2023-08-27_6a61fbee268fad9d7d02d772d4950f2d_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_6a61fbee268fad9d7d02d772d4950f2d_icedid_JC.exe
Size

2.3MB
MD5

6a61fbee268fad9d7d02d772d4950f2d
SHA1

26004f30d94703918397fe7690219b2a4abd4bd2
SHA256

36bb66bcacf30bab92d175cd48f1fa4f3913fc8a6c83b12ba6a034e4296157d7
SHA512

eb5d4dcd10eef23b404856315f1ae24c86678f95b8ea44c14621234992de6b317af4f766fc9affa14aeecb618120a2ca94f23381122340c25195057963e16ee3
SSDEEP

49152:tIJ+79z81KdSt43rbV3HQ5I9iTr/GhOJIRlRy/PEX:WM79z8167ba5t//GRlRy/PEX

Score

1^/10

Malware Config

Signatures

Files

2023-08-27_6a61fbee268fad9d7d02d772d4950f2d_icedid_JC.exe
.exe windows:4 windows x86

987a01a6b2352615bf5df7ff9f33044a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:6f:90:ff:51:1c:b6:5b:2c:80:6e:ff:d8:10:de:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/08/2015, 00:00

Not After

10/10/2018, 23:59

Subject

CN=Hangzhou Bianfeng Networking technology Co.\, Ltd.,OU=IT Dept.,O=Hangzhou Bianfeng Networking technology Co.\, Ltd.,L=HangZhou,ST=ZheJiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:77:36:77:e5:be:c8:95:43:8f:aa:66:f4:d7:01:28:28:4c:cc:5d
Signer

Actual PE Digest

10:77:36:77:e5:be:c8:95:43:8f:aa:66:f4:d7:01:28:28:4c:cc:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

ResetEvent
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateNamedPipeA
PostQueuedCompletionStatus
GetLocaleInfoW
GetProcessHeap
IsBadCodePtr
CreatePipe
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
HeapAlloc
HeapFree
LCMapStringW
LCMapStringA
GetFileType
SetStdHandle
GetDateFormatA
GetTimeFormatA
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
ExitThread
CreateThread
VirtualAlloc
HeapValidate
IsBadReadPtr
IsBadWritePtr
RtlUnwind
QueryPerformanceFrequency
QueryPerformanceCounter
WriteConsoleA
AllocConsole
GetStdHandle
FreeConsole
SetProcessWorkingSetSize
ExitProcess
GetLocalTime
FlushInstructionCache
CancelIo
GetOEMCP
GetCPInfo
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileA
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
SetErrorMode
GlobalAddAtomA
GetCurrentThread
GlobalDeleteAtom
ConnectNamedPipe
CreateEventA
SetEvent
GetExitCodeThread
TerminateThread
FormatMessageA
ExpandEnvironmentStringsA
GetSystemDirectoryA
SetLastError
SleepEx
ReleaseMutex
DebugBreak
GetModuleFileNameW
CreateProcessW
GetEnvironmentVariableA
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
VirtualProtect
WriteProcessMemory
lstrcpynA
IsDebuggerPresent
GetSystemTimeAsFileTime
GlobalMemoryStatus
VirtualQuery
FileTimeToDosDateTime
RaiseException
GetCurrentProcessId
lstrcatA
lstrcpyA
CreateDirectoryA
GetFileTime
lstrcmpiA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetCurrentDirectoryA
GetTickCount
LoadLibraryA
GetProcAddress
SetEnvironmentVariableA
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
MulDiv
LocalFree
GetFullPathNameA
FreeLibrary
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
FindNextFileA
GetFileAttributesA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
OpenMutexA
CreateMutexA
GetModuleFileNameA
CopyFileA
DeleteFileA
GetPrivateProfileIntA
GetCurrentThreadId
GetModuleHandleA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetFileSize
SetFilePointer
WriteFile
ReadFile
AreFileApisANSI
DeviceIoControl
CreateFileA
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GetVersion
GlobalAlloc
CreateFileMappingA
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchangeAdd
WinExec
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
WritePrivateProfileStringA
lstrlenW
GetExitCodeProcess
Sleep
GetPrivateProfileStringA
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
OpenFileMappingA
InterlockedExchange
GetACP
GetLocaleInfoA

user32

DestroyWindow
SetDlgItemTextA
GetProcessWindowStation
GetUserObjectInformationW
UpdateWindow
SetPropA
GetPropA
MessageBoxW
UnregisterClassA
CharUpperA
wsprintfA
wvsprintfA
EnumChildWindows
SetCapture
TrackMouseEvent
EqualRect
BeginPaint
EndPaint
UnionRect
IntersectRect
GetKeyState
GetClassInfoExA
InvalidateRect
CreateWindowExA
CallWindowProcA
MoveWindow
GetWindowRgn
DefWindowProcA
RegisterClassExA
DrawEdge
GetSysColor
WindowFromPoint
InflateRect
MapWindowPoints
LoadBitmapA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
EnableScrollBar
ShowScrollBar
SetScrollRange
GetScrollRange
GetScrollPos
SetScrollPos
GetScrollInfo
SetScrollInfo
GrayStringA
DrawTextExA
TabbedTextOutA
GetDC
IsRectEmpty
AdjustWindowRectEx
DrawTextA
OffsetRect
SetRect
FillRect
ClientToScreen
GetFocus
IsChild
IsZoomed
GetCursor
SetCursor
ReleaseCapture
PostQuitMessage
SystemParametersInfoA
PostMessageA
GetParent
IsWindowVisible
IsWindow
MonitorFromWindow
EnableWindow
GetCursorPos
MonitorFromPoint
GetMonitorInfoA
SetWindowRgn
SetLayeredWindowAttributes
KillTimer
SetTimer
ScreenToClient
GetClientRect
CopyRect
PtInRect
LoadImageA
SendMessageA
FindWindowA
MessageBoxA
IsIconic
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
UnhookWindowsHookEx
ReleaseDC
GetWindowDC
GetDlgItem
SendDlgItemMessageA
SetWindowTextA
GetDlgCtrlID
SetFocus
GetWindowTextA
GetWindowTextLengthA
GetWindow
GetWindowPlacement
RegisterClassA
GetClassInfoA
DeferWindowPos
GetMenu
TrackPopupMenu
ScrollWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
RemovePropA
GetClassNameA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
CopyAcceleratorTableA
InvalidateRgn
DrawIcon
GetSysColorBrush
GetMenuItemInfoA
DestroyMenu
TranslateAcceleratorA
SetMenu
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
LoadMenuA
CharNextA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
PostThreadMessageA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
SwitchToThisWindow
ShowWindow
GetWindowLongA
SetWindowLongA
CreateDialogParamA
GetWindowRect
GetSystemMetrics
SetWindowPos
LoadIconA
LoadCursorA
RedrawWindow

gdi32

SetDIBitsToDevice
GetGlyphOutlineA
GetTextColor
GetBkColor
GetMapMode
Ellipse
LPtoDP
CreateEllipticRgn
GetRgnBox
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetWindowExtEx
GetViewportExtEx
GetTextMetricsA
CombineRgn
ExtCreateRegion
GetClipRgn
SelectClipRgn
CreateRectRgn
PtInRegion
RoundRect
Rectangle
CreatePen
CreateFontA
CreateRectRgnIndirect
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
CreateCompatibleBitmap
StretchBlt
GetTextExtentPoint32A
GetDeviceCaps
SetTextColor
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
CreateFontIndirectA
SetBkMode
GetStockObject
CreateDIBSection
GetObjectA
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
SaveDC
RestoreDC
MoveToEx
LineTo
IntersectClipRect
SetMapMode
SetStretchBltMode

advapi32

RegisterEventSourceA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegSetValueA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ReportEventA
DeregisterEventSource

shell32

DragQueryFileA
DragFinish
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
SHChangeNotify

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
CoFreeUnusedLibraries
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

SysStringLen
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantChangeType
OleCreateFontIndirect
LoadTypeLi
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
VariantInit
SystemTimeToVariantTime
SafeArrayDestroy

msimg32

AlphaBlend
GradientFill
TransparentBlt

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ord17
ImageList_Draw

shlwapi

PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA

oledlg

ord8

gdiplus

GdiplusShutdown

winmm

timeGetTime
PlaySoundA

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyaddr
getservbyport
__WSAFDIsSet
htonl
getservbyname
select
getsockname
ntohs
bind
ioctlsocket
recv
closesocket
WSAStartup
WSACleanup
WSAGetLastError
inet_ntoa
gethostbyname
inet_addr
WSASetLastError
socket
connect
setsockopt
getpeername
getsockopt
gethostname
htons
ntohl
send

wininet

HttpOpenRequestA
InternetConnectA
FtpOpenFileA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
FtpSetCurrentDirectoryA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetOptionExA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

987a01a6b2352615bf5df7ff9f33044a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

0f:6f:90:ff:51:1c:b6:5b:2c:80:6e:ff:d8:10:de:ffCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

10:77:36:77:e5:be:c8:95:43:8f:aa:66:f4:d7:01:28:28:4c:cc:5dSigner

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

oledlg

gdiplus

winmm

iphlpapi

ws2_32

wininet

oleacc

winspool.drv

comdlg32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 296KB - Virtual size: 293KB

.data Size: 52KB - Virtual size: 87KB

.rsrc Size: 600KB - Virtual size: 596KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

0f:6f:90:ff:51:1c:b6:5b:2c:80:6e:ff:d8:10:de:ff
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

10:77:36:77:e5:be:c8:95:43:8f:aa:66:f4:d7:01:28:28:4c:cc:5d
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 296KB - Virtual size: 293KB

.data
Size: 52KB - Virtual size: 87KB

.rsrc
Size: 600KB - Virtual size: 596KB