8bbda64000068f9359d8905ced3fc7b4_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8bbda64000068f9359d8905ced3fc7b4_icedid_JC.exe
Size

6.9MB
MD5

8bbda64000068f9359d8905ced3fc7b4
SHA1

8d23cdea270330563a81cc3bedaf8b43bb8a6c2f
SHA256

e582361c666aac7261701a9bc985ac54bb8d53760faa4ffb208b31e43d88c2ed
SHA512

610c74f6f509230e051010c1bbbe1ec28aba9a5a7b9e2260a7b7730a4bcfeff47bda5ca47241bf31ab75df3d0b111dde6f59eebc9a5252810c9ffd3af842eed8
SSDEEP

98304:K9w89qCZKGgglm9GL74RYfRBda3gviSG6oVhLZrvcCYAIVi/kirIlxBJFYULFXY2:t895KGgglm9vMOLBrYBV5FYULqdewaZ7

Score

1^/10

Malware Config

Signatures

Files

8bbda64000068f9359d8905ced3fc7b4_icedid_JC.exe
.exe windows x86

fcf563686fe494cafe78e9c9cc41d812

Code Sign

43:ca:6f:41:0e:b7:47:08:7d:0b:54:89:2a:f5:5d:dd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/06/2017, 00:00

Not After

28/06/2020, 23:59

Subject

CN=itWatch GmbH,O=itWatch GmbH,L=Muenchen,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:56:5e:5f:84:5f:bc:9d:6c:f8:b2:cb:58:49:80:7e:fa:68:9a:51:14:6f:18:30:58:ca:13:60:aa:af:22:64
Signer

Actual PE Digest

b7:56:5e:5f:84:5f:bc:9d:6c:f8:b2:cb:58:49:80:7e:fa:68:9a:51:14:6f:18:30:58:ca:13:60:aa:af:22:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipDrawImageRectI
GdipCloneImage
GdipGetImageHeight
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateFromHDC

kernel32

GetFileTime
GetLocaleInfoA
EnumResourceLanguagesA
GetCurrentThread
GetModuleFileNameW
InterlockedDecrement
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
GlobalFlags
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
HeapAlloc
HeapFree
SetFileTime
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
ExitProcess
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
SetLastError
GlobalUnlock
GlobalFree
FreeResource
LocalFree
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
SetFileAttributesA
lstrlenA
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
FindFirstFileExA
FindNextFileA
FindClose
GetLastError
FormatMessageA
WaitForSingleObject
RemoveDirectoryA
GlobalAlloc
GlobalLock
MulDiv
DeleteFileA
LoadLibraryA
FreeLibrary
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryExA
FindResourceExA
TerminateProcess
GetExitCodeProcess
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
Sleep
CreateFileA
CloseHandle
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
GetCurrentProcessId
CreateDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter

user32

WindowFromPoint
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
CharUpperA
UnregisterClassA
DestroyMenu
GetSysColorBrush
GetForegroundWindow
SetCursor
ReleaseDC
GetDC
PtInRect
DefWindowProcA
IsWindow
GetSystemMetrics
LoadIconA
LoadCursorA
GetDesktopWindow
GetClientRect
GetWindowRect
IsIconic
DrawIcon
GetWindowThreadProcessId
PostQuitMessage
SendMessageA
PostMessageA
EnableWindow
UpdateWindow

gdi32

PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePen
CreateSolidBrush
CreateFontIndirectA
DPtoLP
DeleteObject
GetClipBox
GetDeviceCaps
GetStockObject
ExtTextOutA
GetCurrentObject
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetBitmapBits
SetBitmapBits
GetObjectA
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
GetUserNameA

shell32

ShellExecuteExA

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

ole32

CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcf563686fe494cafe78e9c9cc41d812

Code Sign

43:ca:6f:41:0e:b7:47:08:7d:0b:54:89:2a:f5:5d:ddCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

b7:56:5e:5f:84:5f:bc:9d:6c:f8:b2:cb:58:49:80:7e:fa:68:9a:51:14:6f:18:30:58:ca:13:60:aa:af:22:64Signer

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 268KB - Virtual size: 264KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 52KB - Virtual size: 48KB

43:ca:6f:41:0e:b7:47:08:7d:0b:54:89:2a:f5:5d:dd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b7:56:5e:5f:84:5f:bc:9d:6c:f8:b2:cb:58:49:80:7e:fa:68:9a:51:14:6f:18:30:58:ca:13:60:aa:af:22:64
Signer

.text
Size: 268KB - Virtual size: 264KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 52KB - Virtual size: 48KB