2024-03-08_2f1fc991bc3860d1affecb0c2bf44699_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_2f1fc991bc3860d1affecb0c2bf44699_floxif_icedid
Size

664KB
MD5

2f1fc991bc3860d1affecb0c2bf44699
SHA1

80b917705d364a50242a6d3984b4639550caf596
SHA256

7e6cb19dea0f1a5eba134e9d77fd6eff869406dc7c6cb481329cc71110590494
SHA512

bfa044e2c802b099def31894cc4c38f91b3010d4460e657d5897ebcd3759b1063bc9c1f7bb9599a60c3c53525a524044156e66959867c959a95afbfcb5970a33
SSDEEP

12288:ZIbUI2a4wuC5ZMevrURwUqm/VkRPwl/BjvrEH7Px:ibWa42ZMhfqEkBwfrEH7Px

Score

1^/10

Malware Config

Signatures

Files

2024-03-08_2f1fc991bc3860d1affecb0c2bf44699_floxif_icedid
.exe windows:4 windows x86 arch:x86

67025674170ad9d49053e193c2bd3235

Code Sign

3c:34:b5:d9:0d:bb:79:c7:af:f8:b6:26:2b:4a:14:8f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

29/04/2010, 00:00

Not After

28/04/2012, 23:59

Subject

CN=HANCOM. INC\,,O=HANCOM. INC\,,L=Kwangjin,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:73:21:06:74:35:6b:02:54:c5:dd:af:04:d8:10:25:16:ee:8a:ee
Signer

Actual PE Digest

0b:73:21:06:74:35:6b:02:54:c5:dd:af:04:d8:10:25:16:ee:8a:ee

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Vs2003\Project\PDF\Release\TestPDF.pdb

Imports

user32

CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetParent
GetSystemMenu
AppendMenuA
DeleteMenu
IsRectEmpty
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetActiveWindow
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
ShowOwnedPopups
GetDesktopWindow
TranslateAcceleratorA
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
InflateRect
GetMenuItemInfoA
GetSysColorBrush
SetRect
SetTimer
KillTimer
WindowFromPoint
GetDCEx
LockWindowUpdate
SetCapture
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetCursorPos
PostQuitMessage
GetMessageA
TranslateMessage
SetMenu
CharUpperA
SetCursor
wsprintfA
MessageBoxA
EnableWindow
LoadCursorA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
GetWindow
PtInRect
CopyRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
SendMessageA
GetDlgCtrlID
UnregisterClassA
RegisterClassA
GetClassInfoA
DeferWindowPos
EqualRect
ScreenToClient
GetParent
AdjustWindowRectEx
GetSysColor
GetMenuItemCount
GetMenuItemID
GetSubMenu
PostMessageA
GetMenu
GetClientRect
UpdateWindow
IsWindowVisible
SetForegroundWindow
GetKeyState
TrackPopupMenu
MapWindowPoints
PeekMessageA
LoadIconA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
IsChild
SetFocus
IsWindow
GetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
FillRect
TabbedTextOutA

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules
GetModuleBaseNameA

kernel32

GetFileAttributesA
GetFileTime
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
InterlockedDecrement
TlsFree
LocalReAlloc
GetSystemTime
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GetTickCount
WritePrivateProfileStringA
GlobalFree
SizeofResource
GetCurrentThread
GlobalAlloc
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
lstrcpynA
GetModuleHandleA
CompareStringW
CompareStringA
OpenProcess
CloseHandle
lstrlenA
lstrcmpiA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTempPathA
LocalFree
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetSystemDefaultLCID
GetVersionExA
GetModuleFileNameA
Sleep
GetLastError
CopyFileA
lstrcatA
lstrcmpA
LocalAlloc
GetCurrentDirectoryA
GetStringTypeA

gdi32

GetRgnBox
GetTextColor
GetBkColor
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
GetTextExtentPoint32A
GetTextMetricsA
CreateFontA
GetCharWidthA
StretchDIBits
CreateCompatibleBitmap
CreateSolidBrush
GetDeviceCaps
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

AddMonitorA
EnumMonitorsA
ClosePrinter
SetPrinterA
GetPrinterA
OpenPrinterA
AddPrinterDriverExA
GetPrinterDriverDirectoryA
XcvDataW
DeleteMonitorA
DeletePrinterDriverExA
DeletePrinter
AddPrinterA
DocumentPropertiesA

advapi32

RegDeleteKeyA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
QueryServiceStatus

shell32

DragFinish
DragQueryFileA

comctl32

ImageList_Destroy
ord17
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

OleUninitialize
CoTaskMemFree
CoFreeUnusedLibraries
OleInitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
CLSIDFromString

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
OleCreateFontIndirect

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67025674170ad9d49053e193c2bd3235

Code Sign

3c:34:b5:d9:0d:bb:79:c7:af:f8:b6:26:2b:4a:14:8fCertificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0b:73:21:06:74:35:6b:02:54:c5:dd:af:04:d8:10:25:16:ee:8a:eeSigner

Headers

File Characteristics

PDB Paths

Imports

user32

psapi

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 208KB - Virtual size: 204KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 304KB - Virtual size: 301KB

3c:34:b5:d9:0d:bb:79:c7:af:f8:b6:26:2b:4a:14:8f
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0b:73:21:06:74:35:6b:02:54:c5:dd:af:04:d8:10:25:16:ee:8a:ee
Signer

.text
Size: 208KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 304KB - Virtual size: 301KB