1d9c3273febac7c2ae327ebbbbf471e5_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1d9c3273febac7c2ae327ebbbbf471e5_icedid_JC.exe
Size

1.2MB
MD5

1d9c3273febac7c2ae327ebbbbf471e5
SHA1

30f20b186fdd3e041725139eca960ecf1b153cda
SHA256

0edef72bb92b7a8f117d86ae3183f2803cc9dc3e1a9545235daafbae6e8fd812
SHA512

abc5f6d58a839fe9c3cc76bde84e78904e250044f9f481bb8852be0eba61f9df6ab429538924079888b270583fd5d32cdfb4960ec23da4a8efdfab305101b79f
SSDEEP

12288:eETiee3g5Pe3sCGNfk1RbdgXwuC1qNZh34FgPvgwivPrdDn6H+GX8N:eKqjsv1MgXwuznV4c4JvTO8N

Score

1^/10

Malware Config

Signatures

Files

1d9c3273febac7c2ae327ebbbbf471e5_icedid_JC.exe
.exe windows x86

ed6877ac5ed3d536f86e9ec343a1c531

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:ea:b3:ac:30:c7:01:6a:29:9c:8d:31:d9:9f:3a:e8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

26/07/2008, 23:59

Subject

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:42:e6:6c:13:ab:1f:f1:82:24:72:69:b5:0c:4e:9e:a8:b0:a4:2e
Signer

Actual PE Digest

26:42:e6:6c:13:ab:1f:f1:82:24:72:69:b5:0c:4e:9e:a8:b0:a4:2e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
ExitProcess
RtlUnwind
TerminateProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
InterlockedIncrement
GlobalFlags
lstrcmpiW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
LocalAlloc
FormatMessageW
LocalFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThread
WideCharToMultiByte
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
MulDiv
SetLastError
lstrcpynW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcatW
lstrcmpW
GetVersionExA
GetModuleHandleW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcAddress
GetFileInformationByHandle
FindNextFileW
CompareFileTime
DeleteFileW
GetFileSizeEx
ReadFile
SetFilePointer
WriteFile
FreeLibrary
LoadLibraryW
CloseHandle
CreateFileW
GetTickCount
HeapCreate
HeapReAlloc
HeapDestroy
lstrlenA
MultiByteToWideChar
CreateDirectoryW
InterlockedDecrement
GetProcessHeap
HeapAlloc
HeapFree
FindFirstFileW
FindClose
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleFileNameW
CreateMutexW
GetLastError
FindResourceW
SizeofResource
LoadResource
GetCurrentProcessId
LockResource

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
CharUpperW
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
WindowFromPoint
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
GetFocus
IsWindow
IsChild
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenuEx
GetKeyState
SetForegroundWindow
GetWindowRect
GetWindowDC
ReleaseDC
EnableWindow
SendMessageW
SetFocus
SetCursor
LoadCursorW
wsprintfW
GetClientRect
GetDC
GetDlgItem
GetParent
InvalidateRect
IsWindowVisible
UpdateWindow
GetMenu
PostMessageW
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
PostThreadMessageW
GetDlgCtrlID
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetWindow
ReleaseCapture
GetCursorPos
RegisterClipboardFormatW
SendDlgItemMessageW
DefWindowProcW
SetWindowLongW
CheckRadioButton
MoveWindow
SetRect
LoadCursorFromFileW
DrawIcon
AppendMenuW
GetSystemMenu
IsIconic
ClientToScreen
LoadIconW
SetWindowRgn
LoadBitmapW
GetSystemMetrics
SystemParametersInfoW
MessageBoxW
ScreenToClient
GetWindowLongW
PtInRect
TrackMouseEvent
TranslateAcceleratorW
LoadAcceleratorsW
EnableMenuItem
GetSubMenu
ModifyMenuW
SetMenuItemBitmaps
LoadMenuW
SetCapture

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetStockObject
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetCurrentObject
CreateBitmap
GetObjectW
CreateDIBSection
ExtCreateRegion
CombineRgn
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateSolidBrush

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

comctl32

ord17

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
OleRun
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantCopy
SysAllocStringLen
VariantChangeType
SysStringLen
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
GetErrorInfo
VariantClear

gdiplus

GdipCreateMatrix
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipImageRotateFlip
GdipIsVisibleRegionPointI
GdipTransformRegion
GdipDeleteRegion
GdipDeleteMatrix
GdipRotateMatrix
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipTranslateMatrix
GdipTransformMatrixPointsI
GdipSetPenDashStyle
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDrawEllipseI
GdipFillEllipseI
GdipCreateRegionRectI
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCreateSolidFill
GdipSetPenWidth
GdipSetPenMode
GdipSetPenColor
GdipCreateFromHDC
GdipDrawLineI
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRect
GdipCloneBrush
GdipCloneImage
GdipLoadImageFromFile
GdipGetImageWidth
GdipGetImageHeight
GdipFillRectangle
GdipDrawImageRectI
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 912KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ed6877ac5ed3d536f86e9ec343a1c531

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

23:ea:b3:ac:30:c7:01:6a:29:9c:8d:31:d9:9f:3a:e8Certificate

Extended Key Usages

Key Usages

26:42:e6:6c:13:ab:1f:f1:82:24:72:69:b5:0c:4e:9e:a8:b0:a4:2eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 912KB - Virtual size: 980KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

23:ea:b3:ac:30:c7:01:6a:29:9c:8d:31:d9:9f:3a:e8
Certificate

26:42:e6:6c:13:ab:1f:f1:82:24:72:69:b5:0c:4e:9e:a8:b0:a4:2e
Signer

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 912KB - Virtual size: 980KB