2025-01-25_5294df89b23448c5257883f4847c8461_floxif_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-25_5294df89b23448c5257883f4847c8461_floxif_mafia
Size

239KB
MD5

5294df89b23448c5257883f4847c8461
SHA1

c26765bfa7eac44de55fa09a0c120ac768d879af
SHA256

7ffe40ae7bd130d426c95558a3d83d6c4f05815f99c4834293fb7a3a21e9549e
SHA512

133e3237b1162782f6e4a4e8f208fe34521af533bcf91ba95a0b2810d8a2065f76a8ca8504b47dea4485172b50313a7bca45552ab941f49773f36452d5a6e445
SSDEEP

6144:ObEtpodDMjfSZlNn/IcpGnzfBV+UdvrEFp7hK0oV:OWGdDMj6nNn/ppOzfBjvrEH7bc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-25_5294df89b23448c5257883f4847c8461_floxif_mafia

Files

2025-01-25_5294df89b23448c5257883f4847c8461_floxif_mafia
.exe windows:5 windows x86 arch:x86

6e54e36f6bf5551894b9b915361bfa7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Perforce\U71_Pajace_Chen_Workspace_W8\PCTools\review\IPT\v2.0.1\Release\PassThruSvr.pdb

Imports

ws2_32

inet_addr
WSAStartup
WSAResetEvent
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSACloseEvent
WSARecv
WSACreateEvent
send
shutdown
ntohs
WSASocketW
WSACleanup
closesocket
connect
htons
WSAGetLastError
inet_ntoa

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
NotifyAddrChange

dbghelp

MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetFileAttributesA
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetLastError
GetProcessHeap
HeapFree
CreateThread
CloseHandle
Sleep
SetEvent
WaitForSingleObject
ResetEvent
GetExitCodeThread
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
GetLocalTime
GetLocaleInfoW
CreateFileA
OutputDebugStringW
WriteFile
CreateProcessW
GetLastError
EnterCriticalSection
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
LeaveCriticalSection
TerminateProcess
FlushFileBuffers
CreatePipe
SetHandleInformation
ReadFile
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
lstrcmpiW
SetUnhandledExceptionFilter
GetModuleFileNameW
GetTickCount
HeapAlloc
FormatMessageW
OutputDebugStringA
LocalFree
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
GetStringTypeW
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
CreateProcessA
DuplicateHandle
HeapReAlloc
RaiseException
RtlUnwind
CompareStringW
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
LCMapStringW
UnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

advapi32

StartServiceCtrlDispatcherW
StartServiceW
DeleteService
ControlService
QueryServiceStatusEx
OpenServiceW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e54e36f6bf5551894b9b915361bfa7e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

dbghelp

version

kernel32

advapi32

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB