2024-01-09_b3e86c1f0cd4d3c80b6358ba5d04a4fc_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-09_b3e86c1f0cd4d3c80b6358ba5d04a4fc_floxif_icedid
Size

1.9MB
MD5

b3e86c1f0cd4d3c80b6358ba5d04a4fc
SHA1

31792f3ad45d997a4f75f53f735077cc47067c9c
SHA256

fcd959776cf1c7b86e31ac27b6bc9156f062371534fe2e7507182ae1e862da6d
SHA512

0210447bcb0dd2a77241feab6c79f82ecc127680707105b4fef0031edccf465ed7a2d14253e2feab171a5904080a196c0588c00ee172d51716cfd298a2908edf
SSDEEP

24576:bvnizplWJhtl3hUt0oOYSzfwi2p/xdHATun37YWX4+33IQkQrEH7Y7:biglPTD2p/gTunLrIM

Score

1^/10

Malware Config

Signatures

Files

2024-01-09_b3e86c1f0cd4d3c80b6358ba5d04a4fc_floxif_icedid
.exe windows:4 windows x86 arch:x86

bbd83151b574778081913fad888fa555

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02-02-2009 00:00

Not After

07-02-2012 23:59

Subject

CN=CPUID,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CPUID,L=DUNKERQUE,ST=NORD,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:94:ef:1c:9f:e8:26:9a:3f:4f:34:60:ef:19:6c:9e:54:6e:fe:63
Signer

Actual PE Digest

48:94:ef:1c:9f:e8:26:9a:3f:4f:34:60:ef:19:6c:9e:54:6e:fe:63

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FlushFileBuffers
SetEndOfFile
SetErrorMode
HeapAlloc
GetStartupInfoW
RaiseException
HeapReAlloc
VirtualAlloc
RtlUnwind
ExitProcess
HeapSize
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WritePrivateProfileStringW
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcmpW
FreeResource
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetSystemDirectoryA
GetModuleHandleA
FindResourceA
GetWindowsDirectoryA
RemoveDirectoryA
GetComputerNameA
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryA
GetLocalTime
DeleteFileA
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcessId
CreateEventA
GetOverlappedResult
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
LocalAlloc
CreateFileA
DeviceIoControl
LocalFree
GetSystemInfo
GetProcessAffinityMask
GetCurrentThread
GetCurrentProcess
SetFilePointer
GetVersionExA
LoadLibraryA
CreateMutexA
SetLastError
ReleaseMutex
lstrlenA
lstrcmpiA
CompareStringW
WriteConsoleA
GetVersion
InterlockedExchange
GetProcessHeap
HeapFree
GetSystemDirectoryW
GetTempPathW
GetVersionExW
GlobalMemoryStatus
WinExec
lstrlenW
lstrcatW
lstrcpyW
CreateFileW
FreeLibrary
WriteFile
GetLastError
LoadLibraryW
WriteConsoleW
GetStdHandle
CreateThread
GetProcAddress
ExitThread
SetThreadPriority
Sleep
GetModuleHandleW
GetModuleFileNameW
InterlockedDecrement
MultiByteToWideChar
WaitForSingleObject
CloseHandle
WideCharToMultiByte
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalFree
GetComputerNameW
GetCurrentDirectoryW
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
LockResource
FreeEnvironmentStringsW

user32

UnregisterClassW
LoadCursorW
GetSysColorBrush
DestroyMenu
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetWindowThreadProcessId
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnregisterClassA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
AppendMenuW
CreatePopupMenu
ClientToScreen
ModifyMenuW
SetWindowLongW
PeekMessageW
SetCursor
DestroyCursor
CreateCursor
UpdateWindow
InvalidateRect
LoadImageW
KillTimer
DestroyIcon
OffsetRect
GetSysColor
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
PostMessageW
BroadcastSystemMessageW
MessageBoxW
wsprintfW
GetWindowDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseDC
GetClientRect
GetDC
SendMessageW
EnableWindow
GetWindowRect
LoadBitmapW
RegisterWindowMessageW
GetClassInfoW
GetMenu

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreateCompatibleDC
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetPixel
CreateBitmap
CreateFontW
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
BitBlt
GetDIBits

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeSecurity

oleaut32

SafeArrayGetElemsize
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysStringLen
SafeArrayGetElement
SafeArrayGetVartype

Sections

.text
Size: 900KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 664KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbd83151b574778081913fad888fa555

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:ddCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

48:94:ef:1c:9f:e8:26:9a:3f:4f:34:60:ef:19:6c:9e:54:6e:fe:63Signer

Headers

File Characteristics

Imports

winmm

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 900KB - Virtual size: 896KB

.rdata Size: 208KB - Virtual size: 204KB

.data Size: 92KB - Virtual size: 112KB

.rsrc Size: 664KB - Virtual size: 660KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

48:94:ef:1c:9f:e8:26:9a:3f:4f:34:60:ef:19:6c:9e:54:6e:fe:63
Signer

.text
Size: 900KB - Virtual size: 896KB

.rdata
Size: 208KB - Virtual size: 204KB

.data
Size: 92KB - Virtual size: 112KB

.rsrc
Size: 664KB - Virtual size: 660KB