2024-10-02_b38a91f76cac6eba6e3bf53abe2e09d3_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-02_b38a91f76cac6eba6e3bf53abe2e09d3_floxif_icedid
Size

2.7MB
MD5

b38a91f76cac6eba6e3bf53abe2e09d3
SHA1

13249df7426f36209f4288f5a0403fa102496579
SHA256

833c8c3d11603d798943c5469a4e1d4c9de43a9b73d98548b2a96b683fd82bdd
SHA512

39e5e9dece9d10e4b8b7065d7d6dc8eef99f5ec7cbe13c579c5fc912b5db39c36a36f86b6161b44bb14972bec74ff19a4fdf74adf43cc355cfd1259093fbb42a
SSDEEP

49152:FgfYgsaKXDVmOH9Gj/44aKXDVmOH9Gj8HaKXDVmOH9Gjg2:FgfVVKZpKOK6

Score

1^/10

Malware Config

Signatures

Files

2024-10-02_b38a91f76cac6eba6e3bf53abe2e09d3_floxif_icedid
.exe windows:4 windows x86 arch:x86

3316a946598d6fd3347a465cd58b9470

Code Sign

0e:a7:6b:22:0a:cb:51:b1:3f:b4:f9:b5:bc:95:32:32
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/01/2019, 00:00

Not After

23/01/2020, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:6b:22:0a:cb:51:b1:3f:b4:f9:b5:bc:95:32:32
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/01/2019, 00:00

Not After

23/01/2020, 12:00

Subject

CN=HP Inc.,OU=HP Cybersecurity,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:7c:f2:27:ab:3d:8a:6e:c5:e4:a3:69:ce:e5:01:cf:62:0a:da:60:04:4e:b7:d4:b0:bc:3d:07:84:60:f8:57
Signer

Actual PE Digest

7e:7c:f2:27:ab:3d:8a:6e:c5:e4:a3:69:ce:e5:01:cf:62:0a:da:60:04:4e:b7:d4:b0:bc:3d:07:84:60:f8:57

Digest Algorithm

sha256

PE Digest Matches

false

e5:6a:1b:9d:2d:00:49:90:e7:35:e8:c3:df:de:b2:22:a0:dd:96:8d
Signer

Actual PE Digest

e5:6a:1b:9d:2d:00:49:90:e7:35:e8:c3:df:de:b2:22:a0:dd:96:8d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\rajashen\Installer_WIN\Source\REL\Installer_V4\CommonInstaller\CommonInstaller3\release\totalUninstaller.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupOpenInfFileW
SetupGetStringFieldW
SetupGetLineCountW
SetupGetLineTextW
SetupCloseInfFile
SetupGetLineByIndexW

kernel32

GetVersion
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
SetErrorMode
GetFileAttributesW
lstrlenA
WritePrivateProfileStringW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
EnumResourceLanguagesW
HeapReAlloc
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
SuspendThread
SetThreadPriority
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetModuleHandleA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrlenW
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
InterlockedDecrement
CompareFileTime
GetFileTime
MoveFileExW
WriteFile
GetTimeFormatW
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
SetEndOfFile
GetStdHandle
CreateFileW
GetVersionExW
LocalFree
WideCharToMultiByte
FormatMessageW
SetInformationJobObject
OpenJobObjectW
RemoveDirectoryW
GetTempFileNameW
ReleaseMutex
CreateMutexW
GetTempPathW
SetLastError
GetTickCount
WaitForMultipleObjects
OpenProcess
QueryInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
GetCurrentProcess
IsProcessInJob
GetExitCodeThread
Sleep
GetExitCodeProcess
CreateDirectoryW
SetFileAttributesW
CopyFileW
FreeResource
GlobalUnlock
GlobalLock
ResumeThread
SetEvent
CreateEventW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
TerminateProcess
CloseHandle
WaitForSingleObject
GetModuleFileNameW
GetLastError
GlobalFree
GetUserDefaultUILanguage
DeleteFileW
FindResourceW
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
RaiseException

user32

SetCursor
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetMenuState
GetWindowThreadProcessId
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CharUpperW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetParent
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetSysColor
SetTimer
DestroyMenu
GetSysColorBrush
LoadCursorW
IsIconic
MessageBoxW
GetFocus
LoadImageW
DestroyIcon
DrawIconEx
GetIconInfo
PostMessageW
IsWindow
LoadBitmapW
ReleaseDC
InvalidateRect
RedrawWindow
GetSystemMetrics
GetWindowRect
SendMessageW
EnableWindow
LoadIconW
GetClientRect
FillRect
GetDC
UnregisterClassW
GetDlgItem
UnregisterClassA
DispatchMessageW

gdi32

DeleteDC
CreateBitmap
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
CreateFontIndirectW
GetObjectW
CreatePen
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
PtVisible

comdlg32

GetFileTitleW

winspool.drv

GetPrinterDriverDirectoryW
EnumPrinterDriversW
EnumPrintersW
OpenPrinterW
DeletePrinter
ClosePrinter
DeletePrinterDriverW
DocumentPropertiesW

advapi32

RegSetValueExW
RegQueryValueW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyW

shell32

SHGetFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW
ExtractIconW
ord680
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

SHDeleteEmptyKeyW
PathFileExistsW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
SHDeleteKeyW
PathFindFileNameW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

VariantChangeType
VariantInit
VariantClear

gdiplus

GdipImageGetFrameCount
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipGetImageWidth
GdipGetImageHeight
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromStreamICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipDisposeImage
GdipImageGetFrameDimensionsList
GdipAlloc
GdipFree

Exports

Exports

?CI3_Wow64@@YAAAVCWow64@@XZ

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3316a946598d6fd3347a465cd58b9470

Code Sign

0e:a7:6b:22:0a:cb:51:b1:3f:b4:f9:b5:bc:95:32:32Certificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0e:a7:6b:22:0a:cb:51:b1:3f:b4:f9:b5:bc:95:32:32Certificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7e:7c:f2:27:ab:3d:8a:6e:c5:e4:a3:69:ce:e5:01:cf:62:0a:da:60:04:4e:b7:d4:b0:bc:3d:07:84:60:f8:57Signer

e5:6a:1b:9d:2d:00:49:90:e7:35:e8:c3:df:de:b2:22:a0:dd:96:8dSigner

Headers

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

0e:a7:6b:22:0a:cb:51:b1:3f:b4:f9:b5:bc:95:32:32
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0e:a7:6b:22:0a:cb:51:b1:3f:b4:f9:b5:bc:95:32:32
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7e:7c:f2:27:ab:3d:8a:6e:c5:e4:a3:69:ce:e5:01:cf:62:0a:da:60:04:4e:b7:d4:b0:bc:3d:07:84:60:f8:57
Signer

e5:6a:1b:9d:2d:00:49:90:e7:35:e8:c3:df:de:b2:22:a0:dd:96:8d
Signer

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB