2024-01-06_28e4b56403c3dce2ae895782f85b2e5b_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_28e4b56403c3dce2ae895782f85b2e5b_floxif_icedid
Size

1.6MB
MD5

28e4b56403c3dce2ae895782f85b2e5b
SHA1

46fef89fc539a9f6499e92ce884698214da2494c
SHA256

537a407948e2500e1286001122aa4804da223c9ad391a49f88c5d69b196443ec
SHA512

3366aceec7b564aa8d9219d298b71856134645612c61c50abb82e304567970d27c519aceba2c09945eb57a7ea23473a6af322266de3c6e3bbae6a91fbd12f2b7
SSDEEP

24576:1TAy8hg5D7PsYk9rbpBH104HIqNO/jAm4LaTrmZZaEuWrEH7E:xAZyJ7Ps3JHry1xTmZzum

Score

1^/10

Malware Config

Signatures

Files

2024-01-06_28e4b56403c3dce2ae895782f85b2e5b_floxif_icedid
.exe windows:4 windows x86 arch:x86

2fe6d5fda94c2d67991a1761f66f76d2

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:19:6b:9a:32:0c:ac:34:bd:6f:68:5b:a2:63:e6:f3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

18/10/2024, 23:59

Subject

CN=TOBESOFT Co.\, Ltd.,OU=Reseach and Development,O=TOBESOFT Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:19:6b:9a:32:0c:ac:34:bd:6f:68:5b:a2:63:e6:f3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

18/10/2024, 23:59

Subject

CN=TOBESOFT Co.\, Ltd.,OU=Reseach and Development,O=TOBESOFT Co.\, Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:e1:fa:b3:61:38:a4:63:32:24:13:e1:e0:03:e0:e8:30:af:72:1b:af:f9:88:c9:60:a7:b8:37:b8:97:51:22
Signer

Actual PE Digest

fd:e1:fa:b3:61:38:a4:63:32:24:13:e1:e0:03:e0:e8:30:af:72:1b:af:f9:88:c9:60:a7:b8:37:b8:97:51:22

Digest Algorithm

sha256

PE Digest Matches

false

e8:25:35:dd:6b:ba:c0:02:b6:a4:01:e3:c4:b7:8e:30:6d:e2:87:d5
Signer

Actual PE Digest

e8:25:35:dd:6b:ba:c0:02:b6:a4:01:e3:c4:b7:8e:30:6d:e2:87:d5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

httpapi

HttpRemoveUrl
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpDeleteServiceConfiguration
HttpReceiveRequestEntityBody
HttpAddUrl
HttpInitialize
HttpSetServiceConfiguration
HttpCreateHttpHandle
HttpTerminate

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathRemoveFileSpecA
PathIsDirectoryW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFileExistsW

iphlpapi

GetTcpTable

kernel32

DuplicateHandle
GetCurrentThreadId
DeleteCriticalSection
CreateMutexA
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
InitializeCriticalSection
InterlockedCompareExchange
InterlockedIncrement
GetModuleHandleA
GetVersionExA
ReadFile
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
GetWindowsDirectoryW
SetLastError
lstrcpyW
GetCurrentThread
FormatMessageW
OutputDebugStringA
GetExitCodeThread
GetCurrentDirectoryW
Module32NextW
Module32FirstW
GetSystemDirectoryW
GetSystemInfo
CreateDirectoryW
FindClose
GetExitCodeProcess
MoveFileExW
TerminateProcess
FindFirstFileW
TerminateThread
GetTempPathW
FindNextFileW
SetFileAttributesW
CopyFileW
GetProcAddress
GetCurrentProcess
FreeLibrary
LoadLibraryW
lstrlenA
GetModuleFileNameA
ResetEvent
TlsAlloc
LoadResource
GetTickCount
HeapFree
FindResourceW
GetProcessHeap
ExitThread
CreateEventW
Sleep
GetLastError
SizeofResource
CloseHandle
GetModuleHandleW
GetCommandLineW
GetVersionExW
LocalFree
DeleteFileW
WideCharToMultiByte
WriteFile
OpenProcess
CreateFileW
Process32NextW
MultiByteToWideChar
GetTempFileNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetFileAttributesW
OutputDebugStringW
GetModuleFileNameW
SetEvent
LockResource
lstrlenW
HeapAlloc
WaitForSingleObject
TlsGetValue
GetACP
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineA
InterlockedDecrement
SetFilePointer
SetEndOfFile
GetFileSize
FileTimeToLocalFileTime
GetFileTime
GetLocaleInfoW
CreateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStdHandle
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
SetStdHandle
RaiseException
GetTimeZoneInformation
GetFileType
RtlUnwind
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
GetSystemTimeAsFileTime
GlobalFindAtomW
LoadLibraryA
GlobalAddAtomW
CompareStringW
GlobalFlags
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpW
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GlobalDeleteAtom
SetErrorMode
GetThreadLocale
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
LocalAlloc
GetCurrentProcessId
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
WritePrivateProfileStringW

user32

GetClassLongW
wsprintfW
DispatchMessageW
TranslateMessage
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageW
CharUpperW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
SendMessageW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetMessageW
CallNextHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
SetWindowTextW
PtInRect
GetClassNameW
GetDlgCtrlID
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
CallWindowProcW
DefWindowProcW
CopyRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropW
GetPropW
SetPropW
GetWindowThreadProcessId
GetCapture
WinHelpW
LoadIconW
ShowWindow
DestroyMenu
UnregisterClassA
PeekMessageW
GetParent
GetWindowLongW
GetWindowTextW
ExitWindowsEx
GetActiveWindow
EnumWindows
GetSystemMetrics
SetRectEmpty
GetWindowRect
BroadcastSystemMessageW
RegisterWindowMessageW
MsgWaitForMultipleObjects
SetFocus
WaitForInputIdle

advapi32

StartServiceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegCreateKeyExW
CreateProcessAsUserW
ControlService
EnumDependentServicesW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
SetServiceStatus
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
AdjustTokenPrivileges
ConvertSidToStringSidW
CryptAcquireContextW
OpenProcessToken
CryptReleaseContext
OpenSCManagerW
GetTokenInformation
CreateServiceW
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ChangeServiceConfig2W
OpenServiceW
DeleteService
QueryServiceStatusEx
GetUserNameW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SafeArrayPutElement
SysStringLen
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SafeArrayCreate
VariantClear
VariantCopy
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString

urlmon

URLDownloadToFileW
URLOpenBlockingStreamW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

ioctlsocket
bind
listen
accept
WSAStartup
WSAGetLastError
setsockopt
htonl
closesocket
recv
send
htons
WSACleanup
inet_addr
socket
ntohl
__WSAFDIsSet
ntohs

libcrypto-1_1

ERR_reason_error_string
OPENSSL_init_crypto

libssl-1_1

SSL_set_fd
SSL_get_error
SSL_accept
SSL_shutdown
SSL_free
SSL_write
SSL_read
OPENSSL_init_ssl
SSL_CTX_new
TLSv1_2_server_method
SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_check_private_key
SSL_CTX_free
SSL_new

crypt32

CertCloseStore
CertOpenStore
CryptHashCertificate
CertEnumCertificatesInStore
CertGetNameStringW

cryptui

CryptUIWizImport

wininet

HttpOpenRequestW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetStockObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

GetFileTitleW

Exports

Exports

IsServerMode
SetServerMode

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fe6d5fda94c2d67991a1761f66f76d2

Code Sign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

03:19:6b:9a:32:0c:ac:34:bd:6f:68:5b:a2:63:e6:f3Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:19:6b:9a:32:0c:ac:34:bd:6f:68:5b:a2:63:e6:f3Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

fd:e1:fa:b3:61:38:a4:63:32:24:13:e1:e0:03:e0:e8:30:af:72:1b:af:f9:88:c9:60:a7:b8:37:b8:97:51:22Signer

e8:25:35:dd:6b:ba:c0:02:b6:a4:01:e3:c4:b7:8e:30:6d:e2:87:d5Signer

Headers

File Characteristics

Imports

httpapi

version

shlwapi

iphlpapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

wtsapi32

userenv

ws2_32

libcrypto-1_1

libssl-1_1

crypt32

cryptui

wininet

oleacc

gdi32

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 496KB - Virtual size: 495KB

.data Size: 52KB - Virtual size: 72KB

.rsrc Size: 8KB - Virtual size: 5KB

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

03:19:6b:9a:32:0c:ac:34:bd:6f:68:5b:a2:63:e6:f3
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:19:6b:9a:32:0c:ac:34:bd:6f:68:5b:a2:63:e6:f3
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

fd:e1:fa:b3:61:38:a4:63:32:24:13:e1:e0:03:e0:e8:30:af:72:1b:af:f9:88:c9:60:a7:b8:37:b8:97:51:22
Signer

e8:25:35:dd:6b:ba:c0:02:b6:a4:01:e3:c4:b7:8e:30:6d:e2:87:d5
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 496KB - Virtual size: 495KB

.data
Size: 52KB - Virtual size: 72KB

.rsrc
Size: 8KB - Virtual size: 5KB