2024-04-17_425d624d8cda27e85b20c73883b6f627_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-17_425d624d8cda27e85b20c73883b6f627_floxif_icedid
Size

1.5MB
MD5

425d624d8cda27e85b20c73883b6f627
SHA1

21a44fa47bfcfc5af196e7290d3b36374f93c19f
SHA256

2d102ca57c276f0e12bcda11ad8c7a6239c48015e148c74cb1d40cfd19f0940d
SHA512

ea8642f2da8d86fc70cda559cee02e9bb656f7a8276891cccc6e4d38c291e3f6c6d4d7e226db3400c69818a0473bb30082600701df7ba6cf598a60479106d218
SSDEEP

24576:uO5P0q6uhRjXxJ5ex0LNt7ieJrPvW0fUKizd8FU/zrEH7t:jxLNNvJrPvW0fUKbU/s

Score

1^/10

Malware Config

Signatures

Files

2024-04-17_425d624d8cda27e85b20c73883b6f627_floxif_icedid
.exe windows:4 windows x86 arch:x86

75711149ad5725df1c46ff9fc694ae7b

Code Sign

02:09:67:26:42:41:f4:14:c3:90:d7:b1:6d:b4:eb:04
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/05/2017, 00:00

Not After

13/05/2020, 12:00

Subject

SERIALNUMBER=C2079982,CN=3 Play Networks\, Inc.,O=3 Play Networks\, Inc.,POSTALCODE=94087,STREET=806 E. Homestead Rd,L=Sunnyvale,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:ee:15:8b:f3:e7:cb:aa:72:15:3f:79:ef:e4:ed:bb:c0:5d:87:43
Signer

Actual PE Digest

4a:ee:15:8b:f3:e7:cb:aa:72:15:3f:79:ef:e4:ed:bb:c0:5d:87:43

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\colonist\VistaWall\i386\Windows10FirewallControl-Portable.pdb

Imports

ws2_32

bind
connect
shutdown
closesocket
ntohs
WSACleanup
WSAAddressToStringW
WSAGetLastError
htonl
inet_ntoa
inet_addr
ntohl
WSAStringToAddressW
recv
select
__WSAFDIsSet
htons
ioctlsocket
socket
send
gethostbyname

fwpuclnt

FwpmEngineClose0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmFilterGetSecurityInfoByKey0
FwpmEngineOpen0
FwpmFilterSubscribeChanges0
FwpmNetEventCreateEnumHandle0
FwpmNetEventEnum0
FwpmNetEventDestroyEnumHandle0
FwpmFilterGetById0
FwpmFilterUnsubscribeChanges0
FwpmFilterDeleteByKey0
FwpmFilterDeleteById0
FwpmFilterAdd0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0
FwpmFilterDestroyEnumHandle0
FwpmFreeMemory0
FwpmLayerGetById0

kernel32

lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
ResumeThread
GetThreadLocale
ReadFile
LockFile
UnlockFile
DuplicateHandle
FindClose
FindFirstFileW
GetFullPathNameW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
GetLocaleInfoW
GetPrivateProfileStringW
FindResourceExW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
TerminateProcess
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapReAlloc
SetStdHandle
GetFileType
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
InterlockedExchange
VirtualProtect
GetModuleHandleA
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetTickCount
TerminateThread
LocalFree
GetLogicalDrives
GetStartupInfoW
CreateProcessW
FlushInstructionCache
RaiseException
ExpandEnvironmentStringsW
UnhandledExceptionFilter
FlushViewOfFile
GetWindowsDirectoryW
OpenProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GetLongPathNameW
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentThreadId
CreateEventW
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetDiskFreeSpaceW
GetVolumeInformationW
GetLogicalDriveStringsW
DeviceIoControl
QueryDosDeviceW
GetModuleFileNameW
GetDriveTypeW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetPrivateProfileSectionW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
DeleteFileW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileW
CreateMutexW
FreeResource
GetComputerNameW
PulseEvent
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ResetEvent
Sleep
VerSetConditionMask
VerifyVersionInfoW
GetShortPathNameW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
SetEvent
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
lstrlenW
WritePrivateProfileStringW
WideCharToMultiByte
lstrlenA
GetSystemDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
InterlockedCompareExchange
IsProcessorFeaturePresent

user32

PostThreadMessageW
GetAsyncKeyState
DestroyMenu
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
UnregisterClassA
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
GetMenu
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
SetWindowPos
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
GetMenuItemID
GetMenuItemCount
GetSubMenu
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadCursorW
GetClassInfoExW
SetWindowLongW
MessageBoxW
CharLowerW
CharUpperW
EnumDisplayDevicesW
EnumChildWindows
GetClassInfoW
RegisterClassW
DrawEdge
GetParent
ReleaseCapture
EnumDisplayMonitors
GetMonitorInfoW
SetCapture
UpdateWindow
ReleaseDC
GetDC
EndPaint
BeginPaint
DrawIconEx
ClientToScreen
GetDlgItem
RegisterWindowMessageW
InSendMessage
GetDesktopWindow
KillTimer
SetTimer
IsWindowVisible
BringWindowToTop
IsZoomed
IsIconic
DrawIcon
PtInRect
FindWindowW
GetCursorPos
SetForegroundWindow
PostMessageW
InvalidateRect
ScreenToClient
GetFocus
GetClassNameW
MessageBeep
LoadImageW
DestroyIcon
IsWindow
GetClientRect
GetWindowRect
GetSystemMetrics
GetSysColor
FillRect
DrawTextW
SystemParametersInfoW
LoadIconW
InsertMenuW
AppendMenuW
CreatePopupMenu
LoadBitmapW
CopyRect
EnableWindow
SendMessageW
RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
SetRect
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
SetCursor
GetMessageW
TranslateMessage
PostQuitMessage
ValidateRect
GetWindowThreadProcessId
IntersectRect
MapDialogRect
DestroyWindow
SetFocus

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
ScaleViewportExtEx
GetMapMode
EnumFontFamiliesExW
GetBkColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
SetWindowExtEx
DeleteObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
GetTextColor
SelectObject
GetObjectW
CreateSolidBrush
SetBkMode
SetTextColor
GetTextExtentPoint32W
PtVisible
CreateFontIndirectW

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
GetSecurityInfo
LookupAccountSidW
LookupAccountNameW
GetAce
GetTokenInformation
SetSecurityDescriptorDacl
EqualSid
SetSecurityInfo
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorControl
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
AuditQuerySystemPolicy
AuditSetSystemPolicy
AuditFree
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CheckTokenMembership
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
DuplicateToken

shell32

ExtractIconExW
ShellExecuteW
ExtractIconW
Shell_NotifyIconW
SHGetFolderPathW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathIsUNCW
PathFindExtensionW
StrStrIW
PathStripToRootW

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
CoInitializeSecurity
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
CoUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

SysAllocString
VariantCopy
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString

wsock32

WSASetLastError
WSAStartup

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

mpr

WNetGetConnectionW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

psapi

GetProcessImageFileNameW
EnumProcesses

wevtapi

EvtCreateRenderContext
EvtOpenPublisherMetadata
EvtFormatMessage
EvtClose
EvtSubscribe
EvtRender

Sections

.text
Size: 700KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75711149ad5725df1c46ff9fc694ae7b

Code Sign

02:09:67:26:42:41:f4:14:c3:90:d7:b1:6d:b4:eb:04Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4a:ee:15:8b:f3:e7:cb:aa:72:15:3f:79:ef:e4:ed:bb:c0:5d:87:43Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

fwpuclnt

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wsock32

userenv

version

winmm

mpr

rpcrt4

psapi

wevtapi

Sections

.text Size: 700KB - Virtual size: 696KB

.rdata Size: 148KB - Virtual size: 146KB

.data Size: 136KB - Virtual size: 155KB

.rsrc Size: 488KB - Virtual size: 485KB

02:09:67:26:42:41:f4:14:c3:90:d7:b1:6d:b4:eb:04
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4a:ee:15:8b:f3:e7:cb:aa:72:15:3f:79:ef:e4:ed:bb:c0:5d:87:43
Signer

.text
Size: 700KB - Virtual size: 696KB

.rdata
Size: 148KB - Virtual size: 146KB

.data
Size: 136KB - Virtual size: 155KB

.rsrc
Size: 488KB - Virtual size: 485KB