2024-09-25_1879f5eebcb25d4a4517fbb2caa6ca17_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-25_1879f5eebcb25d4a4517fbb2caa6ca17_floxif_icedid
Size

997KB
MD5

1879f5eebcb25d4a4517fbb2caa6ca17
SHA1

dd38fa836047824e8ab3682c99f3eee301a66104
SHA256

d17a577905ea7b649864b037e380b2d9381b0aff8e28ee2b9511f46e946078a8
SHA512

d71aa54a881be6a533235971c8369a5c1b53673dd625568c39cb57e4a8af7078dd6cf21486a1ba08f645e5d713c8532f381f7c94f4d83d9e3d75a443dfa31e47
SSDEEP

24576:H7CFq4c6eAY547rdSLWqzlkhYmNZn/08sE6KudpxFO9qo5I3rEH7/:H7CFq4c6eAYm7rdIlx8RHstKOq

Score

1^/10

Malware Config

Signatures

Files

2024-09-25_1879f5eebcb25d4a4517fbb2caa6ca17_floxif_icedid
.exe windows:4 windows x86 arch:x86

03b35de58de8d8893dedf53e32a0ed59

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a7:cd:66:d9:49:31:02:29:e0:b9:0c:27:42:5d:d8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/05/2010, 00:00

Not After

27/05/2011, 23:59

Subject

CN=KONICA MINOLTA BUSINESS TECHNOLOGIES\, INC.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Electronic Information Technology R&D Center\, Div.1,O=KONICA MINOLTA BUSINESS TECHNOLOGIES\, INC.,L=Hachioji-shi,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Reenumerate_DevNode
CM_Get_Child
CM_Get_DevNode_Registry_PropertyW
CM_Get_Parent
CM_Locate_DevNodeA

kernel32

FreeLibrary
IsDBCSLeadByte
Sleep
GetTempPathA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
LoadResource
LoadLibraryA
LockResource
TerminateThread
OpenProcess
GlobalFree
GlobalAlloc
WritePrivateProfileStringA
SizeofResource
SetLastError
GetModuleHandleA
InterlockedExchange
CompareStringA
GetCurrentThread
ReleaseMutex
GetCommandLineW
GetCurrentProcess
GlobalHandle
GetUserDefaultLangID
FlushFileBuffers
WriteFile
GetFileSize
ReadFile
GlobalLock
GlobalUnlock
ResumeThread
GetTickCount
GetLastError
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringA
GetOEMCP
GetACP
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapSize
VirtualAlloc
GetFileType
SetStdHandle
ExitThread
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
GetFileTime
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalReAlloc
TlsGetValue
GlobalFlags
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
InterlockedDecrement
SuspendThread
SetEvent
SetThreadPriority
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
FreeResource
GetCurrentThreadId
GlobalDeleteAtom
CreateDirectoryA
CreateFileA
GetCurrentProcessId
OutputDebugStringA
GetShortPathNameA
TerminateProcess
CopyFileA
GetFileAttributesA
GetSystemDirectoryA
FindFirstFileA
SetFileAttributesA
DeleteFileA
FindNextFileA
RemoveDirectoryA
SystemTimeToFileTime
CreateThread
GetModuleFileNameA
lstrcatA
lstrcmpA
WriteProfileStringA
FindClose
GetPrivateProfileStringA
ExpandEnvironmentStringsA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetWindowsDirectoryA
GetProfileStringA
lstrcpyA
lstrlenA
GetVersionExA

advapi32

EqualSid
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegOpenKeyExA
LookupPrivilegeValueA
RegSetValueExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
RegCloseKey
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExA
RegQueryValueExA

user32

GetDlgItem
IsWindow
EnumWindows
GetWindowThreadProcessId
ShowWindow
EnumDesktopWindows
IsIconic
GetSystemMenu
DrawIcon
SetForegroundWindow
ExitWindowsEx
GetSysColor
FillRect
InflateRect
EnumChildWindows
GetDesktopWindow
DestroyWindow
GetSystemMetrics
ScreenToClient
GetActiveWindow
GetClientRect
OffsetRect
ReleaseDC
wsprintfA
SendMessageTimeoutA
SendMessageA
MessageBoxA
SendDlgItemMessageA
GetWindowTextA
CheckMenuItem
EnableMenuItem
GetMenuState
GetFocus
GetDC
SetMenuItemBitmaps
GetWindow
GetWindowPlacement
SystemParametersInfoA
SetWindowPos
GetDlgCtrlID
PtInRect
CopyRect
AdjustWindowRectEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
UpdateWindow
IsWindowVisible
GetKeyState
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
SetFocus
CallNextHookEx
GetCapture
MoveWindow
IsWindowEnabled
ValidateRect
GetCursorPos
TranslateMessage
EndDialog
GetNextDlgTabItem
WindowFromPoint
ClientToScreen
BeginPaint
EndPaint
PostQuitMessage
SetCursor
DestroyMenu
GetSysColorBrush
UnregisterClassA
GetParent
InvalidateRect
GetMenuCheckMarkDimensions
GetWindowRect

gdi32

SetBkColor
CreateBitmap
GetClipBox
SetTextColor
SelectObject
SaveDC
RestoreDC
SetBkMode
SetMapMode
DPtoLP
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
GetStockObject
SelectPalette
StretchDIBits
SetDIBitsToDevice
SetStretchBltMode
CreatePalette
RealizePalette
CreateSolidBrush
DeleteObject
SetViewportOrgEx
Escape
RectVisible
PtVisible

shell32

SHGetSpecialFolderLocation
SHGetMalloc

winspool.drv

DeletePortA
GetPrinterDriverDirectoryW
EnumMonitorsA
GetPrintProcessorDirectoryA
GetPrinterDriverDirectoryA
AddPrinterA
AddPortA
EnumPrinterDriversA
DeletePrinterConnectionA
DeletePrinter
DeletePrinterDriverA
AddPrintProcessorA
DeleteMonitorA
AddMonitorA
AddPrinterDriverA
DocumentPropertiesA
GetPrinterA
SetPrinterA
ord202
ord201
OpenPrinterA
EnumPrintersA
ClosePrinter
EnumPortsA

setupapi

SetupGetStringFieldA
SetupOpenInfFileA
SetupOpenAppendInfFileA
SetupCloseInfFile
SetupFindFirstLineA
SetupFindNextLine
SetupGetLineByIndexA
SetupQueueCopyA
SetupScanFileQueueA
SetupPromptReboot
SetupInstallFromInfSectionA
SetupSetDirectoryIdA
SetupInitDefaultQueueCallback
SetupOpenFileQueue
SetupInstallFilesFromInfSectionA
SetupDefaultQueueCallbackA
SetupCommitFileQueueA
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupGetInfFileListA
SetupInstallFileExA
SetupGetIntField
SetupGetFieldCount
SetupFindNextMatchLineA
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupGetLineCountA

shlwapi

PathFileExistsW
PathRemoveArgsA
PathIsRelativeA
PathFileExistsA
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

iphlpapi

SetIpForwardEntry
GetIpAddrTable

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

VariantChangeType
VariantInit
VariantClear

ws2_32

bind
htons
socket
WSAStartup
htonl
ntohl
recvfrom
WSASetLastError
__WSAFDIsSet
WSAStringToAddressA
sendto
select
setsockopt
closesocket
WSACleanup
inet_ntoa
WSAStringToAddressW
WSAAddressToStringW
gethostname
WSAGetLastError
gethostbyname
inet_addr

wininet

InternetCanonicalizeUrlW
HttpOpenRequestW
InternetOpenUrlW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionW

Sections

.text
Size: 656KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03b35de58de8d8893dedf53e32a0ed59

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

71:a7:cd:66:d9:49:31:02:29:e0:b9:0c:27:42:5d:d8Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

cfgmgr32

kernel32

advapi32

user32

gdi32

shell32

winspool.drv

setupapi

shlwapi

iphlpapi

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 656KB - Virtual size: 654KB

.rdata Size: 192KB - Virtual size: 189KB

.data Size: 28KB - Virtual size: 200KB

.rsrc Size: 36KB - Virtual size: 34KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

71:a7:cd:66:d9:49:31:02:29:e0:b9:0c:27:42:5d:d8
Certificate

.text
Size: 656KB - Virtual size: 654KB

.rdata
Size: 192KB - Virtual size: 189KB

.data
Size: 28KB - Virtual size: 200KB

.rsrc
Size: 36KB - Virtual size: 34KB