2024-01-01_4a777c14916cc55d89cc3e7299091f2a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-01_4a777c14916cc55d89cc3e7299091f2a_icedid
Size

496KB
MD5

4a777c14916cc55d89cc3e7299091f2a
SHA1

e704267e1f0cc5d2d24e852a40a928c44a997111
SHA256

d6eac7cfd4e111e8c2d80970708b17fb285364eba93cdfd4360e15c64ff0e58e
SHA512

96fcea45012beb818ca09aa95621cc669f00f9d1682305124bec146c08a0321838ed19ecd157fbe1d13856f2efad9ad494244d72d5df08e596fb2423864e9375
SSDEEP

6144:543m1nZ9Hz6i7Qp17TOk2mPk6rASAqtTUMPjlaEhovfZ36ZRtpC:543m1nZhz64Q77TOkF8JqNHjS36ftpC

Score

1^/10

Malware Config

Signatures

Files

2024-01-01_4a777c14916cc55d89cc3e7299091f2a_icedid
.exe windows:4 windows x86 arch:x86

58d44f094a9687766ff4dea959f7d93a

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6a
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

26/10/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:1e:cf:e3:5d:5b:6c:ce:65:6d:65:e0:e8:63:ba:0f:57:f0:94:b6
Signer

Actual PE Digest

5f:1e:cf:e3:5d:5b:6c:ce:65:6d:65:e0:e8:63:ba:0f:57:f0:94:b6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadWritePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryW
GetFileTime
GetFileAttributesW
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetModuleHandleW
GetVersionExA
WideCharToMultiByte
MulDiv
lstrcpyW
lstrlenW
GlobalLock
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
GetLastError
GetTempPathW
GetModuleFileNameW
CopyFileW
Sleep
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
MoveFileExW
WaitForSingleObject
GetExitCodeProcess
DeleteFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTickCount
GlobalFree
GlobalAlloc
SetLastError
MultiByteToWideChar
GetSystemDirectoryW
GetVolumeInformationW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
DeviceIoControl
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetWindowsDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateProcessW
CloseHandle
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
DestroyMenu
LoadCursorW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
wsprintfW
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
IsWindow
IsChild
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
MessageBoxW
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetWindowTextLengthW
GetWindowTextW
GetFocus
GetParent
PostThreadMessageW
RegisterClipboardFormatW
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
GetWindowLongW
IsDialogMessageW
GetClassInfoExW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ExitWindowsEx
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
DrawIcon
FindWindowW
PostMessageW
EnableWindow
SendMessageW
GetForegroundWindow

gdi32

TextOutW
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateFontW
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateSolidBrush
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegQueryValueExW
RegEnumKeyW
RegCloseKey
RegCreateKeyExW
RegQueryValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

comctl32

ord17

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58d44f094a9687766ff4dea959f7d93a

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6aCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

5f:1e:cf:e3:5d:5b:6c:ce:65:6d:65:e0:e8:63:ba:0f:57:f0:94:b6Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 212KB - Virtual size: 208KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 176KB - Virtual size: 174KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6a
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

5f:1e:cf:e3:5d:5b:6c:ce:65:6d:65:e0:e8:63:ba:0f:57:f0:94:b6
Signer

.text
Size: 212KB - Virtual size: 208KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 176KB - Virtual size: 174KB