2024-01-18_fd1ef4c9bf3fd746a0532606bf4456fb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_fd1ef4c9bf3fd746a0532606bf4456fb_icedid
Size

1.7MB
MD5

fd1ef4c9bf3fd746a0532606bf4456fb
SHA1

f79b897514a84234caba4252fc5f4825f8cadf18
SHA256

ed1ee019169e2a5bd6c14eb0e7249077cf38504fb2d9ee9dd81e351e4b76ce41
SHA512

f6bc6136f43ba3e88743190bc4dd2d9b2e19a7c2f753bb176b092c4416762e39cb0d6dc8d3ec1a4626af0468574fafb48fa97de9b86f1d719ea9d334ec079a41
SSDEEP

24576:3AwAJj7vYHeN0EmSvWsmpEAj5Ybkv76AqZdob0OAxrAwAJw:wWHXEmS+skn5KkvTqZCb4Uq

Score

1^/10

Malware Config

Signatures

Files

2024-01-18_fd1ef4c9bf3fd746a0532606bf4456fb_icedid
.exe windows:5 windows x86 arch:x86

1bbd019117f56d6f5ebe6cd191c95b97

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/09/2011, 00:00

Not After

01/09/2014, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:5a:5f:69:8f:dc:ad:e6:db:6a:7c:48:48:9a:5a:73:35:e3:10:46
Signer

Actual PE Digest

3f:5a:5f:69:8f:dc:ad:e6:db:6a:7c:48:48:9a:5a:73:35:e3:10:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

shlwapi

PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathFileExistsW
PathIsDirectoryW
PathCompactPathW
PathAppendW

nvimage

DestroyImageObject
CreateImageObject

d3d9

Direct3DCreate9

gdiplus

GdiplusShutdown
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode
GdipDrawImageRectI
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCloneBitmapAreaI
GdipCloneImage
GdiplusStartup

kernel32

GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
FreeResource
MoveFileA
DeleteFileA
GetStringTypeExA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
CreateFileA
GlobalFlags
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCPInfo
GetOEMCP
lstrcmpA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
LCMapStringW
SetHandleCount
FatalAppExitA
GetAtomNameA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
MultiByteToWideChar
MulDiv
lstrlenA
GetCurrentProcessId
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
LCMapStringA
SetConsoleCtrlHandler
WriteConsoleA
WideCharToMultiByte
FindResourceA
InterlockedDecrement
GetModuleFileNameW
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
SetLastError
lstrcmpiA
lstrcpynA
GetVersionExA
GetSystemTimeAsFileTime
LocalFree
FreeConsole
GetFileAttributesW
SizeofResource
GetSystemDirectoryW
AttachConsole
GetStdHandle
GetConsoleScreenBufferInfo
ReadConsoleOutputA
GetCommandLineW
FindFirstFileW
FindNextFileW
MoveFileW
ExpandEnvironmentStringsW
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
FindResourceExA
LoadResource
LockResource
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetProcAddress
LoadLibraryA
FindFirstFileA
FindClose
FreeLibrary
GetLastError
DisableThreadLibraryCalls
Sleep
GetConsoleOutputCP
WriteConsoleW
CreateFileW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetTickCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
RaiseException
GetConsoleMode
GetConsoleCP
CreateDirectoryA
ExitProcess
RtlUnwind
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CompareStringW
SetErrorMode
SetEnvironmentVariableA

user32

SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
CheckMenuItem
GetWindowTextLengthA
GetWindowTextA
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
ValidateRect
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
GetMenuItemCount
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnhookWindowsHookEx
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DestroyAcceleratorTable
FindWindowA
InvalidateRgn
LoadIconA
GetMenuStringW
GetCapture
GetKeyState
DestroyMenu
SetCapture
SendDlgItemMessageA
SendDlgItemMessageW
ChildWindowFromPoint
EnumDisplaySettingsExA
GetDlgItemTextW
GetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
GetMenu
EnableMenuItem
CreateDialogIndirectParamW
GetScrollInfo
GetWindowInfo
RemoveMenu
InsertMenuW
GetSubMenu
SendMessageW
EnumDisplayDevicesA
ShowWindow
EnableWindow
ScreenToClient
SetDlgItemInt
EndDialog
GetWindowTextW
SetWindowTextW
RegisterClassA
CreateWindowExA
SetFocus
DestroyWindow
UnregisterClassA
SetDlgItemTextW
SendMessageA
GetWindowLongA
CallWindowProcA
GetParent
GetDlgItem
GetSystemMetrics
DialogBoxIndirectParamW
LoadMenuIndirectW
MessageBoxW
DefWindowProcA
PostQuitMessage
ClientToScreen
TrackPopupMenu
BeginPaint
EndPaint
GetDC
ReleaseDC
FillRect
DrawTextA
CreatePopupMenu
InsertMenuA
InvalidateRect
PostMessageA
SetWindowLongA
GetForegroundWindow
SetCursorPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
GetClassInfoA
GetClassInfoExA
UpdateWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
LockWindowUpdate
GetDCEx
UnionRect
SetParent
ClipCursor
LoadCursorA
SetCursor
SetWindowPos
SetTimer
KillTimer
GetFocus
TranslateMessage
DispatchMessageA
PeekMessageA
GetAsyncKeyState
wsprintfW
GetWindowRect
GetCursorPos
GetCursorInfo
ShowCursor
GetClientRect
GetSystemMenu
IsRectEmpty
MapVirtualKeyA
GetKeyNameTextA
GetDialogBaseUnits
WindowFromPoint
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
ReleaseCapture
InsertMenuItemA
BringWindowToTop
CreateDialogIndirectParamA
GetNextDlgTabItem
DeleteMenu
ShowOwnedPopups
SetRectEmpty
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
GetMenuItemInfoA
InflateRect
GetDesktopWindow
CharUpperA
DestroyIcon
ScrollWindowEx
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDlgItemTextA
CheckRadioButton
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
SetScrollRange
GetScrollRange
SetMenu
SetScrollPos
GetDlgCtrlID

gdi32

RestoreDC
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SaveDC
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetCharWidthA
StretchDIBits
CreateCompatibleBitmap
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetBkColor
GetTextMetricsA
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
GetObjectA
SetBkColor
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
GetTextExtentPoint32W
CreateBitmap
Rectangle
GetStockObject
SetTextColor
CreateFontA
SelectObject
SetViewportExtEx
DeleteObject
SetBkMode

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetOpenFileNameW
GetFileTitleA

advapi32

RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegCreateKeyA
RegCreateKeyExA
RegSetValueA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

CommandLineToArgvW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetDesktopFolder
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileA
SHGetFileInfoA
ExtractIconA

ole32

StringFromGUID2
CoDisconnectObject
CoInitialize
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
CoCreateInstance
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoUninitialize
OleRegGetUserType
CLSIDFromString
CoInitializeEx

oleaut32

LoadTypeLi
SysAllocStringByteLen
SysStringLen
RegisterTypeLi
SysStringByteLen
VariantChangeType
VariantInit
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
LoadRegTypeLi
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

Sections

.text
Size: 937KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bbd019117f56d6f5ebe6cd191c95b97

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3f:5a:5f:69:8f:dc:ad:e6:db:6a:7c:48:48:9a:5a:73:35:e3:10:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

shlwapi

nvimage

d3d9

gdiplus

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

oleacc

Sections

.text Size: 937KB - Virtual size: 937KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 14KB - Virtual size: 168KB

.rsrc Size: 657KB - Virtual size: 657KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3f:5a:5f:69:8f:dc:ad:e6:db:6a:7c:48:48:9a:5a:73:35:e3:10:46
Signer

.text
Size: 937KB - Virtual size: 937KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 14KB - Virtual size: 168KB

.rsrc
Size: 657KB - Virtual size: 657KB