2024-04-25_059d25d2b24164d7d96415a4c08a51f6_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_059d25d2b24164d7d96415a4c08a51f6_floxif_icedid
Size

11.5MB
MD5

059d25d2b24164d7d96415a4c08a51f6
SHA1

d83a62bc16bcb3c954b07e7f60c494a9e5751765
SHA256

978735591e1af55aa7b1150a208c486df9409ab2628e828d5ccdae557c5aab1d
SHA512

bff0003d38d8b2fed9a2ec8ab5e8be2d22754c0b39eb9b19a6dd1aa581280351f61e02a82d60e8e144e024aee87a3c7240178f5c85deced96e077b4707606c22
SSDEEP

98304:PN1CtiVoQBWfueVA8LsKv2ZwmIRrWmtslQ7OMCToaLGJxBRPIp2zocB9IwfCcaZt:PD7VoQBWfueFT3Ymt2yOHTHaxRWcUSaX

Score

1^/10

Malware Config

Signatures

Files

2024-04-25_059d25d2b24164d7d96415a4c08a51f6_floxif_icedid
.exe windows:4 windows x86 arch:x86

76cc87d8014f63550e2e8f565d39b2da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a5:2f:5e:14:67:f5:9f:ff:de:16:18:02:bb:c6:5c:91:46:2b:19
Signer

Actual PE Digest

70:a5:2f:5e:14:67:f5:9f:ff:de:16:18:02:bb:c6:5c:91:46:2b:19

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Chunyung\Documents\Visual Studio 2005\Projects\RtHDVCpl - Copy\_ma4_release\win32\RtHDVCpl.pdb

Imports

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

winmm

mmioRead
mmioCreateChunk
mmioGetInfo
mmioSeek
mmioSetInfo
mmioWrite
mmioAscend
mmioDescend
mmioClose
mmioOpenW
mmioAdvance

dsound

ord6
ord3
ord1

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

propsys

PropVariantToUInt32
PropVariantCompareEx
PropVariantToString

uxtheme

CloseThemeData
DrawThemeBackground
OpenThemeData

gdiplus

GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipGetImagePaletteSize
GdipDisposeImage
GdipGetImagePalette
GdipBitmapLockBits
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipFillPath
GdipDeleteGraphics
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipCreatePath
GdipDeletePath
GdipCreateFromHDC
GdipAddPathPie
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdiplusStartup

imm32

ImmDisableIME

kernel32

GetSystemDirectoryA
WideCharToMultiByte
ResetEvent
DeleteFileW
AllocConsole
WriteConsoleW
GetStdHandle
CreateMutexW
LocalAlloc
LocalFree
ReleaseMutex
lstrcpyW
TerminateThread
OpenMutexW
GetSystemPowerStatus
GetPrivateProfileStringW
GetModuleFileNameW
GetFileSize
GetPrivateProfileIntW
GetLocalTime
GetDateFormatW
GetTimeFormatW
SetFilePointer
SetThreadPriority
LoadLibraryA
RaiseException
GetVersionExA
lstrcmpW
CompareStringW
FindResourceExW
GlobalFindAtomW
GlobalAddAtomW
InterlockedDecrement
GetModuleHandleA
GetCurrentProcessId
FormatMessageW
VirtualProtect
WritePrivateProfileStringW
lstrcmpA
SuspendThread
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetThreadLocale
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetTickCount
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
RtlUnwind
HeapReAlloc
IsBadReadPtr
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetSystemDirectoryW
VirtualFree
VirtualAlloc
FreeLibrary
CompareFileTime
SystemTimeToFileTime
CreateDirectoryW
GetTempPathW
GetSystemInfo
MulDiv
WriteFile
DeviceIoControl
CreateFileW
CreateProcessW
GetWindowsDirectoryW
GetSystemTime
GetTimeZoneInformation
SetThreadExecutionState
GetFileAttributesW
GetCurrentThreadId
CreateThread
GetCPInfo
MultiByteToWideChar
lstrlenA
FreeResource
GetVersionExW
GetVersion
lstrcmpiW
CloseHandle
lstrlenW
WaitForSingleObject
GetExitCodeThread
SetEvent
EnterCriticalSection
ResumeThread
GetCurrentProcess
IsWow64Process
DuplicateHandle
CreateEventW
SearchPathW
InitializeCriticalSection
Sleep
WaitForMultipleObjects
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
ExitProcess
GetUserDefaultUILanguage
GlobalDeleteAtom

user32

GetPropW
SetPropW
GetClassNameW
GetClassLongW
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
CreateDialogIndirectParamW
GetActiveWindow
IsDialogMessageW
SetWindowTextW
MoveWindow
GetMenuCheckMarkDimensions
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetMenuStringW
GetAsyncKeyState
DestroyMenu
ValidateRect
GetMessageW
SetRectEmpty
WindowFromPoint
CharUpperW
RegisterClipboardFormatW
SetWindowContextHelpId
UnregisterClassW
ReleaseCapture
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
SetCapture
GetNextDlgGroupItem
MessageBeep
SetParent
GetDCEx
LockWindowUpdate
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
GetKeyState
GetScrollRange
SetScrollPos
GetScrollPos
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcW
CallWindowProcW
RemovePropW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetDlgCtrlID
FindWindowW
SetProcessDPIAware
SetCursor
PtInRect
FrameRect
TrackMouseEvent
EnableMenuItem
CheckMenuItem
AdjustWindowRect
ShowScrollBar
GetFocus
LoadCursorW
WindowFromDC
OffsetRect
ScreenToClient
SetMenuItemBitmaps
DrawFocusRect
InflateRect
GetMonitorInfoW
MonitorFromWindow
GetShellWindow
EqualRect
UnionRect
MapDialogRect
GetWindow
FindWindowExW
DispatchMessageW
UnhookWindowsHookEx
TranslateMessage
SetWindowsHookExW
PostQuitMessage
CallNextHookEx
PeekMessageW
EnumThreadWindows
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
ExitWindowsEx
GetWindowRect
UpdateWindow
TabbedTextOutW
GetSysColorBrush
FillRect
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
GetSubMenu
DrawEdge
SystemParametersInfoW
ReleaseDC
GetDC
GetMenuItemInfoW
GetDesktopWindow
CreateMenu
DestroyIcon
GetMenuItemID
LoadBitmapW
GrayStringW
DrawTextExW
GetMenuState
DrawTextW
SetForegroundWindow
GetForegroundWindow
UnregisterDeviceNotification
RegisterWindowMessageW
SetMenuDefaultItem
CreatePopupMenu
GetCursorPos
RegisterDeviceNotificationW
InvalidateRect
CopyRect
RedrawWindow
KillTimer
SetTimer
GetParent
PostMessageW
GetCapture
SetWindowLongW
GetWindowLongW
IsWindowVisible
DrawIcon
SendMessageW
IsIconic
LoadIconW
GetSystemMetrics
GetClientRect
SetRect
EnableWindow
GetSysColor
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetWindowPos
SetActiveWindow
DrawIconEx
UnregisterClassA

gdi32

GetMapMode
SetDIBColorTable
StretchBlt
GetClipBox
SetTextColor
SetBkColor
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
CreatePatternBrush
CreateBitmap
ExtFloodFill
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExtTextOutW
TextOutW
CreateFontW
GetStockObject
GetObjectW
CreateDIBSection
RectVisible
ExcludeClipRect
DeleteObject
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetCharWidthW
StretchDIBits
GetTextMetricsW
EnumFontFamiliesExW
GetBkColor
GetTextColor
GetRgnBox
IntersectClipRect
CreateSolidBrush
MoveToEx
LineTo
PtVisible
Ellipse
CreateFontIndirectW
GetTextExtentPoint32W
GetBkMode
PatBlt
Escape
GetDeviceCaps
SetPixel
GetPixel
CreatePen
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
GetViewportExtEx
GetWindowExtEx
CreateCompatibleBitmap

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegEnumKeyExW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW

shell32

SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
SHGetKnownFolderPath

comctl32

_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
SHStrDupW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
PropVariantClear
CoGetClassObject
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
FreePropVariantArray
PropVariantCopy
CoFreeUnusedLibrariesEx
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoRevokeClassObject

oleaut32

SysAllocString
OleCreateFontIndirect
SafeArrayCreate
VariantInit
VariantClear
SysStringLen
SysAllocStringLen
VariantChangeType
SysFreeString
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76cc87d8014f63550e2e8f565d39b2da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

70:a5:2f:5e:14:67:f5:9f:ff:de:16:18:02:bb:c6:5c:91:46:2b:19Signer

Headers

File Characteristics

PDB Paths

Imports

setupapi

winmm

dsound

version

propsys

uxtheme

gdiplus

imm32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 44KB - Virtual size: 75KB

.rsrc Size: 9.8MB - Virtual size: 9.8MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

70:a5:2f:5e:14:67:f5:9f:ff:de:16:18:02:bb:c6:5c:91:46:2b:19
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 44KB - Virtual size: 75KB

.rsrc
Size: 9.8MB - Virtual size: 9.8MB