General
-
Target
2025-04-03_80dea871a386235fe14c01346975e6ea_amadey_floxif_smoke-loader
-
Size
6.3MB
-
Sample
250403-varjsask19
-
MD5
80dea871a386235fe14c01346975e6ea
-
SHA1
017a90cd9b99a2c73bd77d8589b1415300d4d950
-
SHA256
dce2dd410fc1e561dbbd16c632caf36d91231790336e5cf37b1e62c8c65da6ab
-
SHA512
b0b3d1e47b8968ace0e8b5c81dc762230304ed4877a0b5694c7e6e8f6b4bf8417953eab75c312e7cdeeb9c675fb31ed4ef262840719503e6dee3bab82e224d4d
-
SSDEEP
49152:VbA1AZFxjRniITY86GwBan2qXg4CH0S+DG4EqJpTblhCAra9j+D5NUOWWuvks97I:Vb4AZTEiwB0BbhCAra9s5YH9bq
Malware Config
Targets
-
-
Target
2025-04-03_80dea871a386235fe14c01346975e6ea_amadey_floxif_smoke-loader
-
Size
6.3MB
-
MD5
80dea871a386235fe14c01346975e6ea
-
SHA1
017a90cd9b99a2c73bd77d8589b1415300d4d950
-
SHA256
dce2dd410fc1e561dbbd16c632caf36d91231790336e5cf37b1e62c8c65da6ab
-
SHA512
b0b3d1e47b8968ace0e8b5c81dc762230304ed4877a0b5694c7e6e8f6b4bf8417953eab75c312e7cdeeb9c675fb31ed4ef262840719503e6dee3bab82e224d4d
-
SSDEEP
49152:VbA1AZFxjRniITY86GwBan2qXg4CH0S+DG4EqJpTblhCAra9j+D5NUOWWuvks97I:Vb4AZTEiwB0BbhCAra9s5YH9bq
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-