2023-08-22_69dedf8c0ac767106ba21cd186e2f830_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-22_69dedf8c0ac767106ba21cd186e2f830_icedid_JC.exe
Size

744KB
MD5

69dedf8c0ac767106ba21cd186e2f830
SHA1

21d8f25351ded3a94c9d6a3ceb02013ac48b3846
SHA256

6d4701aa3b23e21ee6210b050dd458bf8aa57e5e039dd0af2982bf26496f2328
SHA512

c64a1ce6f4d2e85988905088695af9a3797f245b293524df55f6ea45c86e95ceb0c67674590b1efd1605a93f340944753ba8f9aeb327667e9271cc5d9552c15c
SSDEEP

12288:uFZuzI4YaeBG2klRwn2YrFyToOV+CZqn6yDH5iE8az:MuzIrBd2YrFyTfTZ+6OH4ET

Score

1^/10

Malware Config

Signatures

Files

2023-08-22_69dedf8c0ac767106ba21cd186e2f830_icedid_JC.exe
.exe windows x86

310029f7db2814b39fe5fbc3410198db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:64:73:13:53:9e:05:fb:8e:39:f2:e3:0a:58:ce:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/09/2013, 00:00

Not After

03/10/2014, 23:59

Subject

CN=EsComputer,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=EsComputer,L=Kita-ku,ST=Osaka,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:93:3a:62:62:25:27:c6:3b:c8:e4:bc:ff:3b:97:59:1c:90:4c:9d
Signer

Actual PE Digest

27:93:3a:62:62:25:27:c6:3b:c8:e4:bc:ff:3b:97:59:1c:90:4c:9d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GlobalFlags
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetCPInfo
GetOEMCP
FindResourceExA
GetCurrentDirectoryA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetFullPathNameW
HeapAlloc
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GlobalReAlloc
RtlUnwind
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetDriveTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
VirtualProtect
InterlockedDecrement
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetFullPathNameA
GetThreadLocale
GetModuleHandleA
lstrcmpA
ReleaseMutex
CreateMutexA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
CreateEventA
SuspendThread
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
CompareStringA
CompareStringW
InterlockedExchange
GetVersion
lstrlenA
ExitProcess
GetVolumeNameForVolumeMountPointA
MoveFileW
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
CreateFileW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileIntA
GetPrivateProfileIntW
MoveFileA
MultiByteToWideChar
FindFirstFileA
SetLastError
FindFirstFileW
FindClose
FindNextFileA
FindNextFileW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
QueryDosDeviceA
GetLogicalDrives
OpenProcess
DeviceIoControl
CreateFileA
FlushFileBuffers
ResumeThread
ReleaseSemaphore
CloseHandle
CreateSemaphoreA
LocalFree
GetComputerNameA
GetVolumeInformationA
Sleep
GetLastError
GetModuleFileNameA
GetWindowsDirectoryA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
SetEvent
FindResourceA
TerminateThread
WaitForSingleObject
LoadResource
FindCloseChangeNotification
LockResource
FindNextChangeNotification
SizeofResource
WaitForMultipleObjects
WideCharToMultiByte
FindFirstChangeNotificationA
RaiseException
ResetEvent

user32

GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
IsIconic
GetWindowRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
GetWindowTextA
CharUpperA
GetParent
GetWindowPlacement
SystemParametersInfoA
AttachThreadInput
GetForegroundWindow
MessageBoxA
EnableMenuItem
RegisterClipboardFormatA
RedrawWindow
SetActiveWindow
SendMessageA
LoadIconA
EnableWindow
GetWindowThreadProcessId
GetDesktopWindow
GetWindow
wsprintfA
KillTimer
SetTimer
DestroyMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuA
DestroyIcon
LoadImageA
RegisterWindowMessageA
MsgWaitForMultipleObjects
IsWindow
PostMessageA
GetLastActivePopup
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetSystemMetrics
PostThreadMessageA
GetClassLongA
GetCapture
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
InvalidateRect
SetRect
MessageBeep
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
SetCursor
PostQuitMessage
MapDialogRect
GetAsyncKeyState
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
WinHelpA
ModifyMenuA
IsChild

gdi32

DeleteObject
GetObjectA
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateRectRgnIndirect
GetMapMode
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
QueryServiceStatus
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CloseServiceHandle
QueryServiceConfigA
OpenServiceA
OpenSCManagerA

shell32

Shell_NotifyIconA
SHGetFileInfoA
SHChangeNotify

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoFreeUnusedLibraries
CoRevokeClassObject
OleInitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoUninitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
VariantChangeType
SysAllocStringByteLen
SysFreeString
SysStringLen
VariantClear
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

iphlpapi

GetAdaptersInfo

setupapi

CM_Locate_DevNodeA
CM_Get_DevNode_Status
CM_Get_Child
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_ListA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Parent
CM_Get_Device_IDA
CM_Get_Sibling

Sections

.text
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

310029f7db2814b39fe5fbc3410198db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

49:64:73:13:53:9e:05:fb:8e:39:f2:e3:0a:58:ce:3dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

27:93:3a:62:62:25:27:c6:3b:c8:e4:bc:ff:3b:97:59:1c:90:4c:9dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

setupapi

Sections

.text Size: 420KB - Virtual size: 417KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 168KB - Virtual size: 167KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:64:73:13:53:9e:05:fb:8e:39:f2:e3:0a:58:ce:3d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

27:93:3a:62:62:25:27:c6:3b:c8:e4:bc:ff:3b:97:59:1c:90:4c:9d
Signer

.text
Size: 420KB - Virtual size: 417KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 168KB - Virtual size: 167KB