2023-08-22_e5ba8bd6ed01ec3abfd72ca01e0952f5_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-22_e5ba8bd6ed01ec3abfd72ca01e0952f5_icedid_JC.exe
Size

3.6MB
MD5

e5ba8bd6ed01ec3abfd72ca01e0952f5
SHA1

cdcf99d330d606f87b13d86b55fc35a424dda5c6
SHA256

53be0ba30ddf219da341d9a73d8a0db54bae786e2129336d4acf6e8a237be9e6
SHA512

e751e05b5c1f64d466e6e31604d38134539db69a959a13f2ae3c2b54dc324c02f2064a1e2dbd662207622698469d2c0bae8b4c4f0882d1e3b092273b06c43cc2
SSDEEP

49152:fn7aZtDbnC9xPcXvrFt/Srq1+oX0VJOJUEarka3Ugf09jxnLh6EI8JhoOCutWiOa:fn7aZtnC9twWiOl/hNOmB2Nr

Score

1^/10

Malware Config

Signatures

Files

2023-08-22_e5ba8bd6ed01ec3abfd72ca01e0952f5_icedid_JC.exe
.exe windows x86

21a41b6513fcbb5b4f384bf071263a0c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:e5:a7:75:12:03:00:fb:34:19:45:8b:40:d4:08:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/02/2012, 00:00

Not After

07/03/2013, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:f1:21:00:d5:fc:6c:63:3d:37:43:c1:1d:74:a6:e5:6c:17:3b:ef
Signer

Actual PE Digest

4f:f1:21:00:d5:fc:6c:63:3d:37:43:c1:1d:74:a6:e5:6c:17:3b:ef

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
SetEndOfFile
SetErrorMode
FileTimeToLocalFileTime
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
FindFirstFileA
FindNextFileA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RtlUnwind
ExitProcess
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetThreadLocale
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GlobalFindAtomW
GlobalAddAtomW
FreeResource
WritePrivateProfileStringW
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetSystemDirectoryA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
CreatePipe
ReadFile
SetThreadPriority
IsDBCSLeadByte
GetModuleFileNameA
InterlockedDecrement
FreeEnvironmentStringsA
LoadLibraryExA
InterlockedIncrement
GetEnvironmentStrings
RaiseException
CreateFileMappingA
OpenMutexA
SuspendThread
FindResourceA
GetWindowsDirectoryW
GetWindowsDirectoryA
ExpandEnvironmentStringsW
RemoveDirectoryW
Beep
OpenProcess
GetExitCodeProcess
CreateProcessA
GetFileAttributesA
GetFileAttributesExW
lstrlenA
WritePrivateProfileSectionA
CompareStringW
GetPrivateProfileSectionA
lstrcmpiA
CompareStringA
GetShortPathNameA
MoveFileExA
MoveFileA
GetVersion
SetFileAttributesA
GetFileAttributesExA
lstrlenW
CreateEventA
InterlockedExchange
LocalFree
SetLastError
GetModuleHandleA
GetShortPathNameW
TerminateThread
MoveFileExW
MoveFileW
GetTempFileNameA
CreateDirectoryW
SetFileAttributesW
GetVersionExA
FileTimeToSystemTime
GetFileTime
LoadLibraryA
GetEnvironmentVariableA
SetEnvironmentVariableA
FormatMessageA
ExpandEnvironmentStringsA
SetFilePointer
CreateFileA
GetLocalTime
GetTempFileNameW
WaitForSingleObject
Sleep
SetUnhandledExceptionFilter
GetExitCodeThread
GetTempPathA
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
CreateThread
GetModuleHandleW
GetTickCount
DeleteFileA
RemoveDirectoryA
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryA
FormatMessageW
SetThreadLocale
LockResource
LoadResource
GetSystemDefaultUILanguage
SizeofResource
FindResourceW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetCurrentThread
CompareFileTime
OutputDebugStringW
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
DeleteFileW
GetLastError
CreateFileW
FindClose
FindNextFileW
GetModuleFileNameW
WriteFile
CloseHandle
SetEvent
FindFirstFileW
GetDiskFreeSpaceExW
TerminateProcess
CreateProcessW
FreeLibrary
GetFileSize
CreateEventW
GetFileAttributesW
DuplicateHandle
GetCurrentThreadId
LoadLibraryW
GetCommandLineW
WaitForMultipleObjects

user32

UnregisterClassW
DestroyMenu
LoadCursorW
GetSysColorBrush
GetTabbedTextExtentA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
MessageBoxW
SetWindowTextW
SetDlgItemTextW
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetLastActivePopup
SetCursor
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
MessageBoxA
CharNextA
EnumWindows
SendMessageA
SendMessageW
LoadImageW
GetClientRect
EnableWindow
IsIconic
GetSystemMetrics
DrawIcon
LoadIconW
PostMessageW
InvalidateRect
wsprintfA
CharToOemW
ExitWindowsEx
TranslateMessage
GetMessageA
GetWindowLongA
DefWindowProcA
DispatchMessageA
RegisterClassA
CreateWindowExA
SetWindowLongA
PostQuitMessage
DestroyWindow
SetForegroundWindow
WaitForInputIdle
mouse_event
SetCursorPos
GetCursorPos
keybd_event
VkKeyScanA
GetDlgCtrlID
GetWindowInfo
FindWindowExA
GetWindowThreadProcessId
FindWindowA
CharToOemA
UnregisterClassA
PostThreadMessageA
GetMessagePos

gdi32

PtVisible
GetTextMetricsW
GetTextAlign
GetTextExtentPoint32W
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
GetStockObject
DeleteDC
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
DeleteObject
MoveToEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
DeleteMetaFile
SetPixel
CreateMetaFileW
CreateFontW
CloseMetaFile
CreateBitmap
GetDeviceCaps
RectVisible

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CopySid
IsValidSid
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegSetValueA
RegOpenKeyA
RegUnLoadKeyA
RegLoadKeyA
RegCreateKeyExA
QueryServiceStatus
ControlService
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
CloseServiceHandle
DeleteService
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
AdjustTokenPrivileges
GetSecurityDescriptorOwner
LookupPrivilegeValueA
OpenProcessToken
ImpersonateSelf
GetAce
SetNamedSecurityInfoA
SetSecurityInfo
GetAclInformation
GetTokenInformation
GetSecurityInfo
AddAce
GetNamedSecurityInfoA
RegSetValueExW
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
GetSecurityDescriptorControl
RegQueryValueExW
GetSecurityDescriptorLength
MakeSelfRelativeSD
RevertToSelf
SetThreadToken
SetFileSecurityW
OpenThreadToken
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
FreeSid
GetLengthSid
SetSecurityDescriptorSacl
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl

shell32

SHFileOperationW
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

CoInitializeEx
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CLSIDFromProgID
CoCreateInstanceEx
CoGetObject
CoTaskMemAlloc

oleaut32

LoadTypeLi
SysFreeString
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantChangeType
VariantInit

userenv

GetProfilesDirectoryA
UnloadUserProfile

ws2_32

WSCInstallProvider
WSCGetProviderPath
WSCEnumProtocols
WSACleanup
WSAStartup
WSCWriteProviderOrder
WSCDeinstallProvider

Exports

Exports

InitializeDumpWriter
WriteFullDump
WriteMiniDump
WriteTinyDump

Sections

.text
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21a41b6513fcbb5b4f384bf071263a0c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

16:e5:a7:75:12:03:00:fb:34:19:45:8b:40:d4:08:34Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4f:f1:21:00:d5:fc:6c:63:3d:37:43:c1:1d:74:a6:e5:6c:17:3b:efSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

userenv

ws2_32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 413KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 3.0MB - Virtual size: 3.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

16:e5:a7:75:12:03:00:fb:34:19:45:8b:40:d4:08:34
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:f1:21:00:d5:fc:6c:63:3d:37:43:c1:1d:74:a6:e5:6c:17:3b:ef
Signer

.text
Size: 416KB - Virtual size: 413KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 3.0MB - Virtual size: 3.1MB