2024-04-08_1dd909eba78f93447db11ab0c6f83da6_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_1dd909eba78f93447db11ab0c6f83da6_floxif_icedid
Size

2.9MB
MD5

1dd909eba78f93447db11ab0c6f83da6
SHA1

b1a8c126944e39554d646c432676af2cfedb2074
SHA256

bc2429148993f49124de84bd81f2f7e76dc70aaaaf7ac73ca76d52dc290ec974
SHA512

20bda7a00ef3f966daebeccfa557405bd3b86d61f7405771478c9e71ede8be351d8149995589899de0da5f20cb8a977f301213ab3a7a54bbefebf5609c513127
SSDEEP

49152:5SOpuDy3YoDgYvnReeXpm9sTkdGuctA73WK9W/OlP8Rcr7TpI7z:5eeXpm6Tk6tAT4/JRB

Score

10^/10

Malware Config

Signatures

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Files

2024-04-08_1dd909eba78f93447db11ab0c6f83da6_floxif_icedid
.exe windows:5 windows x86 arch:x86

2b313e8647eb0077933a7b8fa03fe1f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:e8:f7:ec:e4:92:8a:e2:14:0a:1b:d3:cc:ac:6c:89
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

02/03/2020, 00:00

Not After

02/03/2023, 23:59

Subject

CN=Irongate Inc,O=Irongate Inc,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Project\IRONGATE\optimizepc\Release\GoClean.pdb

Imports

psapi

EnumProcesses

kernel32

GetStartupInfoA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
GetTimeZoneInformation
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapCreate
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
FreeEnvironmentStringsA
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
GetProcAddress
CreateFileW
InterlockedCompareExchange
VirtualProtect
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetModuleHandleW
ExitThread
GetEnvironmentStrings
VirtualQuery
GetModuleHandleA
LocalFree
FormatMessageA
GetLastError
lstrlenA
DeleteFileA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetVersionExA
CreateFileA
GetDriveTypeA
CloseHandle
DeviceIoControl
Sleep
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
ReadFile
SetFilePointer
VirtualFree
VirtualAlloc
DefineDosDeviceA
SetLastError
LoadLibraryA
FreeLibrary
GetTickCount
GetProcessTimes
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
GetLongPathNameA
GetTempPathA
ResumeThread
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
CopyFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
RemoveDirectoryA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameW
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
RaiseException
GetModuleFileNameA
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetTempFileNameA
ResetEvent
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetComputerNameA
GetVolumeInformationA
CreateThread
TerminateThread
CreateEventA
SetEvent
GetExitCodeThread
GetThreadPriority
SetThreadPriority
lstrcmpA
lstrcpyW
GetVersion
GetDiskFreeSpaceExA
MoveFileA
SuspendThread
LocalAlloc
MultiByteToWideChar
ExpandEnvironmentStringsA
CreateProcessA
GetSystemInfo
GlobalMemoryStatus
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
ExitProcess
WinExec
GetCurrentDirectoryA
VerSetConditionMask
VerifyVersionInfoA
WaitForSingleObject
GetFileSize
WriteFile
GetFileAttributesA
SetFileAttributesA
FindClose
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
PostMessageA
GetClassNameA
EnumWindows
GetWindowTextA
GetWindowDC
GetClassInfoExA
AdjustWindowRectEx
EqualRect
CallWindowProcA
GetMenu
SetWindowPos
IntersectRect
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
EndDialog
BeginPaint
EndPaint
GetClassInfoA
RegisterClassA
DefWindowProcA
UpdateWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawStateA
FrameRect
CreateIconIndirect
TrackPopupMenuEx
DestroyCursor
DestroyMenu
EnumDisplaySettingsA
RegisterWindowMessageA
SetForegroundWindow
SetParent
SetActiveWindow
LoadMenuA
GetSubMenu
GetWindowThreadProcessId
CharUpperA
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
CopyAcceleratorTableA
GetMenuItemID
DrawAnimatedRects
FindWindowA
InvalidateRgn
SetCapture
ReleaseCapture
CharNextA
UnregisterClassA
GetNextDlgGroupItem
RegisterClipboardFormatA
FindWindowExA
SendMessageA
GetWindowRect
EnableWindow
GetSysColor
wsprintfA
GetClientRect
GetParent
LoadBitmapA
PostThreadMessageA
GetMenuItemCount
SetTimer
KillTimer
MessageBoxA
PtInRect
LoadImageA
FillRect
InvalidateRect
InflateRect
GetDC
ReleaseDC
RedrawWindow
PostQuitMessage
PeekMessageA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
ShowWindow
MessageBeep
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
LoadIconA
GetIconInfo
EnumChildWindows
SystemParametersInfoA
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
IsWindow
DestroyIcon
ScreenToClient
IsRectEmpty
OffsetRect
GetWindowPlacement
CreateWindowExA
SetRect
MoveWindow
GetWindow
GetDlgCtrlID
GetDlgItem
SetRectEmpty
IsWindowVisible
LockWindowUpdate
CopyRect
LoadCursorA
MsgWaitForMultipleObjects
DispatchMessageA
SetCursor

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetWindowExtEx
CreatePen
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
GetViewportExtEx
SetTextAlign
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetClipBox
SetDIBitsToDevice
GetDeviceCaps
Rectangle
GetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
SetPixel
CreateFontIndirectA
GetObjectA
CreateFontA
CreateSolidBrush
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
GetTextExtentPoint32A
CreateRectRgn
DeleteObject
FillRgn
CombineRgn
SetRectRgn
DeleteDC
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetKeySecurity
CloseServiceHandle
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
StartServiceA
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegQueryValueA
EnumDependentServicesA
ControlService
QueryServiceStatusEx
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusExA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegFlushKey
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
GetUserNameA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
QueryServiceStatus

shell32

SHGetSpecialFolderPathA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SHGetMalloc
Shell_NotifyIconA
SHAppBarMessage
ShellExecuteExA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
SHDeleteKeyA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA

oledlg

ord8

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayGetElement
VarDateFromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
OleLoadPicture
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

gethostbyname
gethostbyaddr
bind
inet_addr
htons
recvfrom
sendto
WSAGetLastError
inet_ntoa
setsockopt
WSASetLastError
closesocket
WSASocketA
select
WSACleanup
gethostname
WSAStartup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetNetworkParams
GetAdaptersInfo

setupapi

SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
CM_Get_Device_IDA
SetupDiGetDeviceInstanceIdA

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CryptDecodeObject

winmm

PlaySoundA
waveOutGetNumDevs
waveOutGetDevCapsA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetOpenUrlA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b313e8647eb0077933a7b8fa03fe1f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4c:e8:f7:ec:e4:92:8a:e2:14:0a:1b:d3:cc:ac:6c:89Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

version

iphlpapi

setupapi

pdh

crypt32

winmm

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 43KB - Virtual size: 83KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4c:e8:f7:ec:e4:92:8a:e2:14:0a:1b:d3:cc:ac:6c:89
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 43KB - Virtual size: 83KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB