243c49ac4a949aed28bc40f53ce99c3b_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

243c49ac4a949aed28bc40f53ce99c3b_icedid_JC.exe
Size

1.1MB
MD5

243c49ac4a949aed28bc40f53ce99c3b
SHA1

286fbfbc65b8f9d496bb2567d1c3082477ecf8d4
SHA256

64474966a4ffafc90b88725e64d761639df9556ab1d762187613656f8c5dfe98
SHA512

d1e0f42670aa450899cfa54992f0881c11a3dce1bd5ccf92b6946755baf2474d1939e46a3085cfabd97a8ce0f37431e67d8f9d89f733bf495e3fbb672217b1b8
SSDEEP

24576:22Rz4nxVGv4LA4QNspsuBdHSmm5O5JD3erd9ue8Z+u4+uWT:B4nxVGv481U5JDurd9X8Ysd

Score

1^/10

Malware Config

Signatures

Files

243c49ac4a949aed28bc40f53ce99c3b_icedid_JC.exe
.exe windows x86

eb1764ddd747b3fdcbc802713d7f6777

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

18/05/2010, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:65:fa:9e:90:fe:ec:b2:27:da:a2:e6:68:dc:98:a6:f7:05:3d:81
Signer

Actual PE Digest

df:65:fa:9e:90:fe:ec:b2:27:da:a2:e6:68:dc:98:a6:f7:05:3d:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdiplusStartup

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathFileExistsW
UrlUnescapeW
PathCanonicalizeW
UrlUnescapeA
PathCreateFromUrlW
UrlIsW
UrlEscapeW
PathFindFileNameA
PathFindExtensionW
PathCombineW
PathFindFileNameW

libcef

cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_map_alloc
cef_string_map_free
cef_string_alloc
cef_stream_reader_create_for_handler
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_browser_create
cef_register_extension
cef_initialize
cef_string_free
cef_shutdown
cef_string_list_alloc
cef_string_list_size
cef_string_list_value
cef_string_list_free
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_double
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_v8value_create_undefined
cef_string_map_size

kernel32

GetThreadLocale
FlushFileBuffers
GetFullPathNameW
SuspendThread
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
lstrcmpA
GetTickCount
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
ExitThread
ExitProcess
GetDriveTypeW
RtlUnwind
VirtualAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
CreateFileA
FormatMessageW
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
SetLastError
lstrcmpW
GetVersionExA
RaiseException
LoadLibraryA
InterlockedExchange
OpenMutexW
ReleaseMutex
CreateMutexW
GetUserDefaultUILanguage
WinExec
lstrcatW
lstrcpyW
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringW
CreateThread
WaitForMultipleObjects
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetExitCodeThread
SetThreadPriority
HeapFree
GetProcessHeap
HeapAlloc
GetExitCodeProcess
CreateProcessW
GetVersionExW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
OpenEventW
PulseEvent
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
WaitForSingleObject
GlobalAlloc
ResumeThread
GlobalFree
GlobalUnlock
GlobalLock
CreateFileW
ResetEvent
Sleep
SetEvent
CreateEventW
RemoveDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetCurrentProcessId
FindClose
CloseHandle
GetCurrentProcess
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
GetModuleHandleW
GetFileAttributesW
GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryW
lstrlenA
MultiByteToWideChar
lstrlenW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedCompareExchange

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetActiveWindow
GetMenuState
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindowEnabled
UnregisterClassA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextW
GetLastActivePopup
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
SystemParametersInfoA
GetWindowPlacement
wsprintfW
LoadImageW
DestroyIcon
MessageBoxW
IsZoomed
GetDesktopWindow
EqualRect
UnionRect
GetMonitorInfoW
MonitorFromRect
SetForegroundWindow
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
SetFocus
GetForegroundWindow
GetWindowInfo
SendMessageTimeoutW
SetWindowTextW
MoveWindow
EnableMenuItem
SetCursor
DefWindowProcW
SetWindowPos
ShowWindow
DestroyWindow
GetMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
CopyRect
GetSysColor
GetSystemMetrics
IsIconic
LoadIconW
FindWindowW
ExitWindowsEx
EnableWindow
SystemParametersInfoW
GetWindowLongW
PostMessageW
GetWindow
GetClientRect
RegisterWindowMessageW
CallWindowProcW
SetWindowLongW
IsWindow
RegisterClipboardFormatW
ReleaseDC
SendMessageW
GetDC
GetParent
GetWindowRect
GetSysColorBrush
UnregisterClassW
PostQuitMessage
GetCursorPos
ValidateRect
DestroyMenu
GetMenuItemCount

gdi32

CreateBitmap
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteDC
DeleteObject
SelectObject
RectVisible
PtVisible

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumKeyW
RegOpenKeyW
RegQueryValueW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHBrowseForFolderW
SHGetMalloc

ole32

CoTaskMemFree
OleInitialize

oleaut32

SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb1764ddd747b3fdcbc802713d7f6777

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

df:65:fa:9e:90:fe:ec:b2:27:da:a2:e6:68:dc:98:a6:f7:05:3d:81Signer

Headers

File Characteristics

Imports

gdiplus

comctl32

shlwapi

libcef

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 796KB - Virtual size: 795KB

.rdata Size: 204KB - Virtual size: 200KB

.data Size: 48KB - Virtual size: 65KB

.rsrc Size: 40KB - Virtual size: 120KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

df:65:fa:9e:90:fe:ec:b2:27:da:a2:e6:68:dc:98:a6:f7:05:3d:81
Signer

.text
Size: 796KB - Virtual size: 795KB

.rdata
Size: 204KB - Virtual size: 200KB

.data
Size: 48KB - Virtual size: 65KB

.rsrc
Size: 40KB - Virtual size: 120KB