2023-08-26_fed5fbc77dd5624ea783e9c2aad0a332_floxif_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_fed5fbc77dd5624ea783e9c2aad0a332_floxif_icedid_JC.exe
Size

251KB
MD5

fed5fbc77dd5624ea783e9c2aad0a332
SHA1

d526345edbb10e755f7b1b271e9a307e1d5460b6
SHA256

7fd0ef9881b85f228a6d10c4f853965aded93dcfb29747e9901a0cdd18937fcb
SHA512

b4003be3d17db168eef729af171311d4e26a86aef6f33e2e003e764e74bdb7d8ef0d02827248994137d0510e2378eb528020b46d5493ab7a4c3152c93883319c
SSDEEP

6144:2QgNvp/46zuEzu4WnSSUlJOBV+UdvrEFp7hKsm4l9:0Nh/46ySSUlJOBjvrEH7rm4l9

Score

1^/10

Malware Config

Signatures

Files

2023-08-26_fed5fbc77dd5624ea783e9c2aad0a332_floxif_icedid_JC.exe
.exe windows:4 windows x86

19e203d4c89b7c1c51bc486f8ff0e203

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d5:c9:e2:94:9d:48:ab:ac:cd:35:14:f0:fb:22:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03/08/2009, 00:00

Not After

03/08/2012, 23:59

Subject

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:d7:ad:5f:10:40:5a:a0:7e:4a:68:98:29:81:d9:0b:68:e3:26:85
Signer

Actual PE Digest

fd:d7:ad:5f:10:40:5a:a0:7e:4a:68:98:29:81:d9:0b:68:e3:26:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
HeapFree
TerminateProcess
ExitProcess
RtlUnwind
GetStartupInfoW
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleHandleA
GlobalFlags
InterlockedDecrement
InterlockedIncrement
lstrcatW
WritePrivateProfileStringW
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
CloseHandle
GlobalAddAtomW
lstrlenW
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
GetUserDefaultUILanguage
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
InterlockedExchange

user32

DestroyMenu
RegisterWindowMessageW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongW
GetDlgItem
GetSystemMetrics
GetSysColorBrush
UnregisterClassW
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextW
SetWindowTextW
GetClassNameW
MessageBoxW
IsWindowEnabled
EnableWindow
wsprintfW
LoadCursorW
GetCapture
GetLastActivePopup
ClientToScreen
GetWindowLongW
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SendMessageW
SetCursor
PostQuitMessage
PostMessageW

gdi32

ExtTextOutW
TextOutW
RectVisible
PtVisible
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
Escape

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19e203d4c89b7c1c51bc486f8ff0e203

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

12:d5:c9:e2:94:9d:48:ab:ac:cd:35:14:f0:fb:22:adCertificate

Extended Key Usages

Key Usages

fd:d7:ad:5f:10:40:5a:a0:7e:4a:68:98:29:81:d9:0b:68:e3:26:85Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 44KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

12:d5:c9:e2:94:9d:48:ab:ac:cd:35:14:f0:fb:22:ad
Certificate

fd:d7:ad:5f:10:40:5a:a0:7e:4a:68:98:29:81:d9:0b:68:e3:26:85
Signer

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 44KB - Virtual size: 40KB