2024-01-23_adaf6633417d6fe5896988c0eef33a64_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_adaf6633417d6fe5896988c0eef33a64_icedid
Size

5.2MB
MD5

adaf6633417d6fe5896988c0eef33a64
SHA1

8eaf0bb45ba3aabdb923955e42a11a2f6b599e91
SHA256

52b9d4aa869666906c742480ede8712f832649bb13e7d7fbb141cd417a6a2667
SHA512

9431229651cb5ed3ca82819e283b8c8a45d5c3a5050245c38906f718289c382894d26d47d274b4549a93c2f7c84dc5a828361082e165cba3cdca4432d679ade2
SSDEEP

49152:jjkI3tS/F9W0DBHzyDCRtXOZDvhvKX8hLnW4cnCbntKrZuz5C5P64QEgCgEx:1k9W0DpzRRtXOZDpyWLWebntKgdC5P9

Score

1^/10

Malware Config

Signatures

Files

2024-01-23_adaf6633417d6fe5896988c0eef33a64_icedid
.exe windows:5 windows x86 arch:x86

c66e976262f2857b6d7a62415a4f8556

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:3a:7b:2c:2b:a0:d5:86:6c:f8:35:52:01:83:01:61
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

13/10/2016, 00:00

Not After

12/12/2018, 23:59

Subject

CN=TBENM Co.\, Ltd.,O=TBENM Co.\, Ltd.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:06:76:51:ed:6f:8d:58:ef:d7:6e:24:46:87:1d:04:ba:32:53:f7
Signer

Actual PE Digest

71:06:76:51:ed:6f:8d:58:ef:d7:6e:24:46:87:1d:04:ba:32:53:f7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A

netdrive

InsertPortData
DeleteIpData
InsertIpData
StopPMEngine
StartPMEngine
SnSPMBaseClose
SnSSetLibraryMode
SnSPMBaseCreateEx

advapi32

RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegQueryValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
ChangeServiceConfigA
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
RegEnumKeyA
RegConnectRegistryA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

wininet

InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetReadFile
InternetWriteFile
InternetFindNextFileA
InternetConnectA
InternetSetOptionA
InternetGetLastResponseInfoA
InternetSetStatusCallback
FtpFindFirstFileA
FtpDeleteFileA
FtpRenameFileA
FtpOpenFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpCommandA
FtpGetFileSize
InternetOpenUrlA
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenW
InternetOpenUrlW
DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

ndapi

NetDriveShutdown
MountDrive
SetServiceAutostart
SetDriveWriteProtected
NetDriveStartup

ccdn

_Seeding
_GetTrafficInfo
_GetGauranteeSpeed
_SetDownloadInfo
_GetStartPos
_StopDownload
_StartDownload
_Init_Download
_ReceiveSize
_Speed
_UnInit
_Status

kernel32

SuspendThread
ResumeThread
GetEnvironmentVariableA
GetCurrentDirectoryA
GlobalSize
CopyFileA
FlushFileBuffers
GetFullPathNameA
LockFile
UnlockFile
DuplicateHandle
SetUnhandledExceptionFilter
lstrcmpiA
MoveFileA
GetThreadLocale
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
GetFileTime
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
LoadLibraryExW
GlobalDeleteAtom
FindResourceA
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
lstrcmpA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetOEMCP
GetCPInfo
GetACP
GetWindowsDirectoryA
GetTempFileNameA
VerSetConditionMask
VerifyVersionInfoA
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExW
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
CreateThread
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SetStdHandle
GetFileType
HeapQueryInformation
UnhandledExceptionFilter
GetStartupInfoW
IsValidCodePage
GetStdHandle
FindFirstFileExW
FindNextFileW
CreateFileW
GetConsoleMode
ReadConsoleW
GetFileAttributesExW
GetStringTypeW
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
LCMapStringW
GetThreadContext
OutputDebugStringW
WriteConsoleW
GetCurrentDirectoryW
SetEnvironmentVariableA
GetCurrentProcessId
VirtualQuery
FormatMessageA
CreateDirectoryW
GetModuleFileNameW
LoadLibraryW
lstrlenW
lstrcpyW
lstrcpynW
GetNumberFormatA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetPrivateProfileIntA
GetCommandLineA
lstrcmpW
ReadFile
GetFileSize
LocalFree
LocalAlloc
GetVersionExA
GetModuleHandleA
GetCurrentProcess
SetThreadPriority
GetConsoleCP
lstrcpynA
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
HeapCreate
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
FindNextFileA
FindFirstFileA
DeleteFileA
GetLocalTime
FindClose
WriteFile
TryEnterCriticalSection
lstrcpyA
OutputDebugStringA
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
TerminateProcess
CreateMutexA
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTempPathA
lstrlenA
CreateEventA
GetTickCount
FileTimeToSystemTime
SetEvent
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetCommandLineW
GetModuleFileNameA
LoadLibraryA
CloseHandle
SetFilePointer
SetEndOfFile
WaitForSingleObject
GetCurrentThread
CreateRemoteThread
OpenProcess
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DecodePointer
ReadProcessMemory
SetLastError
SetErrorMode
GetModuleHandleW

user32

TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
PostThreadMessageA
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawEdge
DrawFrameControl
UnionRect
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
LoadMenuW
GetComboBoxInfo
IsZoomed
GetSystemMenu
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
SetParent
LoadAcceleratorsW
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetCursorPos
LockWindowUpdate
SetClassLongA
GetDoubleClickTime
CopyIcon
ModifyMenuA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetWindowRgn
DrawIcon
CheckDlgButton
MoveWindow
IntersectRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
WaitMessage
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
IsWindowEnabled
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongA
EqualRect
MapWindowPoints
LoadAcceleratorsA
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
SetMenu
GetMenu
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExA
GetClassInfoExA
RegisterClassA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
CharUpperA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
EnumWindows
EnumChildWindows
SendMessageTimeoutA
LoadIconW
FindWindowExA
FindWindowA
GetKeyState
ReplyMessage
ExitWindowsEx
IsWindowVisible
GetClassNameA
GetWindowTextA
FillRect
DrawFocusRect
GetFocus
LoadCursorA
SetWindowRgn
LoadBitmapW
GetWindowLongA
SetRect
GetDC
GetActiveWindow
GetParent
SetWindowLongA
GetWindowRect
IsWindow
CallWindowProcA
SetCursor
RedrawWindow
UpdateWindow
KillTimer
SetTimer
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
DestroyIcon
PtInRect
OffsetRect
InflateRect
CopyRect
GetSysColor
WindowFromPoint
ClientToScreen
GetClientRect
InvalidateRect
GetSystemMetrics
EnableWindow
ReleaseCapture
SetCapture
GetCapture
LoadIconA
GetCursorPos
SetForegroundWindow
SetMenuDefaultItem
TrackPopupMenu
AppendMenuA
DestroyMenu
CreatePopupMenu
ShowWindow
DestroyWindow
PostMessageA
BringWindowToTop
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
RegisterClipboardFormatA
GetMenuDefaultItem
SetRectEmpty
GetNextDlgGroupItem
IsRectEmpty
InvalidateRgn
CopyAcceleratorTableA
IsIconic
DeleteMenu
wsprintfA
MessageBoxA
GetClassInfoA
IsClipboardFormatAvailable
RealChildWindowFromPoint
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
GetSysColorBrush
CharNextA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
ScreenToClient
SetWindowTextA
RegisterWindowMessageA
SendMessageA
UnregisterClassA
SendDlgItemMessageA
GetWindowTextLengthA
GetSubMenu

gdi32

GetMapMode
SelectObject
SetBkColor
SetMapMode
StretchBlt
DPtoLP
CombineRgn
ExtCreateRegion
CreateDIBSection
CreatePen
CreateRectRgnIndirect
GetDeviceCaps
SetRectRgn
CreateRectRgn
CopyMetaFileA
CreateDCA
SetTextColor
CreateHatchBrush
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
DeleteDC
CreateCompatibleDC
SetTextAlign
CreateCompatibleBitmap
CreateBitmap
BitBlt
GetObjectA
SetROP2
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
PatBlt
GetLayout
GetBkColor
GetTextColor
GetTextMetricsA
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExA
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
SetLayout
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
Rectangle
GetTextExtentPoint32A
RestoreDC
RectVisible
PtVisible
SetPolyFillMode

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shell32

DragFinish
ShellExecuteA
Shell_NotifyIconA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHAppBarMessage
CommandLineToArgvW
DragQueryFileA
SHGetSpecialFolderLocation

comctl32

ord17
ImageList_Draw

shlwapi

StrFormatByteSize64A
PathGetArgsA
PathRemoveFileSpecA
PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeParentBackground

ole32

OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
RevokeDragDrop
RegisterDragDrop
CoTaskMemAlloc
CoLockObjectExternal
OleGetClipboard
IsAccelerator
CoTaskMemFree
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
DoDragDrop
CoInitialize
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
OleCreateFontIndirect
VarBstrFromDate
LoadTypeLi
SysAllocString
SysAllocStringByteLen
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysFreeString
VariantCopy
SystemTimeToVariantTime
SysAllocStringLen

oledlg

ord8

ws2_32

gethostbyaddr
send
select
recvfrom
recv
listen
getsockname
getpeername
htonl
connect
bind
accept
__WSAFDIsSet
gethostname
gethostbyname
socket
sendto
inet_ntoa
WSAWaitForMultipleEvents
ntohs
WSASetLastError
ioctlsocket
WSASocketA
WSASend
WSARecv
WSAConnect
WSAGetLastError
WSACleanup
WSAStartup
setsockopt
inet_addr
htons
closesocket

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA

oleacc

AccessibleObjectFromWindow
LresultFromObject
ObjectFromLresult
CreateStdAccessibleObject

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c66e976262f2857b6d7a62415a4f8556

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

01:3a:7b:2c:2b:a0:d5:86:6c:f8:35:52:01:83:01:61Certificate

Extended Key Usages

Key Usages

71:06:76:51:ed:6f:8d:58:ef:d7:6e:24:46:87:1d:04:ba:32:53:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

mpr

netdrive

advapi32

psapi

wininet

urlmon

ndapi

ccdn

kernel32

user32

gdi32

msimg32

winspool.drv

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

version

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 449KB - Virtual size: 449KB

.data Size: 48KB - Virtual size: 78KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

01:3a:7b:2c:2b:a0:d5:86:6c:f8:35:52:01:83:01:61
Certificate

71:06:76:51:ed:6f:8d:58:ef:d7:6e:24:46:87:1d:04:ba:32:53:f7
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 449KB - Virtual size: 449KB

.data
Size: 48KB - Virtual size: 78KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB