2024-05-16_fd4142767adce0e61848c08d3f1cccac_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-16_fd4142767adce0e61848c08d3f1cccac_floxif_icedid
Size

1.4MB
MD5

fd4142767adce0e61848c08d3f1cccac
SHA1

eb033afbd98979eeb88673a484a1c6c6e11c61ca
SHA256

a9268484603a55edc414393969cebf925dc06d69c855ec4a61d116322b7e861e
SHA512

1b6affe3ac3c0425cc87975b22fc0deef55f4e8cc78c479bf983387335e60a5056f17ce2e4c3703ee17b6ea8cd6e2a01be99078738734df0e7916f504f89add7
SSDEEP

24576:c1kicQWEnD76KqWpwsxVv+LLETrcKDlIrEH7U:7jJRA9+0T4f

Score

1^/10

Malware Config

Signatures

Files

2024-05-16_fd4142767adce0e61848c08d3f1cccac_floxif_icedid
.exe windows:4 windows x86 arch:x86

7b2a48384a227469d87980f33b807215

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:cf:10:74:52:ce:1c:f3:9f:5e:da:80:63:ee:8f:ea
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-08-2015 00:00

Not After

19-09-2018 23:59

Subject

CN=TobeSoft Co.\, Ltd.,OU=Reseach and Development,O=TobeSoft Co.\, Ltd.,L=GANGNAM-GU,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:ea:13:fd:6b:b0:19:9d:e0:47:07:56:05:3e:3a:11:1c:d4:4e:39
Signer

Actual PE Digest

21:ea:13:fd:6b:b0:19:9d:e0:47:07:56:05:3e:3a:11:1c:d4:4e:39

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

httpapi

HttpReceiveRequestEntityBody
HttpTerminate
HttpDeleteServiceConfiguration
HttpReceiveHttpRequest
HttpSendHttpResponse
HttpAddUrl
HttpSetServiceConfiguration
HttpInitialize
HttpCreateHttpHandle
HttpRemoveUrl

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetACP
GetModuleHandleA
GetModuleFileNameA
DuplicateHandle
GetCurrentThreadId
DeleteCriticalSection
CreateMutexA
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
InitializeCriticalSection
GetCurrentThread
InterlockedCompareExchange
InterlockedIncrement
TlsGetValue
TlsAlloc
ReleaseMutex
GetVersionExA
GetWindowsDirectoryW
SetLastError
lstrcpyW
FormatMessageW
OutputDebugStringA
GetExitCodeThread
Module32NextW
Module32FirstW
GetSystemDirectoryW
GetSystemInfo
GetTempPathW
SetFileAttributesW
FindClose
TerminateThread
FindNextFileW
MoveFileExW
CopyFileW
GetFileAttributesW
GetExitCodeProcess
FindFirstFileW
ResetEvent
TerminateProcess
CreateDirectoryW
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentProcess
CreateThread
Process32NextW
ProcessIdToSessionId
GetLastError
WTSGetActiveConsoleSessionId
Process32FirstW
CreateToolhelp32Snapshot
CreateEventW
ExitThread
CloseHandle
WideCharToMultiByte
Sleep
GetVersionExW
OutputDebugStringW
GetModuleHandleW
GetTickCount
GetCommandLineW
SizeofResource
GetModuleFileNameW
lstrlenW
DeleteFileW
SetEvent
LocalFree
WriteFile
HeapAlloc
LoadResource
CreateFileW
GlobalAlloc
lstrcmpW
GlobalLock
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GlobalDeleteAtom
GlobalUnlock
GlobalFree
SetErrorMode
GetThreadLocale
InterlockedDecrement
UnlockFile
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
ResumeThread
WritePrivateProfileStringW
GlobalFlags
CompareStringW
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
GlobalAddAtomW
GetCurrentProcessId
LoadLibraryA
GlobalFindAtomW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
GetDriveTypeA
FindFirstFileA
GetDriveTypeW
RtlUnwind
GetFileType
GetTimeZoneInformation
ExitProcess
RaiseException
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
LockResource
FindResourceW
GetTempFileNameW
HeapFree
MultiByteToWideChar
GetProcessHeap
WaitForSingleObject
OpenProcess
SetFilePointer
SetEndOfFile
FlushFileBuffers
ReadFile
GetFileSize
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileTime
GetLocaleInfoW
LockFile

user32

SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
LoadIconW
ShowWindow
DestroyMenu
UnregisterClassA
CallNextHookEx
GetMessageW
IsWindowVisible
SendMessageW
GetKeyState
GetCursorPos
ValidateRect
CharUpperW
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadCursorW
GetSysColorBrush
GetLastActivePopup
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
RegisterClassW
IsWindowEnabled
EnableWindow
MessageBoxW
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
wsprintfW
MsgWaitForMultipleObjects
RegisterWindowMessageW
BroadcastSystemMessageW
GetWindowRect
SetRectEmpty
GetSystemMetrics
SetFocus
GetWindowTextW
DispatchMessageW
GetActiveWindow
GetWindowLongW
EnumWindows
TranslateMessage
PeekMessageW
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetParent
ExitWindowsEx
GetWindowThreadProcessId
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW

advapi32

CreateServiceW
SetServiceStatus
ConvertSidToStringSidW
SetTokenInformation
DuplicateTokenEx
RegOpenKeyW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
DeleteService
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
QueryServiceStatusEx
StartServiceW
ControlService
EnumDependentServicesW
LookupPrivilegeValueW
CryptAcquireContextW
AdjustTokenPrivileges
CryptReleaseContext
StartServiceCtrlDispatcherW
OpenProcessToken
RegisterServiceCtrlHandlerW
GetTokenInformation
GetUserNameW
CreateProcessAsUserW
RegCreateKeyExW
RegOpenKeyExW
RegFlushKey
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
OpenSCManagerW

shell32

ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
SafeArrayCreate
VariantCopy
SafeArrayPutElement
VariantClear
VariantInit
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantChangeType

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathIsRelativeW

urlmon

URLOpenBlockingStreamW
URLDownloadToFileW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

crypt32

CertEnumCertificatesInStore
CryptHashCertificate
CertOpenStore
CertCloseStore
CertGetNameStringW

cryptui

CryptUIWizImport

ws2_32

ntohs
ntohl
inet_addr
htons
htonl

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetDeviceCaps
DeleteDC
GetStockObject
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ScaleWindowExtEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

Exports

Exports

IsServerMode
SetServerMode

Sections

.text
Size: 876KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b2a48384a227469d87980f33b807215

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

39:cf:10:74:52:ce:1c:f3:9f:5e:da:80:63:ee:8f:eaCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

21:ea:13:fd:6b:b0:19:9d:e0:47:07:56:05:3e:3a:11:1c:d4:4e:39Signer

Headers

File Characteristics

Imports

httpapi

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wtsapi32

userenv

crypt32

cryptui

ws2_32

oleacc

gdi32

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 876KB - Virtual size: 874KB

.rdata Size: 420KB - Virtual size: 418KB

.data Size: 48KB - Virtual size: 66KB

.rsrc Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

39:cf:10:74:52:ce:1c:f3:9f:5e:da:80:63:ee:8f:ea
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

21:ea:13:fd:6b:b0:19:9d:e0:47:07:56:05:3e:3a:11:1c:d4:4e:39
Signer

.text
Size: 876KB - Virtual size: 874KB

.rdata
Size: 420KB - Virtual size: 418KB

.data
Size: 48KB - Virtual size: 66KB

.rsrc
Size: 8KB - Virtual size: 5KB