2024-03-12_698318839e4b292ef124479d4f2c809a_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-12_698318839e4b292ef124479d4f2c809a_floxif_icedid
Size

3.9MB
MD5

698318839e4b292ef124479d4f2c809a
SHA1

0d0e56cf80cae98c6a3734c0a780a08b13d93292
SHA256

db03a4005037ac858aa80ab2ff2ffbf2acd037dadd0f97f0e021ad46e090dd11
SHA512

4e251697177df8ee212acc7850e8f7d9c068c06a987c771979413994c7e0ebe90420f4bdc96a094f8eb5e9a37212772d39e05c8bfb3b55325e57cd3a76821b11
SSDEEP

49152:20Ruo4tmmXakgSdPkRKH1kdPHTRaPE4xMw5HiJLu4:2VXghRKH+dPzRGx55HiJLF

Score

1^/10

Malware Config

Signatures

Files

2024-03-12_698318839e4b292ef124479d4f2c809a_floxif_icedid
.exe windows:4 windows x86 arch:x86

d71010d64cc36222e4fb45b9dfeae829

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:24:f4:75:eb:a5:95:13:91:c5:12:6c:f4:ee:b3:ce
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-01-2018 00:00

Not After

05-01-2019 23:59

Subject

CN=Power Software Limited,O=Power Software Limited,L=NORTH POINT,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:ed:01:9d:da:86:72:57:49:3e:61:e5:f1:8d:fa:f4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-05-2017 00:00

Not After

15-08-2020 23:59

Subject

CN=Power Software Limited,O=Power Software Limited,L=North Point,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:c4:20:07:2c:1e:20:17:f8:aa:b0:77:13:ba:81:8b:eb:05:94:e0:cb:49:4f:df:77:6f:52:9a:0a:ee:dc:63
Signer

Actual PE Digest

e2:c4:20:07:2c:1e:20:17:f8:aa:b0:77:13:ba:81:8b:eb:05:94:e0:cb:49:4f:df:77:6f:52:9a:0a:ee:dc:63

Digest Algorithm

sha256

PE Digest Matches

false

4d:00:03:a8:02:7b:7d:f2:4f:62:24:19:af:24:5d:29:4c:bb:48:35
Signer

Actual PE Digest

4d:00:03:a8:02:7b:7d:f2:4f:62:24:19:af:24:5d:29:4c:bb:48:35

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetLineControlsW
mixerGetLineInfoW
mixerClose
mixerSetControlDetails
mixerGetNumDevs
mixerOpen
mixerGetDevCapsW
waveOutGetDevCapsW
waveOutOpen
waveOutReset
waveOutClose
waveOutUnprepareHeader
mixerGetControlDetailsW
waveOutWrite
waveOutPrepareHeader

kernel32

SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
IsBadWritePtr
LCMapStringA
SetUnhandledExceptionFilter
SetStdHandle
GetDriveTypeA
GetStringTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
GetACP
GetOEMCP
SetEnvironmentVariableA
GetWindowsDirectoryA
GetCommandLineA
InterlockedExchange
QueryPerformanceCounter
FindResourceA
FindClose
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
WaitForSingleObject
ReadFile
SetLastError
ExitProcess
ResumeThread
SuspendThread
CreateThread
GetTickCount
LocalFree
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
DeviceIoControl
CloseHandle
GetLastError
GetCommandLineW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetFileType
RaiseException
TerminateProcess
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
GetCurrentDirectoryA
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
SetErrorMode
GetProcessVersion
LocalReAlloc
GlobalReAlloc
TlsFree
GlobalFlags
lstrcmpiA
UnlockFile
LockFile
FlushFileBuffers
lstrcmpA
GetModuleHandleA
GlobalDeleteAtom
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetProfileStringA
GlobalAddAtomA
GetFileInformationByHandle
MoveFileExW
TlsAlloc
DosDateTimeToFileTime
TlsSetValue
TlsGetValue
GetSystemDefaultLangID
SetThreadExecutionState
CreateEventA
GetOverlappedResult
GetCurrentThread
GetFileSize
WriteFile
MapViewOfFile
UnmapViewOfFile
GetThreadPriority
WinExec
GetExitCodeProcess
CreatePipe
DuplicateHandle
DeleteCriticalSection
SetFilePointer
SetEndOfFile
GlobalSize
GetCurrentProcessId
MulDiv
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetThreadPriority
GetFileTime
GlobalHandle
LoadResource
SizeofResource
LockResource
GlobalAlloc
GetCurrentThreadId
GetCurrentProcess
GetVersion
DefineDosDeviceW
GetLogicalDrives
SetFileTime
FreeLibrary
ResetEvent
GetSystemDirectoryA

user32

SetRect
SetParent
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetRectEmpty
TranslateMessage
DestroyCursor
SetCursorPos
DestroyMenu
MapDialogRect
GetAsyncKeyState
EndPaint
BeginPaint
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
IsDlgButtonChecked
CheckRadioButton
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetMenu
TrackPopupMenu
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
PostQuitMessage
EndDialog
GetActiveWindow
SetActiveWindow
DestroyWindow
IsWindowEnabled
MessageBoxA
DrawEdge
CreateIconIndirect
ShowWindow
IsWindow
EnumChildWindows
GetWindowPlacement
MoveWindow
SetWindowPos
DrawFrameControl
FrameRect
DrawFocusRect
MessageBeep
IsIconic
DrawIcon
SetMenuDefaultItem
IsWindowVisible
GetKeyboardLayout
IntersectRect
SetCaretPos
GetSystemMetrics
SetCapture
HideCaret
CreateCaret
ShowCaret
ReleaseCapture
DestroyCaret
IsRectEmpty
FillRect
InvalidateRgn
SetMenu
CheckMenuRadioItem
GetSysColorBrush
GetCapture
GetMessagePos
IsZoomed
GetIconInfo
DestroyIcon
SetClipboardData
EmptyClipboard
PtInRect
GetWindowDC
ShowOwnedPopups
ValidateRect
GetDCEx
GetNextDlgTabItem
GetMenuItemCount
WindowFromPoint
UpdateWindow
GetDesktopWindow
TrackPopupMenuEx
UnhookWindowsHookEx
CallNextHookEx
GetDlgItem
SetFocus
GetKeyState
GetFocus
EqualRect
BeginDeferWindowPos
EndDeferWindowPos
GetDC
ReleaseDC
RedrawWindow
InflateRect
GetSysColor
CopyRect
OffsetRect
OpenClipboard
CloseClipboard
GetSystemMenu
BroadcastSystemMessage
GetMenuItemID
RemoveMenu
CreatePopupMenu
EnableMenuItem
CheckMenuItem
GetSubMenu
GetClientRect
ClientToScreen
GetWindowRect
SetForegroundWindow
GetParent
LockWindowUpdate
ShowScrollBar
SetTimer
KillTimer
GetCursorPos
ScreenToClient
SetCursor
InvalidateRect
GetClassNameA
SendMessageA
SetWindowsHookExA
CharNextA
DefWindowProcA
DefDlgProcA
GetClassInfoA
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
GetWindowTextLengthA
GetDlgCtrlID

gdi32

GetClipBox
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CombineRgn
StretchDIBits
LPtoDP
SetDIBits
Escape
RectVisible
PtVisible
CreateRectRgn
Ellipse
GetDeviceCaps
DeleteDC
GetBkColor
GetTextColor
SetBkColor
SetTextColor
CreateRectRgnIndirect
SetRectRgn
TranslateCharsetInfo
SetBoundsRect
RoundRect
GetDIBits
CreateCompatibleBitmap
CreatePen
DeleteObject
CreateSolidBrush
Rectangle
GetStockObject
PatBlt
CreateDIBSection
CreateCompatibleDC
SelectObject
CreateBitmap
StretchBlt
BitBlt
SetStretchBltMode
SetPixel
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
GetPixel

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA
GetTokenInformation
OpenProcessToken
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
DeleteAce
EqualSid
GetAce
GetAclInformation
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
DragFinish
DragAcceptFiles

comctl32

ImageList_AddMasked
ImageList_Add
_TrackMouseEvent
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

ole32

OleSetClipboard
DoDragDrop
OleGetClipboard
CoTaskMemFree
RegisterDragDrop
PropVariantClear
CoCreateInstance
CoUninitialize
ReleaseStgMedium
OleFlushClipboard
CoLockObjectExternal
RevokeDragDrop
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
OleDuplicateData
CoTaskMemAlloc
CoInitialize
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringByteLen

wininet

InternetAttemptConnect
InternetOpenW
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW
InternetConnectW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 940KB - Virtual size: 937KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 836KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d71010d64cc36222e4fb45b9dfeae829

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:24:f4:75:eb:a5:95:13:91:c5:12:6c:f4:ee:b3:ceCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

58:ed:01:9d:da:86:72:57:49:3e:61:e5:f1:8d:fa:f4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

e2:c4:20:07:2c:1e:20:17:f8:aa:b0:77:13:ba:81:8b:eb:05:94:e0:cb:49:4f:df:77:6f:52:9a:0a:ee:dc:63Signer

4d:00:03:a8:02:7b:7d:f2:4f:62:24:19:af:24:5d:29:4c:bb:48:35Signer

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 940KB - Virtual size: 937KB

.data Size: 836KB - Virtual size: 2.0MB

.rsrc Size: 444KB - Virtual size: 440KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:24:f4:75:eb:a5:95:13:91:c5:12:6c:f4:ee:b3:ce
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

58:ed:01:9d:da:86:72:57:49:3e:61:e5:f1:8d:fa:f4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

e2:c4:20:07:2c:1e:20:17:f8:aa:b0:77:13:ba:81:8b:eb:05:94:e0:cb:49:4f:df:77:6f:52:9a:0a:ee:dc:63
Signer

4d:00:03:a8:02:7b:7d:f2:4f:62:24:19:af:24:5d:29:4c:bb:48:35
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 940KB - Virtual size: 937KB

.data
Size: 836KB - Virtual size: 2.0MB

.rsrc
Size: 444KB - Virtual size: 440KB