2023-08-23_097b80f5f8dcff41f00d04095c370da2_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-23_097b80f5f8dcff41f00d04095c370da2_icedid_JC.exe
Size

949KB
MD5

097b80f5f8dcff41f00d04095c370da2
SHA1

af21c111da34da5686b4f479d07890b8adf58b77
SHA256

4e449213cc10bc6b7059081d61d20cdc4f4325223b59f4d77871b70ce558631c
SHA512

10911d5f580385ea7090621e4b4e0215d5f21f0b834f2f660c899f28b043f2d930621060e4ed25f978a651daacb6bf8ee27b5bf8b74aca2646e2973a1cccf1a8
SSDEEP

6144:yUsBrtF1RUVevGXdfp4H8Z2l4LNOgNpBPVs1Dwr3eV9z6Tk6kD55JwOVkPEG/8jl:yFBBFbaevGXdfpg8FpBPZku/8SW5

Score

1^/10

Malware Config

Signatures

Files

2023-08-23_097b80f5f8dcff41f00d04095c370da2_icedid_JC.exe
.exe windows x86

4ecb3973993c9a4887919a54a6e8c9bd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/04/2006, 00:00

Not After

22/06/2009, 23:59

Subject

CN=Nero AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LEGAL DEPARTMENT,O=Nero AG,L=Karlsbad,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:ba:ea:85:fb:f9:05:48:8b:a9:30:ba:68:71:0f:b4:ca:61:ae:32
Signer

Actual PE Digest

86:ba:ea:85:fb:f9:05:48:8b:a9:30:ba:68:71:0f:b4:ca:61:ae:32

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
GlobalFlags
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
VirtualProtect
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GetModuleHandleA
GetCommandLineA
GetFileTime
CreateFileA
GetCurrentProcess
CloseHandle
WaitForSingleObject
SetFileAttributesA
CreateDirectoryA
SetLastError
FindClose
FindFirstFileA
GetUserDefaultLCID
FreeResource
lstrcatA
WinExec
GetWindowsDirectoryA
lstrcpyA
IsBadReadPtr
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
FreeLibrary
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersion
GetVersionExA
DeleteCriticalSection
CompareStringA
GetThreadLocale
lstrcmpiA
GetLastError
InterlockedExchange
RaiseException
lstrlenW
MultiByteToWideChar
GetACP
CompareStringW
WideCharToMultiByte
InitializeCriticalSection
GetLocaleInfoA
lstrlenA
VirtualFree

user32

DestroyMenu
wsprintfA
WindowFromPoint
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MoveWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
CallWindowProcA
SetWindowPos
IsIconic
GetWindowPlacement
CopyRect
GetLastActivePopup
UnhookWindowsHookEx
SetWindowsHookExA
GetActiveWindow
PeekMessageA
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconA
DispatchMessageA
TranslateMessage
GetWindowTextLengthA
GetMessageA
UpdateWindow
ShowWindow
DefWindowProcA
PostQuitMessage
SetForegroundWindow
SetFocus
CreateWindowExA
GetClassInfoExA
FindWindowA
GetTopWindow
RegisterWindowMessageA
SetWindowTextA
GetDlgCtrlID
GetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowEnabled
IsDialogMessageA
IsWindowVisible
MapDialogRect
GetWindow
KillTimer
GetCursorPos
SetWindowLongA
SetTimer
MessageBeep
GetDesktopWindow
CopyIcon
DrawTextA
DrawFocusRect
DestroyCursor
SetCursor
RedrawWindow
GetWindowRect
InflateRect
SetRectEmpty
PtInRect
MessageBoxA
GetKeyState
WinHelpA
GetParent
GetFocus
ScreenToClient
PostMessageA
SendMessageA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
EnableWindow
ReleaseCapture
GetSysColorBrush
LoadCursorA
IsWindow
DestroyWindow
SetCapture
InvalidateRect
ReleaseDC
GetDC
GetClientRect
OffsetRect
CharUpperA
UnregisterClassA
CallNextHookEx

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateFontIndirectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPointA
SetTextJustification
TextOutA
GetStockObject
GetObjectA
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsDirectoryA
PathIsUNCA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 680KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ecb3973993c9a4887919a54a6e8c9bd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34Certificate

Extended Key Usages

Key Usages

86:ba:ea:85:fb:f9:05:48:8b:a9:30:ba:68:71:0f:b4:ca:61:ae:32Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

Sections

.text Size: 192KB - Virtual size: 190KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 680KB - Virtual size: 756KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:6a:d4:4a:46:42:fb:73:94:2c:a2:b9:2d:eb:3d:34
Certificate

86:ba:ea:85:fb:f9:05:48:8b:a9:30:ba:68:71:0f:b4:ca:61:ae:32
Signer

.text
Size: 192KB - Virtual size: 190KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 680KB - Virtual size: 756KB