Floki Bot is a new malware variant that has recently been offered for sale on darknet markets. It is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011. Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make it more difficult to detect. The infection process is comprised of several steps. It attempts to inject malicious code into ‘explorer.exe’ – the Microsoft Windows file manager. If it is unable to open ‘Explorer.Ex’ it will then inject into’svchost.exe.”]
Source: https://blog.talosintelligence.com/2016/12/flokibot-collab.html