2025-01-03_397964e66899f7d2915842c62868cf65_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-03_397964e66899f7d2915842c62868cf65_floxif_icedid
Size

2.3MB
MD5

397964e66899f7d2915842c62868cf65
SHA1

17727c5f8da42389492e61bcc3ec73801407860a
SHA256

313e1cff826be2a0799c5078093f6a9ae0b4e8b7df355d6a98598c0eacb06a91
SHA512

51745fc022d54283c164956fda4807a255f9f5513c62d5f597366d4ba5f0989969e7490d1396a4a792774dcba88880c4f0d3f265d08423557c54a23b58fcd188
SSDEEP

49152:DFgGQnfIA7w4TGya8r9J4Pc3lGzIYI3er/7+y5MaI0z4CAZp/STwzRHp11:DFg/fIA7w4Cv8rv48G7I3ez7+pnXHpL

Score

1^/10

Malware Config

Signatures

Files

2025-01-03_397964e66899f7d2915842c62868cf65_floxif_icedid
.exe windows:5 windows x86 arch:x86

e140e5d115a95e37ea0c952058b5a22f

Code Sign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2020, 00:00

Not After

16/04/2022, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/01/2020, 00:00

Not After

16/04/2022, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seogho-cu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:97:29:9c:e0:ff:09:ab:8c:56:75:ed:1f:a8:d0:45:4d:87:56:17:c5:fb:9c:01:02:65:19:38:fe:86:4d:17
Signer

Actual PE Digest

9a:97:29:9c:e0:ff:09:ab:8c:56:75:ed:1f:a8:d0:45:4d:87:56:17:c5:fb:9c:01:02:65:19:38:fe:86:4d:17

Digest Algorithm

sha256

PE Digest Matches

false

bd:b2:dc:3c:36:14:9d:74:e3:4b:6a:64:ab:21:0c:61:3f:04:1c:1e
Signer

Actual PE Digest

bd:b2:dc:3c:36:14:9d:74:e3:4b:6a:64:ab:21:0c:61:3f:04:1c:1e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\src\alupdate\alupdate-windows\bin\Release\DebugInfo\ALUpdateExe.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetSetCookieA
DeleteUrlCacheEntry
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

iphlpapi

GetIfTable

kernel32

CreateThread
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
GetDriveTypeA
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
IsDebuggerPresent
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualFree
HeapCreate
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetHandleCount
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileInformationByHandle
PeekNamedPipe
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
RtlUnwind
GetModuleHandleW
GetFileTime
GetFileSizeEx
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
GetCurrentDirectoryA
GetProfileIntA
GetModuleFileNameW
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
ExitThread
CompareStringA
InterlockedExchange
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetVersion
GetCurrentThreadId
WaitNamedPipeA
SetNamedPipeHandleState
SetEvent
TerminateThread
ResetEvent
SuspendThread
FreeResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
GlobalFree
CreateEventA
MulDiv
OutputDebugStringA
MoveFileA
InterlockedDecrement
GetFileAttributesA
GetSystemInfo
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetLocaleInfoA
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
lstrlenA
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
ProcessIdToSessionId
Process32Next
ReleaseMutex
CreateMutexA
CreateDirectoryA
GetVersionExA
CreateFileW
FileTimeToLocalFileTime
lstrcmpA
LocalAlloc
LocalFree
GetVolumeInformationA
GetPrivateProfileStringW
ReadFile
SetFilePointer
WriteFile
CreateFileA
FormatMessageA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
RemoveDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
FindFirstFileA
MoveFileExA
FindNextFileA
FindClose
WaitForMultipleObjects
OpenProcess
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
OpenMutexA
CloseHandle
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
MultiByteToWideChar
GetSystemDefaultLCID
Sleep
FreeLibrary
CopyFileA
DeleteFileA
GetLocalTime
SetThreadLocale
GetCommandLineA
GetModuleFileNameA
EnumResourceLanguagesA
RaiseException
HeapSize

user32

IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
GetDCEx
SetRectEmpty
InflateRect
EndPaint
BeginPaint
GetWindowDC
CharUpperA
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetScrollPos
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetWindowTextLengthA
InvalidateRgn
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
RedrawWindow
OffsetRect
SetActiveWindow
CopyRect
wsprintfW
MonitorFromWindow
GetMonitorInfoA
GetWindow
GetTopWindow
GetWindowLongA
EnumWindows
IsIconic
ShowWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SystemParametersInfoA
TranslateMessage
GetNextDlgGroupItem
MessageBeep
DestroyMenu
UnregisterClassA
DispatchMessageA
GetWindowTextA
GetClassNameA
RegisterClipboardFormatA
SetFocus
CreateWindowExA
LoadImageA
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScreenToClient
GetSysColor
GetSystemMetrics
MoveWindow
GetCapture
ReleaseCapture
SetCapture
ClientToScreen
GetFocus
DestroyIcon
PtInRect
GetCursorPos
LoadIconA
LoadCursorA
PostThreadMessageA
InvalidateRect
UpdateWindow
GetWindowRect
BringWindowToTop
FillRect
SetCursor
DrawIconEx
SetWindowRgn
EnableWindow
GetParent
KillTimer
SetTimer
GetClientRect
SendMessageA
LoadBitmapA
SetRect
PostMessageA
PeekMessageA
IsWindow

gdi32

GetTextColor
CombineRgn
SetRectRgn
PatBlt
CreateRectRgnIndirect
CreatePatternBrush
ExtSelectClipRgn
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetMapMode
LineTo
CreateFontIndirectA
SetBkMode
RestoreDC
SaveDC
SetBkColor
GetClipBox
GetTextMetricsA
LPtoDP
DPtoLP
GetMapMode
GetBkColor
CreateDCA
GetDeviceCaps
DeleteDC
GetStockObject
DeleteObject
GetPixel
SelectObject
CreateCompatibleDC
BitBlt
StretchBlt
CreateRoundRectRgn
GetTextExtentPoint32A
CreatePen
CreateSolidBrush
CreateFontA
CreateCompatibleBitmap
GetObjectA
CreateBitmap
FillRgn
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetTextColor
MoveToEx

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AdjustTokenPrivileges
GetTokenInformation
RegQueryValueA
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ChangeServiceConfigA
QueryServiceConfigA
DeleteService
ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
RegOpenKeyA
CreateWellKnownSid
GetNamedSecurityInfoA
GetExplicitEntriesFromAclA
DeleteAce
SetNamedSecurityInfoA
LookupPrivilegeValueA
LookupAccountSidA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyA
LookupAccountNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteExA
ord680
DragFinish
DragQueryFileA
DragAcceptFiles
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathAppendA
PathRemoveBackslashA
PathFindFileNameA
SHDeleteKeyA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes

oleaut32

VariantClear
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantChangeType
OleLoadPicture
SysAllocStringLen
SysAllocString
SysFreeString
VariantInit

urlmon

URLDownloadToFileA

ws2_32

WSASetLastError
shutdown
accept
connect
getsockopt
inet_addr
gethostbyname
recvfrom
sendto
send
WSACleanup
closesocket
ntohl
ntohs
recv
WSAStartup
socket
setsockopt
htonl
htons
bind
listen
select
__WSAFDIsSet
ioctlsocket
WSAGetLastError

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CryptDecodeObject
CertGetNameStringA
CertOpenStore

wintrust

WinVerifyTrustEx

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e140e5d115a95e37ea0c952058b5a22f

Code Sign

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:baCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:baCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

9a:97:29:9c:e0:ff:09:ab:8c:56:75:ed:1f:a8:d0:45:4d:87:56:17:c5:fb:9c:01:02:65:19:38:fe:86:4d:17Signer

bd:b2:dc:3c:36:14:9d:74:e3:4b:6a:64:ab:21:0c:61:3f:04:1c:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

iphlpapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

crypt32

wintrust

imagehlp

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 438KB - Virtual size: 438KB

.data Size: 50KB - Virtual size: 73KB

.rsrc Size: 88KB - Virtual size: 87KB

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1f:0e:79:c3:12:e4:59:f2:23:28:72:0a:11:2f:15:ba
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

9a:97:29:9c:e0:ff:09:ab:8c:56:75:ed:1f:a8:d0:45:4d:87:56:17:c5:fb:9c:01:02:65:19:38:fe:86:4d:17
Signer

bd:b2:dc:3c:36:14:9d:74:e3:4b:6a:64:ab:21:0c:61:3f:04:1c:1e
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 438KB - Virtual size: 438KB

.data
Size: 50KB - Virtual size: 73KB

.rsrc
Size: 88KB - Virtual size: 87KB