60KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

50:1d:1c:d6:28:22:6e:64:b1:9d:86:7f:97:40:c3:66:fe:93:0d:9c
Signer

.text
Size: 641KB - Virtual size: 641KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 143KB - Virtual size: 143KB

.reloc
Size: 61KB - Virtual size: 60KB