Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Resurgence of virus infector PE_FLOXIF

    • Updated:
    • 19 Aug 2020
    • Product/Version:
    • Apex One
    • Apex One as a Service
    • OfficeScan 11.0
    • OfficeScan XG
    • Worry-Free Business Security Standard All
    • Platform:

The PE_Floxif family is a known virus infector that was first observed and detected by Trend Micro since 2012. Just recently, there is an observed increase in incidents related to this PE infection. This article showcases details about this threat and provides information should users encounter this type of malware.

"PE_" is the Trend Micro detection for "Portable Executable Malware " .These are malicious program that self-copy or insert itself to another program - commonly refer to as a virus infector. Floxif entry point is like other malware. Normally, it may be downloaded via web/email, dropped by other malware and the most common is when a previously infected file is shared either via USB or Shared Drive.

Virus Reports


  • Anti-Sandbox Mechanism
  • Infects EXEs and DLLs running on the background and attaches itself as part of its routine
  • Persistence on Load AppInit which allows the malware to hook the main malware file to any executable that the user executes

Indicators of Compromise

  • hxxps://trendupdate[.]dns05[.]com (C&C Server) – no longer accessible
DetectionsHash (SHA1)
SolutionOPR / POLICY
Behavior Monitoring (TMTD)PA4734S


  1. Check how many endpoints are affected by doing the following.
    1. Filter Virus Logs / Anti-Malware Events by their detection name.
    2. Create a Pivot Table similar to the following.

  2. Identify Infection sources by filtering through Source Host which can be done either on the pivot table or on the web portal.

  3. Isolate the endpoints for cleanup.
  4. For a larger outbreak, Outbreak Prevention Policies can be utilized.


For Endpoints with functional and updated Security Software:

  1. Configure Real Time Scan, Scheduled Scan, Manual Scan, and Scan Now with the following Settings.
    • Set scan target to "All scannable files".

    • Set scan actions to customized actions.

    • Remove scan exclusions.

  2. Perform a network-wide scan.

For Isolated Endpoints or Endpoints without Functional AV Software:

  • Option 1: ATTK Offline Clean Tool
    1. Download Trend Micro Anti-Threat Toolkit – Offline Clean Tool:


    2. Since the malware infects .exe files, change the extension of the tool to .com. It is recommended to run it inside C:\Windows\.
    3. Click Fix on the detected items, and click Restart once prompted.

  • Option 2: Trend Micro Rescue Disk
    1. For Cleanup choose Scan for Security Threats.

    2. Perform a Full Scan.

    3. A message should appear once the files are cleaned. For files that are not cleaned, this can be deleted manually or sent to Trend Micro for analysis.

Remove a Malware / Virus
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.