a527aa07c94b1ddcc88472f466fe1c78_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a527aa07c94b1ddcc88472f466fe1c78_icedid_JC.exe
Size

947KB
MD5

a527aa07c94b1ddcc88472f466fe1c78
SHA1

f098cb7b32e01df955e6ec1fa150c6c530ca579b
SHA256

199d3b7fce43e0e248035cfe308445da82d0618a430dc90b9254d42e295e9485
SHA512

94da4b8a79ca5b6bb9dc8ffd55bb8e99540f4f372d62e9d4ce34664b5ba61b20c1637a743576635446f3ea6fb954e3ea4800886a6811db5d4951898df5d32fea
SSDEEP

6144:R7ZYd9+AeaAGVZmUCUOgaUzItkcHVrgcMM0KkjL1WTCUVa0wwr3eV9z6Tk6kD55R:bYd9pA4KUOgaUktvAKfC6tkuu

Score

1^/10

Malware Config

Signatures

Files

a527aa07c94b1ddcc88472f466fe1c78_icedid_JC.exe
.exe windows x86

1eb20a5c7004a5276720f5e247026166

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/04/2006, 00:00

Not After

22/06/2009, 23:59

Subject

CN=Nero AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LEGAL DEPARTMENT,O=Nero AG,L=Karlsbad,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d7:24:90:45:b5:b7:68:ed:9d:8d:ad:83:0a:a8:2c:72:5e:a4:99:ee
Signer

Actual PE Digest

d7:24:90:45:b5:b7:68:ed:9d:8d:ad:83:0a:a8:2c:72:5e:a4:99:ee

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapReAlloc
SetStdHandle
GetFileType
TerminateProcess
HeapSize
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
VirtualProtect
InterlockedDecrement
GlobalGetAtomNameA
lstrcmpW
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GetFileAttributesA
IsBadReadPtr
GetProcAddress
FreeLibrary
LoadLibraryA
RaiseException
GetCurrentThreadId
GetModuleHandleA
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
GetModuleFileNameA
GetCommandLineA
GetExitCodeProcess
CreateProcessA
FreeResource
GetFileTime
CreateFileA
GetCurrentProcess
CloseHandle
WaitForSingleObject
lstrcatA
GetLongPathNameA
GetTempPathA
CreateDirectoryA
SetLastError
FindClose
FindFirstFileA
LocalFree
FormatMessageA
lstrcpyA
GetUserDefaultLCID
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
CallWindowProcA
SetWindowPos
GetWindowPlacement
CopyRect
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
PeekMessageA
ValidateRect
GetLastActivePopup
wsprintfA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDlgCtrlID
GetWindowLongA
GetClassNameA
IsWindowEnabled
IsDialogMessageA
IsWindowVisible
GetWindow
GetCursorPos
SetWindowLongA
SetCursor
PtInRect
GetKeyState
WinHelpA
GetParent
GetSysColorBrush
UnregisterClassA
GetSysColor
DispatchMessageA
DestroyMenu
TranslateMessage
GetFocus
GetMessageA
UpdateWindow
ShowWindow
SetWindowTextA
GetDesktopWindow
GetWindowRect
DefWindowProcA
PostQuitMessage
DestroyWindow
SetForegroundWindow
SetFocus
CreateWindowExA
EnableMenuItem
LoadCursorA
GetClassInfoExA
PostMessageA
ReleaseDC
GetDC
IsWindow
SystemParametersInfoA
WaitForInputIdle
GetWindowTextA
GetTopWindow
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
MessageBoxA
CharUpperA
GetMenuCheckMarkDimensions

gdi32

SetMapMode
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateFontIndirectA
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SelectObject
TextOutA
GetStockObject
DeleteObject
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA

comctl32

ord17

shlwapi

PathFileExistsA
SHCopyKeyA
SHDeleteKeyA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathIsDirectoryA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetOptionExA
InternetQueryDataAvailable

msi

ord103
ord124
ord17
ord8

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1eb20a5c7004a5276720f5e247026166

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34Certificate

Extended Key Usages

Key Usages

d7:24:90:45:b5:b7:68:ed:9d:8d:ad:83:0a:a8:2c:72:5e:a4:99:eeSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

wininet

msi

Sections

.text Size: 188KB - Virtual size: 184KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 687KB - Virtual size: 687KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

d7:24:90:45:b5:b7:68:ed:9d:8d:ad:83:0a:a8:2c:72:5e:a4:99:ee
Signer

.text
Size: 188KB - Virtual size: 184KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 687KB - Virtual size: 687KB