2024-08-01_790315cc71987a18f521db9c9eed4ecd_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-01_790315cc71987a18f521db9c9eed4ecd_floxif_icedid
Size

2.2MB
MD5

790315cc71987a18f521db9c9eed4ecd
SHA1

aae84252740741f0b1dea296083be581e22b4921
SHA256

80110d805495fed3390a9a7c69bd24fe04e1cb246bda1596aaf738bfceea05a3
SHA512

c4cfa257a3fbd405f814689c924a579036e45f06f0d147844b18bd195d90be9f572cd5f65417e5010e736dd833a058f6bce2c8682bec88789b63bf4149b4a780
SSDEEP

49152:fpsP8VSf7gCGzy1nW9Tg3RK1TvE7y1vkw:f2Ux8nWBCo1Td9

Score

1^/10

Malware Config

Signatures

Files

2024-08-01_790315cc71987a18f521db9c9eed4ecd_floxif_icedid
.exe windows:4 windows x86 arch:x86

444ee06ff5eac15eb3f6dab4d403454d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17-11-2006 00:00

Not After

30-12-2020 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:d0:c2:eb:67:dd:04:24:0d:f6:d1:dc:65:f9:10:95
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11-08-2014 00:00

Not After

04-11-2015 23:59

Subject

CN=QueTek Consulting Corporation,OU=SALES,O=QueTek Consulting Corporation,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:ed:a8:fe:c0:b4:14:4d:0d:e1:09:f4:29:b3:3f:d3:02:73:03:06
Signer

Actual PE Digest

1d:ed:a8:fe:c0:b4:14:4d:0d:e1:09:f4:29:b3:3f:d3:02:73:03:06

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

kernel32

WritePrivateProfileStringW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetShortPathNameW
FindResourceExW
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
HeapReAlloc
RaiseException
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetConsoleCP
GetConsoleMode
FindFirstFileA
ExitThread
CreateThread
ExitProcess
HeapSize
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetCurrentDirectoryA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFullPathNameA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
lstrlenA
GlobalGetAtomNameW
GetFullPathNameW
GetFileTime
VirtualProtect
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
ResumeThread
SetThreadPriority
GetModuleHandleA
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
LocalFree
lstrlenW
MulDiv
FreeResource
LoadLibraryA
GetVersionExW
GetCurrentProcess
GetLocaleInfoW
GetTempPathW
GetFileAttributesW
ResetEvent
SetEndOfFile
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetLocalTime
GetPrivateProfileStringA
ExpandEnvironmentStringsW
CreateDirectoryW
MoveFileW
lstrcpyW
FormatMessageW
lstrcpynW
WideCharToMultiByte
DeleteFileW
RemoveDirectoryW
Sleep
GetTempFileNameW
GetCurrentProcessId
CreateProcessW
SetFileTime
GetDriveTypeW
SetCurrentDirectoryW
GetModuleFileNameW
GetLogicalDriveStringsA
GetDiskFreeSpaceExW
GetVolumeInformationW
OpenProcess
MoveFileExW
MultiByteToWideChar
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
QueryPerformanceCounter
GetTickCount
GetDriveTypeA
CreateFileA
GetSystemTime
SystemTimeToFileTime
SetEvent
GetDiskFreeSpaceW
SetFilePointer
QueryDosDeviceA
GetWindowsDirectoryW
ReadFile
GetFileSize
FindClose
WaitForSingleObject
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
QueryPerformanceFrequency
DeviceIoControl
CreateFileW
WriteFile
CloseHandle
FreeLibrary
VirtualAlloc
VirtualFree
FindFirstFileW
FindNextFileW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentStrings

user32

CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
PostThreadMessageW
FindWindowW
SetWindowContextHelpId
MapDialogRect
GetAsyncKeyState
ShowOwnedPopups
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
DestroyMenu
GetWindowDC
GetWindowThreadProcessId
SetMenuItemBitmaps
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CharUpperW
GetScrollPos
SetScrollPos
GetWindow
GetMenuStringW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetClassInfoW
DefWindowProcW
EmptyClipboard
CloseClipboard
OpenClipboard
GetMenuCheckMarkDimensions
SetMenu
GetMenuState
GetMenuItemID
AppendMenuW
CreateMenu
SetMenuItemInfoW
SystemParametersInfoW
IsZoomed
IsIconic
DrawEdge
GetSysColorBrush
GetComboBoxInfo
WindowFromPoint
FrameRect
FillRect
DrawFrameControl
InflateRect
DrawStateW
GetCursorPos
DestroyIcon
GrayStringW
DrawTextExW
TabbedTextOutW
GetCapture
IsWindowVisible
GetMenu
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
MessageBoxW
CreateWindowExW
DestroyWindow
GetMessagePos
MoveWindow
SetWindowTextW
SetFocus
GetKeyState
GetDoubleClickTime
ShowWindow
KillTimer
InvalidateRect
GetScrollInfo
RedrawWindow
GetUpdateRect
BeginPaint
DrawFocusRect
DrawTextW
EndPaint
SetScrollInfo
ScrollWindow
UpdateWindow
UnregisterClassW
WaitMessage
SetRect
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
GetDlgCtrlID
SetWindowLongW
CallWindowProcW
GetWindowTextW
SetWindowPos
GetDC
ReleaseDC
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
SetWindowRgn
GetWindowTextLengthW
IsRectEmpty
GetWindowLongW
CopyRect
OemToCharBuffW
OffsetRect
SetTimer
PostMessageW
GetSysColor
SetCursor
ReleaseCapture
LoadCursorW
SetCapture
ScreenToClient
ClientToScreen
GetParent
GetDlgItem
CharToOemW
LoadIconW
DrawIcon
OemToCharW
GetDesktopWindow
LoadImageW
PtInRect
GetSystemMetrics
GetFocus
GetClientRect
GetWindowRect
LoadMenuW
ModifyMenuW
GetSubMenu
LoadBitmapW
EnableWindow
SendMessageW
SetClipboardData
UnregisterClassA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SaveDC
ExtSelectClipRgn
SetRectRgn
GetMapMode
DPtoLP
CreateEllipticRgn
LPtoDP
Ellipse
GetCharWidthW
StretchDIBits
EnumFontFamiliesExW
GetTextColor
GetRgnBox
PatBlt
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
GetPixel
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
CreateFontIndirectW
CombineRgn
GetTextExtentPoint32W
RoundRect
CreateBitmap
CreateFontW
Escape
TextOutW
RectVisible
PtVisible
GetStockObject
SetBrushOrgEx
CreatePatternBrush
BitBlt
CreateCompatibleBitmap
DeleteDC
SetBkMode
SetBkColor
ExtTextOutW
SetTextColor
GetBkColor
CreateSolidBrush
CreatePen
Rectangle
MoveToEx
LineTo
LineDDA
GetTextExtentPointW
DeleteObject
SetPixelV
SelectObject
GetTextMetricsW
StretchBlt
CreateCompatibleDC
GetObjectW
RestoreDC

comdlg32

CommDlgExtendedError
GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegDeleteKeyW
RegCloseKey
RegSetValueExA
RegCreateKeyExW
RegCreateKeyExA
RegQueryValueExA
RegSetKeySecurity
RegOpenKeyA
RegOpenKeyExA
RegGetKeySecurity

shell32

ExtractIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHGetMalloc
DragQueryFileW
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_Create
ord17
ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoTaskMemFree
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

ws2_32

connect
WSAStartup
socket
closesocket
WSACleanup
htons
gethostbyname
recv
WSAGetLastError
send
select

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 708KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

444ee06ff5eac15eb3f6dab4d403454d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

64:d0:c2:eb:67:dd:04:24:0d:f6:d1:dc:65:f9:10:95Certificate

Extended Key Usages

Key Usages

1d:ed:a8:fe:c0:b4:14:4d:0d:e1:09:f4:29:b3:3f:d3:02:73:03:06Signer

Headers

File Characteristics

Imports

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 272KB - Virtual size: 268KB

.data Size: 36KB - Virtual size: 131KB

.rsrc Size: 708KB - Virtual size: 704KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:d0:c2:eb:67:dd:04:24:0d:f6:d1:dc:65:f9:10:95
Certificate

1d:ed:a8:fe:c0:b4:14:4d:0d:e1:09:f4:29:b3:3f:d3:02:73:03:06
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 272KB - Virtual size: 268KB

.data
Size: 36KB - Virtual size: 131KB

.rsrc
Size: 708KB - Virtual size: 704KB