NEAS[.]2023-09-27_011c36f54df7048e30aba7ec69068279_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-27_011c36f54df7048e30aba7ec69068279_icedid_JC.exe
Size

303KB
MD5

011c36f54df7048e30aba7ec69068279
SHA1

910374e76d928bc1e4576e738efa801f09d2327c
SHA256

43cda18d6ec94abbb1d760d81a8e3d31c01ed86fba5f4df99f45f8e1a2772e65
SHA512

1a13cbfcfc77c723e15d868c21187ffffc0cd589dc3d55ca519e92c7fc8370a7f095b0ec23ad0a039175378ec5c04f2d18c006a87f3e4371e3195616a6e2031b
SSDEEP

6144:fouUG1GYyDIxvrHvdgWc1zQfDtZAD6V+5HEPFIAov6/:fovmGYo+vrAQfAD6VOEPFFx/

Score

1^/10

Malware Config

Signatures

Files

NEAS.2023-09-27_011c36f54df7048e30aba7ec69068279_icedid_JC.exe
.exe windows:4 windows x86

4e2666088687c235c86fdf7d18dd6acb

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:d9:c9:2a:76:5e:cd
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

26/12/2012, 05:33

Not After

29/12/2014, 13:59

Subject

CN=金华长风信息技术有限公司,O=金华长风信息技术有限公司,L=金华市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c156d696e676d696e674031376775616775612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:63:2b:64:54:ea:1a:a8:35:c8:7c:f9:47:3b:09:8f:6a:27:3e:48
Signer

Actual PE Digest

b9:63:2b:64:54:ea:1a:a8:35:c8:7c:f9:47:3b:09:8f:6a:27:3e:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapFree
TerminateProcess
ExitProcess
RtlUnwind
GetStartupInfoW
GetTickCount
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
lstrcmpiW
WritePrivateProfileStringW
InterlockedDecrement
GlobalFindAtomW
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
GetLastError
SetLastError
MulDiv
FormatMessageW
lstrcpynW
LocalFree
GlobalFree
GlobalAddAtomW
lstrlenW
GetCurrentThread
GetCurrentThreadId
lstrcmpW
FreeLibrary
GlobalDeleteAtom
WideCharToMultiByte
GetModuleFileNameW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
GetModuleHandleW
GetProcAddress
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
GetCurrentProcessId
CloseHandle

user32

PostThreadMessageW
DestroyMenu
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
CharUpperW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
wsprintfW
GetDesktopWindow
ReleaseCapture
LoadCursorW
SetCapture
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SetFocus
IsChild
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
MessageBoxW
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
CreateDialogIndirectParamW
SetWindowPos
GetDlgItem
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
EndDialog
SendDlgItemMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
EnableWindow
PostMessageW
PtInRect
GetDC
UpdateLayeredWindow
ReleaseDC
GetWindowThreadProcessId
SendMessageW
FindWindowW
FindWindowExW
GetWindow
ClientToScreen
OffsetRect
IsWindow
GetMessageW
TranslateMessage
DispatchMessageW
SetActiveWindow

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
DeleteDC
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
RectVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

comctl32

InitCommonControlsEx
ord17

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromProgID
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
OleUninitialize

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString

gdiplus

GdipDrawImageRectRect
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDeleteGraphics
GdipCloneImage
GdipDisposeImage

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e2666088687c235c86fdf7d18dd6acb

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

05:d9:c9:2a:76:5e:cdCertificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

b9:63:2b:64:54:ea:1a:a8:35:c8:7c:f9:47:3b:09:8f:6a:27:3e:48Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 84KB - Virtual size: 81KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:9d:f8:8e
Certificate

05:d9:c9:2a:76:5e:cd
Certificate

3d
Certificate

b9:63:2b:64:54:ea:1a:a8:35:c8:7c:f9:47:3b:09:8f:6a:27:3e:48
Signer

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 84KB - Virtual size: 81KB