2024-04-11_e07253786205e16938a59bed07728c78_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_e07253786205e16938a59bed07728c78_floxif_icedid
Size

3.0MB
MD5

e07253786205e16938a59bed07728c78
SHA1

c87a32cbbd743e8f92d21d0e0bd7204b555e0e09
SHA256

19e148264c3d2cef3a8cca559b9fa9b30a62e3c463f7fbbbd59eb10502802cba
SHA512

a3ad716fa2a5df0db125d991fc92bf3f209f92064344170c87c372cbf1392897cafffde693848036345e55ec45904907105e99ea5b1da59d3a72e784c85ce92b
SSDEEP

49152:maOpuDB3YoUgYvQaj5FK+TWVQCS9o+Pb3/d5k0r+XRJjy+:mrj5FK+TW89oCo0c

Score

10^/10

Malware Config

Signatures

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Files

2024-04-11_e07253786205e16938a59bed07728c78_floxif_icedid
.exe windows:5 windows x86 arch:x86

886f2a00983d55c22fb2f5a74d9ade19

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:83:a7:41:58:88:5c:74:13:11:22:11:9c:12:a2:2a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/01/2023, 00:00

Not After

14/01/2026, 23:59

Subject

SERIALNUMBER=144-81-26653,CN=Irongate Inc,O=Irongate Inc,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130a42756e64616e672d6775,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:1e:c7:c3:9b:c3:07:16:6b:1f:0c:0b:ec:86:db:b1:f2:1f:6e:9b:19:01:d3:15:34:cb:17:82:bb:00:3b:04
Signer

Actual PE Digest

0d:1e:c7:c3:9b:c3:07:16:6b:1f:0c:0b:ec:86:db:b1:f2:1f:6e:9b:19:01:d3:15:34:cb:17:82:bb:00:3b:04

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Project\optimizepc\Release\GoClean.pdb

Imports

psapi

EnumProcesses

kernel32

GetStartupInfoA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
GetTimeZoneInformation
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapCreate
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
FreeEnvironmentStringsA
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
GetProcAddress
CreateFileW
InterlockedCompareExchange
VirtualProtect
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetModuleHandleW
ExitThread
GetEnvironmentStrings
VirtualQuery
GetModuleHandleA
LocalFree
FormatMessageA
GetLastError
lstrlenA
DeleteFileA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetVersionExA
CreateFileA
GetDriveTypeA
CloseHandle
DeviceIoControl
Sleep
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
ReadFile
SetFilePointer
VirtualFree
VirtualAlloc
DefineDosDeviceA
SetLastError
LoadLibraryA
FreeLibrary
GetTickCount
GetProcessTimes
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
GetLongPathNameA
GetTempPathA
ResumeThread
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
CopyFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
RemoveDirectoryA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameW
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
RaiseException
GetModuleFileNameA
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetTempFileNameA
ResetEvent
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetComputerNameA
GetVolumeInformationA
CreateThread
TerminateThread
CreateEventA
SetEvent
GetExitCodeThread
GetThreadPriority
SetThreadPriority
lstrcmpA
lstrcpyW
GetVersion
GetDiskFreeSpaceExA
MoveFileA
SuspendThread
LocalAlloc
MultiByteToWideChar
ExpandEnvironmentStringsA
CreateProcessA
GetSystemInfo
GlobalMemoryStatus
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
ExitProcess
WinExec
GetCurrentDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetFileSize
WriteFile
GetFileAttributesA
SetFileAttributesA
FindClose
WaitForSingleObject
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
PostMessageA
GetClassNameA
EnumWindows
GetWindowTextA
GetWindowDC
GetClassInfoExA
AdjustWindowRectEx
EqualRect
CallWindowProcA
GetMenu
SetWindowPos
IntersectRect
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
EndDialog
BeginPaint
EndPaint
GetClassInfoA
RegisterClassA
DefWindowProcA
UpdateWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawStateA
FrameRect
CreateIconIndirect
TrackPopupMenuEx
DestroyCursor
DestroyMenu
EnumDisplaySettingsA
RegisterWindowMessageA
SetForegroundWindow
SetParent
SetActiveWindow
LoadMenuA
GetSubMenu
GetWindowThreadProcessId
CharUpperA
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
CopyAcceleratorTableA
GetMenuItemID
DrawAnimatedRects
FindWindowA
InvalidateRgn
SetCapture
ReleaseCapture
CharNextA
UnregisterClassA
GetNextDlgGroupItem
RegisterClipboardFormatA
FindWindowExA
SendMessageA
GetWindowRect
EnableWindow
GetSysColor
wsprintfA
GetClientRect
GetParent
LoadBitmapA
PostThreadMessageA
GetMenuItemCount
SetTimer
KillTimer
MessageBoxA
PtInRect
LoadImageA
FillRect
InvalidateRect
InflateRect
GetDC
ReleaseDC
RedrawWindow
PostQuitMessage
PeekMessageA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
ShowWindow
MessageBeep
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
LoadIconA
GetIconInfo
EnumChildWindows
SystemParametersInfoA
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
IsWindow
DestroyIcon
ScreenToClient
IsRectEmpty
OffsetRect
GetWindowPlacement
CreateWindowExA
SetRect
MoveWindow
GetWindow
GetDlgCtrlID
GetDlgItem
SetRectEmpty
IsWindowVisible
LockWindowUpdate
CopyRect
LoadCursorA
MsgWaitForMultipleObjects
DispatchMessageA
SetCursor

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetWindowExtEx
CreatePen
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
GetViewportExtEx
SetTextAlign
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetClipBox
SetDIBitsToDevice
GetDeviceCaps
Rectangle
GetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
SetPixel
CreateFontIndirectA
GetObjectA
CreateFontA
CreateSolidBrush
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
GetTextExtentPoint32A
CreateRectRgn
DeleteObject
FillRgn
CombineRgn
SetRectRgn
DeleteDC
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetKeySecurity
CloseServiceHandle
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
StartServiceA
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegQueryValueA
EnumDependentServicesA
ControlService
QueryServiceStatusEx
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusExA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegFlushKey
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
GetUserNameA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
QueryServiceStatus

shell32

SHGetSpecialFolderPathA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SHGetMalloc
Shell_NotifyIconA
SHAppBarMessage
ShellExecuteExA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
SHDeleteKeyA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA

oledlg

ord8

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayGetElement
VarDateFromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
OleLoadPicture
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

gethostbyname
gethostbyaddr
bind
inet_addr
htons
recvfrom
sendto
WSAGetLastError
inet_ntoa
setsockopt
WSASetLastError
closesocket
WSASocketA
select
WSACleanup
gethostname
WSAStartup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetNetworkParams
GetAdaptersInfo

setupapi

SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
CM_Get_Device_IDA
SetupDiGetDeviceInstanceIdA

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CryptDecodeObject

winmm

PlaySoundA
waveOutGetNumDevs
waveOutGetDevCapsA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetOpenUrlA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

886f2a00983d55c22fb2f5a74d9ade19

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:83:a7:41:58:88:5c:74:13:11:22:11:9c:12:a2:2aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0d:1e:c7:c3:9b:c3:07:16:6b:1f:0c:0b:ec:86:db:b1:f2:1f:6e:9b:19:01:d3:15:34:cb:17:82:bb:00:3b:04Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

version

iphlpapi

setupapi

pdh

crypt32

winmm

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 44KB - Virtual size: 83KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:83:a7:41:58:88:5c:74:13:11:22:11:9c:12:a2:2a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0d:1e:c7:c3:9b:c3:07:16:6b:1f:0c:0b:ec:86:db:b1:f2:1f:6e:9b:19:01:d3:15:34:cb:17:82:bb:00:3b:04
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 44KB - Virtual size: 83KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB