General

Malware Config

Signatures

Files

• 2022-11-23_eaf4fb45b88191885d2d713e22f31570_icedid

  .exe windows x86

  9e624597db4072ac6526c8937d534fcb

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  18-05-2016 00:00

  Not After

  15-07-2019 23:59

  Subject

  CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  16-05-2016 00:00

  Not After

  15-07-2019 23:59

  Subject

  CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  11-06-2015 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  01-01-1997 00:00

  Not After

  31-12-2020 23:59

  Subject

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  99:79:09:32:d8:b5:e6:08:0b:74:ba:fc:3c:a6:8a:16:43:e7:a3:c8:13:81:cf:2f:69:fa:08:87:f9:8b:88:cb

  Signer

  Actual PE Digest

  99:79:09:32:d8:b5:e6:08:0b:74:ba:fc:3c:a6:8a:16:43:e7:a3:c8:13:81:cf:2f:69:fa:08:87:f9:8b:88:cb

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

  28-03-2017 13:45

  Valid: false

  6e:b0:d2:76:ac:0a:e9:e1:1d:4e:83:24:39:d5:64:14:be:de:08:80

  Signer

  Actual PE Digest

  6e:b0:d2:76:ac:0a:e9:e1:1d:4e:83:24:39:d5:64:14:be:de:08:80

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

  28-03-2017 13:44

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  socket

  ioctlsocket

  connect

  inet_addr

  WSAGetLastError

  ntohl

  htonl

  closesocket

  send

  recv

  __WSAFDIsSet

  select

  getsockopt

  listen

  bind

  accept

  getsockname

  ntohs

  WSASetLastError

  WSACleanup

  WSAStartup

  gethostbyname

  htons

  kernel32

  GlobalFlags

  TlsAlloc

  GlobalHandle

  TlsFree

  GlobalReAlloc

  TlsSetValue

  LocalReAlloc

  TlsGetValue

  GetProcessVersion

  GetCPInfo

  GetOEMCP

  GetFileTime

  SetErrorMode

  WritePrivateProfileStringA

  FindResourceExA

  RtlUnwind

  SetEnvironmentVariableW

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  VirtualProtect

  GetLocalTime

  GetSystemTimeAsFileTime

  RaiseException

  HeapReAlloc

  RemoveDirectoryA

  SetEnvironmentVariableA

  SetCurrentDirectoryA

  GetFileInformationByHandle

  PeekNamedPipe

  GetFileType

  GetStartupInfoA

  GetCommandLineA

  GetACP

  ExitThread

  HeapSize

  GetEnvironmentVariableA

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  IsBadWritePtr

  LCMapStringA

  LCMapStringW

  SetUnhandledExceptionFilter

  SetStdHandle

  SetHandleCount

  GetStdHandle

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  GetStringTypeA

  GetStringTypeW

  IsBadReadPtr

  IsBadCodePtr

  CompareStringA

  CompareStringW

  lstrlenW

  GetCurrentThread

  GetTickCount

  GetProfileIntA

  GetThreadLocale

  GetFullPathNameA

  FindFirstFileA

  UnlockFile

  LockFile

  DuplicateHandle

  lstrcmpA

  SuspendThread

  SetThreadPriority

  ResumeThread

  FileTimeToLocalFileTime

  InterlockedIncrement

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  lstrcpyA

  CreateProcessA

  SetThreadExecutionState

  GetVolumeInformationW

  CompareFileTime

  GetDiskFreeSpaceW

  GetDiskFreeSpaceA

  GetSystemInfo

  InterlockedDecrement

  GetComputerNameA

  FindResourceA

  SizeofResource

  LoadResource

  LockResource

  GetCurrentDirectoryA

  GetSystemDefaultLangID

  GetVolumeInformationA

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  lstrcpynA

  CreateThread

  SleepEx

  ReadFile

  CreateDirectoryA

  CopyFileW

  MoveFileA

  LocalAlloc

  SetLastError

  CreateDirectoryW

  GetFileAttributesExW

  FileTimeToSystemTime

  CreateWaitableTimerA

  SetWaitableTimer

  CancelWaitableTimer

  SetFileAttributesW

  FlushFileBuffers

  DeviceIoControl

  GetCurrentThreadId

  TerminateProcess

  GetUserDefaultLangID

  SetEvent

  lstrlenA

  SetFileAttributesA

  DeleteFileA

  GetWindowsDirectoryW

  lstrcmpiA

  GetLocaleInfoA

  GetDriveTypeW

  GetVersion

  GetCurrentProcessId

  MoveFileW

  RemoveDirectoryW

  GetSystemTime

  SystemTimeToFileTime

  SetFileTime

  LoadLibraryW

  MoveFileExW

  GlobalAlloc

  GlobalFree

  GetModuleHandleA

  WriteFile

  GetProcessHeap

  HeapFree

  HeapAlloc

  OpenProcess

  lstrcatA

  GetFileSize

  CreateFileMappingA

  MapViewOfFile

  UnmapViewOfFile

  SetFilePointer

  SetEndOfFile

  GetSystemDirectoryW

  DeleteFileW

  GetWindowsDirectoryA

  GetVersionExA

  GetExitCodeProcess

  CreateFileA

  GetCurrentProcess

  CreateProcessW

  GetModuleFileNameW

  CreateEventA

  WaitForMultipleObjects

  ResetEvent

  FindFirstFileW

  FindNextFileW

  FindClose

  CreateFileW

  CreateMutexA

  OpenMutexA

  WaitForSingleObject

  ReleaseMutex

  CloseHandle

  GetSystemDirectoryA

  GetModuleFileNameA

  GetFileAttributesA

  CopyFileA

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  Sleep

  GlobalSize

  GlobalLock

  GlobalUnlock

  WideCharToMultiByte

  GetFileAttributesW

  GetLastError

  FormatMessageA

  LocalFree

  MultiByteToWideChar

  MulDiv

  ExitProcess

  GetProfileStringA

  GetTimeZoneInformation

  user32

  GetDCEx

  LockWindowUpdate

  InflateRect

  CharUpperA

  IsClipboardFormatAvailable

  ValidateRect

  GrayStringA

  DrawTextA

  TabbedTextOutA

  GetMenuCheckMarkDimensions

  GetMenuState

  SetMenuItemBitmaps

  IsDialogMessageA

  GetDlgItemTextA

  SendDlgItemMessageA

  MapWindowPoints

  GetFocus

  AdjustWindowRectEx

  DeferWindowPos

  BeginDeferWindowPos

  EndDeferWindowPos

  GetTopWindow

  IsChild

  WinHelpA

  GetClassInfoA

  SetWindowsHookExA

  CallNextHookEx

  GetClassLongA

  UnhookWindowsHookEx

  CallWindowProcA

  GetMessageTime

  GetLastActivePopup

  SystemParametersInfoA

  GetWindowPlacement

  GetNextDlgTabItem

  EndDialog

  SetActiveWindow

  CreateDialogIndirectParamA

  GetParent

  IsWindowEnabled

  GetActiveWindow

  DrawTextW

  DrawFrameControl

  SetRect

  SystemParametersInfoW

  DrawStateA

  ModifyMenuW

  DeleteMenu

  AppendMenuW

  DrawIconEx

  GetSysColorBrush

  FillRect

  FrameRect

  PeekMessageA

  UnionRect

  ClientToScreen

  WindowFromPoint

  SetDlgItemTextA

  GetWindowTextLengthW

  GetWindowTextLengthA

  CopyIcon

  SetFocus

  DestroyIcon

  PostQuitMessage

  GetMessageA

  TranslateMessage

  DispatchMessageA

  UpdateWindow

  SetCursorPos

  GetClassNameA

  CreateDialogParamW

  CreateDialogParamA

  GetPropA

  RemovePropA

  DefWindowProcW

  DefWindowProcA

  CreateWindowExA

  SetWindowLongA

  ShowWindow

  RegisterClassA

  DefDlgProcA

  DestroyWindow

  GetWindowLongA

  GetWindowDC

  BeginPaint

  EndPaint

  SetDlgItemTextW

  RegisterWindowMessageA

  RegisterClipboardFormatA

  RemoveMenu

  DrawFocusRect

  GetMessagePos

  ScreenToClient

  LoadCursorA

  SetCursor

  EqualRect

  GetCapture

  ReleaseCapture

  SetCapture

  CreatePopupMenu

  GetKeyState

  ModifyMenuA

  TrackPopupMenu

  IsIconic

  GetSystemMetrics

  DrawIcon

  OffsetRect

  EnableMenuItem

  SetClipboardViewer

  CheckMenuItem

  LoadImageW

  LoadImageA

  DestroyMenu

  ChangeClipboardChain

  GetMenu

  EnumWindows

  SetForegroundWindow

  IsWindowVisible

  wsprintfW

  SendMessageW

  LoadBitmapA

  IsWindow

  GetNextDlgGroupItem

  CopyAcceleratorTableA

  CharNextA

  PostThreadMessageA

  GetAsyncKeyState

  SetRectEmpty

  MapDialogRect

  SetWindowContextHelpId

  IntersectRect

  IsRectEmpty

  GetMenuItemCount

  GetMenuItemID

  GetSubMenu

  AppendMenuA

  CheckMenuRadioItem

  GetCursorPos

  PtInRect

  InvalidateRect

  GetClientRect

  ReleaseDC

  CopyRect

  FindWindowA

  GetWindowThreadProcessId

  MsgWaitForMultipleObjects

  MoveWindow

  SetParent

  KillTimer

  SetTimer

  wsprintfA

  PostMessageA

  GetForegroundWindow

  ExitWindowsEx

  MessageBeep

  GetWindowTextA

  MessageBoxW

  GetWindowTextW

  GetWindowRect

  CreateWindowExW

  SetWindowPos

  SetWindowTextW

  SetWindowTextA

  GetDesktopWindow

  MessageBoxA

  GetDlgItem

  GetSysColor

  GetDlgCtrlID

  LoadStringA

  SendMessageA

  GetWindow

  GetDC

  EnableWindow

  LoadIconA

  IsWindowUnicode

  ExcludeUpdateRgn

  ShowCaret

  HideCaret

  UnregisterClassA

  SetPropA

  gdi32

  SelectClipRgn

  GetBkColor

  EnumFontFamiliesExA

  GetTextColor

  SetWindowExtEx

  ScaleViewportExtEx

  CopyMetaFileA

  GetCharWidthA

  StretchDIBits

  CombineRgn

  SetRectRgn

  CreateRectRgnIndirect

  PatBlt

  Escape

  ExtTextOutA

  TextOutA

  RectVisible

  PtVisible

  CreatePatternBrush

  GetWindowExtEx

  GetViewportExtEx

  CreateRectRgn

  GetMapMode

  SetMapMode

  LPtoDP

  DPtoLP

  GetTextMetricsA

  CreateCompatibleBitmap

  DeleteObject

  SelectObject

  StretchBlt

  BitBlt

  DeleteDC

  GetStockObject

  CreateCompatibleDC

  IntersectClipRect

  GetDIBits

  CreateDIBSection

  GetTextExtentPoint32A

  CreateSolidBrush

  GetObjectA

  GetTextExtentPointA

  CreateDIBitmap

  CreateFontIndirectA

  GetDeviceCaps

  ScaleWindowExtEx

  CreateFontA

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  RestoreDC

  SaveDC

  CreateBitmap

  GetClipBox

  SetBkMode

  SetBkColor

  SetTextColor

  SetStretchBltMode

  CreateFontIndirectW

  ExcludeClipRect

  comdlg32

  GetSaveFileNameA

  GetOpenFileNameA

  GetFileTitleA

  GetSaveFileNameW

  advapi32

  CloseServiceHandle

  RegQueryValueExA

  RegOpenKeyExA

  RegDeleteValueA

  RegSetValueExA

  RegCreateKeyExA

  RegEnumKeyA

  RegQueryInfoKeyA

  RegDeleteKeyA

  RegEnumKeyExA

  RegQueryValueExW

  RegSetValueExW

  RegDeleteValueW

  RegNotifyChangeKeyValue

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  RegFlushKey

  RegCreateKeyExW

  GetUserNameW

  RegLoadKeyA

  RegRestoreKeyA

  GetUserNameA

  RegSaveKeyA

  OpenSCManagerA

  OpenServiceA

  RegCloseKey

  DuplicateTokenEx

  GetLengthSid

  SetTokenInformation

  CreateProcessAsUserW

  GetTokenInformation

  GetSidSubAuthorityCount

  GetSidSubAuthority

  RegEnumValueA

  shell32

  SHGetMalloc

  SHGetDesktopFolder

  Shell_NotifyIconA

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHFileOperationW

  SHFileOperationA

  ShellExecuteW

  FindExecutableW

  ShellExecuteExA

  ShellExecuteExW

  SHGetFileInfoW

  SHGetFileInfoA

  SHBrowseForFolderA

  SHGetPathFromIDListA

  ShellExecuteA

  comctl32

  ImageList_AddMasked

  ImageList_Add

  ImageList_Remove

  ord17

  ord8

  ImageList_BeginDrag

  ImageList_DragShowNolock

  ImageList_DragMove

  ImageList_EndDrag

  ImageList_DragLeave

  ImageList_Draw

  ImageList_DragEnter

  ImageList_GetIcon

  ImageList_Destroy

  ImageList_Create

  PropertySheetA

  DestroyPropertySheetPage

  CreatePropertySheetPageA

  oledlg

  ord8

  ole32

  CoTaskMemFree

  OleUninitialize

  CreateStreamOnHGlobal

  CoRevokeClassObject

  CoInitialize

  CoUninitialize

  CoSetProxyBlanket

  OleGetClipboard

  CoRegisterClassObject

  CoGetObject

  StringFromGUID2

  CoCreateInstance

  ReleaseStgMedium

  OleFlushClipboard

  OleIsCurrentClipboard

  DoDragDrop

  CoFreeUnusedLibraries

  CLSIDFromProgID

  CLSIDFromString

  CreateILockBytesOnHGlobal

  StgCreateDocfileOnILockBytes

  StgOpenStorageOnILockBytes

  CoGetClassObject

  CoRegisterMessageFilter

  CoTaskMemAlloc

  OleDuplicateData

  CoDisconnectObject

  RevokeDragDrop

  CoLockObjectExternal

  OleInitialize

  RegisterDragDrop

  olepro32

  ord251

  ord253

  oleaut32

  SysAllocString

  SysAllocStringByteLen

  VariantTimeToSystemTime

  VariantChangeType

  VariantCopy

  VariantInit

  VariantClear

  LoadTypeLibEx

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayGetElement

  LoadTypeLi

  SysStringLen

  SysAllocStringLen

  SysFreeString

  wininet

  InternetSetCookieA

  InternetGetCookieA

  InternetCrackUrlA

  InternetCanonicalizeUrlA

  GetUrlCacheEntryInfoW

  InternetCanonicalizeUrlW

  InternetCombineUrlA

  Sections

  .text

  Size: 2.2MB - Virtual size: 2.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 580KB - Virtual size: 577KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 200KB - Virtual size: 219KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 924KB - Virtual size: 923KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ