2024-10-09_415d71e48e43cc3bfedc075e6a4c9a14_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-09_415d71e48e43cc3bfedc075e6a4c9a14_floxif_icedid
Size

1.5MB
MD5

415d71e48e43cc3bfedc075e6a4c9a14
SHA1

70a97f7382c43b6c03655d3dcfe71690725573ea
SHA256

c3d696351adcb9fe7a82c682fb3b4c113203bbccbc7cb8bbd234fc56a9c33b7a
SHA512

5c7dbcd3595452ab10e939b9e6569ee10e64629b8d3f180db5e801e03a2db9566d65f4c464dbf1bc22ddfdaebc3b64e57b960af112b3d7646a86c91071408b62
SSDEEP

24576:MYNEejWVsPVoaPhG/6UUkZV3Q3D2xl08Ar5IrEH7Z:vvWVs+N/9ZV3Q3qU8Arf

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

2024-10-09_415d71e48e43cc3bfedc075e6a4c9a14_floxif_icedid
.exe windows:5 windows x86 arch:x86

81c486f9ba99e1e0c5f4ede3805c4825

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:ea:bb:5e:e0:35:b2:35:fc:0c:5f:26:4e:d1:8c:a3:05:0b:ac:68
Signer

Actual PE Digest

b4:ea:bb:5e:e0:35:b2:35:fc:0c:5f:26:4e:d1:8c:a3:05:0b:ac:68

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetFileSizeEx
GetFileTime
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetFileAttributesW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
WritePrivateProfileStringW
FileTimeToSystemTime
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
FindResourceExW
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
ReadFile
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetCurrentProcessId
GetModuleHandleA
MulDiv
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
FreeResource
SetLastError
VirtualProtect
lstrlenA
GetSystemPowerStatus
GlobalUnlock
FindNextFileW
RemoveDirectoryW
FormatMessageW
LocalAlloc
LocalSize
LocalFree
GetTempPathW
GetLocalTime
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
DeviceIoControl
Beep
GetCurrentProcess
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExW
GetDriveTypeW
lstrcpynW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
lstrcmpiW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CreateMutexW
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
CreateThread
Sleep
TerminateThread
CreateFileW
GetFileSize
CloseHandle
WriteFile
FlushFileBuffers
DeleteFileW
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
CopyFileW
GetLastError
GetVolumeInformationW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemTimeAsFileTime

user32

GetSysColorBrush
CharUpperW
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
DestroyMenu
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
IsWindowVisible
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowLongW
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
ReleaseDC
GetDC
CopyRect
IsWindow
SetPropW
GetCapture
GetActiveWindow
MapDialogRect
UnregisterClassW
GetForegroundWindow
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
GetFocus
SetFocus
GetWindowLongW
GetDlgItem
IsWindowEnabled
ExitWindowsEx
VkKeyScanW
MessageBeep
GetKeyboardLayout
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetSystemMetrics
IsIconic
GetKeyState
RegisterWindowMessageW
MessageBoxW
SetForegroundWindow
SetActiveWindow
GetWindowRect
LoadCursorW
SetCursor
KillTimer
SetTimer
LoadIconW
PostMessageW
EnableWindow
GetParent
GetClientRect
GetSystemMenu
SendMessageW
EnableMenuItem
PeekMessageW

gdi32

EnumFontFamiliesExW
TextOutW
RectVisible
PtVisible
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateFontIndirectW
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerW
ControlService
StartServiceW
OpenServiceW
DeleteService
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW

shell32

ord165

shlwapi

StrCmpIW
PathFileExistsW
StrCpyNW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoDisconnectObject

oleaut32

VariantCopy
LoadTypeLi
SysAllocString
SysFreeString
VariantInit
VariantClear
SafeArrayGetElement
SafeArrayCreateVector
VariantChangeType
SysAllocStringLen
SysStringLen

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81c486f9ba99e1e0c5f4ede3805c4825

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

b4:ea:bb:5e:e0:35:b2:35:fc:0c:5f:26:4e:d1:8c:a3:05:0b:ac:68Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 9KB - Virtual size: 28KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

b4:ea:bb:5e:e0:35:b2:35:fc:0c:5f:26:4e:d1:8c:a3:05:0b:ac:68
Signer

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 9KB - Virtual size: 28KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB