2023-08-25_97f914969d9f99ffea62c93ae31ebb90_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-25_97f914969d9f99ffea62c93ae31ebb90_icedid_JC.exe
Size

3.5MB
MD5

97f914969d9f99ffea62c93ae31ebb90
SHA1

e8978b0d031232f6b81f3cf82f6db25c499199f0
SHA256

b43cfe70fbe4b99810e428f80bda0ccb1d185a0e6162ae1870d637c3c8db2232
SHA512

02e52763b68c4379e76a04923c147de4f3daa9b73ae3b6b9702ece91309a5cf4c595386f7abaae03a992f70182939e679c0cb3da387baeb323ebde997316d45b
SSDEEP

49152:CG9K4hWxnZFbvCrm3aydfAQ+ENDbdkth7YI2:HE4hWfFbvJWbYJ

Score

1^/10

Malware Config

Signatures

Files

2023-08-25_97f914969d9f99ffea62c93ae31ebb90_icedid_JC.exe
.exe windows:5 windows x86

d04389e9f14c6a172ec21b00746544a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:a8:8d:54:fd:ca:88:1c:e6:23:43:ee:a9:49:cf:2a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/12/2015, 00:00

Not After

03/03/2018, 23:59

Subject

CN=Beijing VRV Software Corporation Limited.,OU=VDP,O=Beijing VRV Software Corporation Limited.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:90:b2:4e:a9:36:16:7a:b4:87:ac:bf:3c:c5:fb:f8
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/05/2017, 00:00

Not After

01/05/2020, 23:59

Subject

SERIALNUMBER=91110000101967333M,CN=Beijing VRV Software Corporation Limited.,O=Beijing VRV Software Corporation Limited.,L=Beijing,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:4e:b8:b5:ee:ca:c1:ac:5c:c7:15:46:1c:56:75:8e:25:b6:2f:0c:87:01:32:9b:df:ce:fe:07:9b:c3:8a:d5
Signer

Actual PE Digest

bb:4e:b8:b5:ee:ca:c1:ac:5c:c7:15:46:1c:56:75:8e:25:b6:2f:0c:87:01:32:9b:df:ce:fe:07:9b:c3:8a:d5

Digest Algorithm

sha256

PE Digest Matches

false

42:6f:4b:0d:bd:ab:c8:02:f1:bb:3f:e8:bc:81:21:76:5f:e1:e4:91
Signer

Actual PE Digest

42:6f:4b:0d:bd:ab:c8:02:f1:bb:3f:e8:bc:81:21:76:5f:e1:e4:91

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

kernel32

LockFile
UnlockFile
GetFullPathNameA
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
RtlUnwind
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
HeapCreate
VirtualFree
GetStdHandle
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetThreadLocale
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
MulDiv
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GlobalLock
GlobalUnlock
GetExitCodeThread
GetExitCodeProcess
SetEvent
OpenEventA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
CreateEventA
QueryDosDeviceA
ConnectNamedPipe
DisconnectNamedPipe
LocalAlloc
CreateNamedPipeA
GetPrivateProfileIntA
FindNextFileA
GetVersion
SetLastError
FormatMessageA
WaitForSingleObject
TerminateProcess
IsBadReadPtr
DeviceIoControl
GlobalAlloc
GlobalFree
ProcessIdToSessionId
CreateMutexA
ReleaseMutex
GetCurrentProcessId
GetSystemDefaultLCID
VirtualQuery
MultiByteToWideChar
MoveFileExA
FindFirstFileA
FindClose
FileTimeToSystemTime
GetFileAttributesA
FlushFileBuffers
GetDiskFreeSpaceExA
ExitProcess
GetTickCount
CreateThread
LocalFree
GetDriveTypeA
SetEndOfFile
WriteFile
FreeResource
GetFileSize
GetLocalTime
Sleep
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
WritePrivateProfileStringA
GetVersionExA
Beep
ReadFile
SetFilePointer
DeleteFileA
CreateFileA
GetVolumeInformationA
SetVolumeLabelA
GetPrivateProfileStringA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
CreateProcessA
GetLastError
OpenProcess
GetModuleFileNameA
CloseHandle
OutputDebugStringA
LoadLibraryA
GetProcAddress
QueryDosDeviceW
FreeLibrary
LCMapStringW

user32

CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
UnregisterClassA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
CallNextHookEx
IsRectEmpty
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
RegisterClipboardFormatA
IsWindowVisible
UpdateWindow
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetActiveWindow
CreateDialogIndirectParamA
PostThreadMessageA
GetClassLongA
SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
EnableWindow
GetWindowRect
GetClientRect
SendMessageA
LoadBitmapA
GetSystemMetrics
SystemParametersInfoA
MessageBoxA
SendMessageTimeoutA
LoadIconA
SetWindowLongA
GetWindowLongA
AppendMenuA
GetSystemMenu
DrawIcon
IsIconic
InvalidateRect
SetCursor
LoadCursorA
GetClassNameA
RedrawWindow
PostMessageA
EnumWindows
EnumChildWindows
GetWindowTextA
RegisterWindowMessageA
wsprintfA
IsWindow
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
GetMenuItemID
GetSubMenu
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
LoadMenuA
SetWindowTextA

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateRectRgnIndirect
GetDeviceCaps
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
Escape
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateCompatibleDC
GetObjectA
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
BitBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontA
GetStockObject
StretchBlt
SelectObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenSCManagerA
RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
AllocateAndInitializeSid
GetAclInformation
GetAce
EqualSid
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetFileInfoA
ShellExecuteExA
ord680
Shell_NotifyIconA
SHChangeNotify

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoCreateGuid
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
CM_Request_Device_EjectW
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA

ws2_32

connect
__WSAFDIsSet
recv
ioctlsocket
htons
inet_addr
select
send
socket
closesocket

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d04389e9f14c6a172ec21b00746544a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5b:a8:8d:54:fd:ca:88:1c:e6:23:43:ee:a9:49:cf:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

53:90:b2:4e:a9:36:16:7a:b4:87:ac:bf:3c:c5:fb:f8Certificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

bb:4e:b8:b5:ee:ca:c1:ac:5c:c7:15:46:1c:56:75:8e:25:b6:2f:0c:87:01:32:9b:df:ce:fe:07:9b:c3:8a:d5Signer

42:6f:4b:0d:bd:ab:c8:02:f1:bb:3f:e8:bc:81:21:76:5f:e1:e4:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

setupapi

ws2_32

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 13KB - Virtual size: 46KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5b:a8:8d:54:fd:ca:88:1c:e6:23:43:ee:a9:49:cf:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

53:90:b2:4e:a9:36:16:7a:b4:87:ac:bf:3c:c5:fb:f8
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

bb:4e:b8:b5:ee:ca:c1:ac:5c:c7:15:46:1c:56:75:8e:25:b6:2f:0c:87:01:32:9b:df:ce:fe:07:9b:c3:8a:d5
Signer

42:6f:4b:0d:bd:ab:c8:02:f1:bb:3f:e8:bc:81:21:76:5f:e1:e4:91
Signer

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 13KB - Virtual size: 46KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB