0da10227b05f29a173d83ae043f1fbad_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0da10227b05f29a173d83ae043f1fbad_icedid_JC.exe
Size

1.1MB
MD5

0da10227b05f29a173d83ae043f1fbad
SHA1

bfe59569defb827d674461f3a3f26966f5d88e34
SHA256

b1ba0827bde37ad202550add45cc0f25e380863214952fb93df42a9aa8376188
SHA512

fc7b284f2d67abf5f9158a8af3b00f1ef1b2474611d7df91c5c7d53d68b8f4a40c9960ee2a9d4134b398f8d4a2983a49524ca4268cbc0434dc69b58efb02a490
SSDEEP

6144:je3B4adF36oLOwFalUYCZfavDJTjrTvgCaiK+uN87Iwr3eV9z6Tk6kD55JwOVkPL:y3B4adF31OwFaBSivJ6i+KkuaWhbKE

Score

1^/10

Malware Config

Signatures

Files

0da10227b05f29a173d83ae043f1fbad_icedid_JC.exe
.exe windows x86

f30fcfe5574c91f79e730c28a62f9602

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/04/2006, 00:00

Not After

22/06/2009, 23:59

Subject

CN=Nero AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LEGAL DEPARTMENT,O=Nero AG,L=Karlsbad,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:82:09:32:75:ec:8c:a2:f7:4e:d5:0e:cd:44:25:59:8a:4b:35:35
Signer

Actual PE Digest

e3:82:09:32:75:ec:8c:a2:f7:4e:d5:0e:cd:44:25:59:8a:4b:35:35

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
SetStdHandle
GetFileType
HeapSize
TlsSetValue
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
VirtualProtect
GlobalGetAtomNameA
lstrcmpW
InterlockedDecrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
GetCommandLineA
GetFileTime
CreateFileA
GetCurrentProcess
CloseHandle
WaitForSingleObject
GetTempPathA
CreateDirectoryA
SetLastError
FindClose
FindFirstFileA
GetUserDefaultLCID
FreeResource
lstrcatA
WinExec
GetFileAttributesA
GetWindowsDirectoryA
lstrcpyA
IsBadReadPtr
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
GetLongPathNameA
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersion
GetVersionExA
DeleteCriticalSection
CompareStringA
GetThreadLocale
lstrcmpiA
GetLastError
InterlockedExchange
RaiseException
lstrlenW
MultiByteToWideChar
GetACP
CompareStringW
WideCharToMultiByte
InitializeCriticalSection
GetLocaleInfoA
lstrlenA
HeapDestroy

user32

DestroyMenu
wsprintfA
WindowFromPoint
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MoveWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
CallWindowProcA
SetWindowPos
IsIconic
GetWindowPlacement
CopyRect
GetLastActivePopup
CallNextHookEx
GetActiveWindow
PeekMessageA
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconA
DispatchMessageA
TranslateMessage
GetWindowTextLengthA
GetMessageA
UpdateWindow
ShowWindow
DefWindowProcA
PostQuitMessage
SetForegroundWindow
SetFocus
CreateWindowExA
GetClassInfoExA
GetTopWindow
FindWindowA
SetWindowTextA
GetDesktopWindow
GetDlgCtrlID
GetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowEnabled
IsDialogMessageA
IsWindowVisible
MapDialogRect
GetWindow
KillTimer
GetCursorPos
SetWindowLongA
SetTimer
MessageBeep
CopyIcon
DestroyCursor
SetCursor
RedrawWindow
GetWindowRect
DrawFocusRect
InflateRect
SetRectEmpty
PtInRect
MessageBoxA
GetKeyState
WinHelpA
GetParent
GetFocus
UnhookWindowsHookEx
ScreenToClient
PostMessageA
SendMessageA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
EnableWindow
ReleaseCapture
GetSysColorBrush
LoadCursorA
IsWindow
DestroyWindow
SetCapture
InvalidateRect
ReleaseDC
GetDC
GetClientRect
OffsetRect
CharUpperA
UnregisterClassA
SetWindowsHookExA

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateFontIndirectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPointA
SetTextJustification
TextOutA
GetStockObject
GetObjectA
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegCloseKey
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathIsDirectoryA
SHCopyKeyA
SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msi

ord17
ord124
ord103
ord8

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 807KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f30fcfe5574c91f79e730c28a62f9602

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34Certificate

Extended Key Usages

Key Usages

e3:82:09:32:75:ec:8c:a2:f7:4e:d5:0e:cd:44:25:59:8a:4b:35:35Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

msi

Sections

.text Size: 204KB - Virtual size: 202KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 807KB - Virtual size: 807KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

e3:82:09:32:75:ec:8c:a2:f7:4e:d5:0e:cd:44:25:59:8a:4b:35:35
Signer

.text
Size: 204KB - Virtual size: 202KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 807KB - Virtual size: 807KB