2024-01-18_de26f47dc869404425eae5fca64e81a2_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_de26f47dc869404425eae5fca64e81a2_floxif_icedid
Size

1.4MB
MD5

de26f47dc869404425eae5fca64e81a2
SHA1

31f8c946a8df27177cac0e59fd4c387c016d0c2c
SHA256

1fd18305c19b48cdec4afd0a2ac0a837871fe196e97d8cd6b93318e324e8e8f9
SHA512

8ec4d9e20eb8c9f2dcb4d910f33eb5b3e4796c548abe8f235e7c13d2ae3ff99c020794219caf3751fec5e266046d503c58645dc9ac49354e8b2446c05caa0551
SSDEEP

24576:7q6J0OuiNMRxfrlxys3RB2fuwrbZoF3z7rEH7M:7QPys3JmZY

Score

1^/10

Malware Config

Signatures

Files

2024-01-18_de26f47dc869404425eae5fca64e81a2_floxif_icedid
.exe windows:4 windows x86 arch:x86

b69b136764f3bec3062690763064875a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:f6:88:25:00:5c:87:85:4e:94:8f:04:92:7a:80:41
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/09/2007, 00:00

Not After

01/11/2008, 23:59

Subject

CN=QueTek Consulting Corporation,OU=SALES,O=QueTek Consulting Corporation,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

kernel32

HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
RtlUnwind
RaiseException
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetSystemTimeAsFileTime
CreateDirectoryW
ExitThread
CreateThread
ExitProcess
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapFree
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
Sleep
GetCurrentDirectoryA
GetTimeZoneInformation
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetErrorMode
LocalFileTimeToFileTime
GetShortPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetStringTypeExW
WritePrivateProfileStringW
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
lstrlenA
GlobalGetAtomNameW
GetFullPathNameW
GetTempFileNameW
GetFileTime
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
GetModuleHandleA
LocalFree
MulDiv
lstrlenW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
FreeResource
LoadLibraryA
GetWindowsDirectoryW
GetTempPathW
GetFileAttributesW
ResetEvent
GetFileSize
SetEndOfFile
SetFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetPrivateProfileStringW
ExpandEnvironmentStringsW
DeleteFileW
MoveFileW
GetSystemTime
lstrcpyW
FormatMessageW
WriteFile
GetTickCount
GetVersionExW
lstrcpynW
WideCharToMultiByte
GetDriveTypeW
SetCurrentDirectoryW
GetModuleFileNameW
FindNextFileW
GetModuleHandleW
MultiByteToWideChar
GetProcAddress
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
DeviceIoControl
SetLastError
GetLogicalDriveStringsA
GetDriveTypeA
CreateFileW
WaitForSingleObject
CloseHandle
SetEvent
GetDiskFreeSpaceW
SetFilePointer
ReadFile
QueryDosDeviceA
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
FindFirstFileW
FindClose
VirtualAlloc
VirtualFree
HeapCreate

user32

GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
PostThreadMessageW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
SetWindowRgn
IsRectEmpty
FindWindowW
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
GetWindowDC
GetMenuStringW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
SetForegroundWindow
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CreateWindowExW
DestroyWindow
GetMessagePos
MoveWindow
SetFocus
GetDoubleClickTime
ShowWindow
KillTimer
GetScrollInfo
RedrawWindow
GetUpdateRect
BeginPaint
EndPaint
SetScrollInfo
ScrollWindow
GetWindowTextW
GetSystemMetrics
GetCursorPos
GetClassInfoW
DefWindowProcW
SetCapture
ReleaseCapture
SetWindowLongW
GetWindowLongW
CallWindowProcW
SetCursor
WindowFromPoint
LoadCursorW
MessageBoxW
GetDlgItem
SetWindowTextW
SystemParametersInfoW
GetDesktopWindow
GetMenuCheckMarkDimensions
SetMenu
GetMenuState
GetMenuItemID
AppendMenuW
CreateMenu
DrawEdge
SetMenuItemInfoW
GetDlgCtrlID
SetWindowPos
IsIconic
FrameRect
FillRect
DrawFrameControl
GetParent
SetParent
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
CharUpperW
UnregisterClassW
InflateRect
GetSysColor
DrawFocusRect
LoadImageW
CopyRect
DrawStateW
GetKeyState
GetSysColorBrush
WaitMessage
SetRect
GetScrollPos
IsZoomed
DestroyIcon
PtInRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetFocus
IsWindowVisible
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetMenu
LoadMenuW
ModifyMenuW
GetSubMenu
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
LoadBitmapW
UpdateWindow
InvalidateRect
GetClientRect
OffsetRect
SetTimer
PostMessageW
CharToOemW
OemToCharW
GetWindowRect
LoadIconW
DrawIcon
SendMessageW
EnableWindow
GetWindow
UnregisterClassA

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
CreateRectRgnIndirect
SetWindowExtEx
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
SetRectRgn
CombineRgn
GetMapMode
GetCharWidthW
StretchDIBits
GetTextColor
GetRgnBox
RestoreDC
SaveDC
GetClipBox
MoveToEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
CreateCompatibleBitmap
PatBlt
GetTextExtentPoint32W
LineTo
LineDDA
GetTextExtentPointW
SetPixelV
GetDeviceCaps
CreatePolygonRgn
FillRgn
GetTextMetricsW
RoundRect
GetBkColor
CreateBitmap
CreateFontW
SetBkMode
SetTextColor
SetBkColor
CreateFontIndirectW
Rectangle
CreateSolidBrush
CreatePen
SetBrushOrgEx
SelectObject
CreatePatternBrush
DeleteObject
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StretchBlt
BitBlt
CreateCompatibleDC
GetObjectW

comdlg32

GetFileTitleW
CommDlgExtendedError

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegSetValueExW
RegCreateKeyExW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegSetKeySecurity
RegOpenKeyA
RegOpenKeyExA
RegGetKeySecurity

shell32

ExtractIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconExW
ShellExecuteW
SHGetFileInfoW
SHGetMalloc
DragQueryFileW
DragFinish

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
ord17
ImageList_Create

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

Sections

.text
Size: 740KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b69b136764f3bec3062690763064875a

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

10:f6:88:25:00:5c:87:85:4e:94:8f:04:92:7a:80:41Certificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 740KB - Virtual size: 738KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 20KB - Virtual size: 42KB

.rsrc Size: 412KB - Virtual size: 408KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

10:f6:88:25:00:5c:87:85:4e:94:8f:04:92:7a:80:41
Certificate

.text
Size: 740KB - Virtual size: 738KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 20KB - Virtual size: 42KB

.rsrc
Size: 412KB - Virtual size: 408KB