2024-01-23_c948474817ca3e492c71d6d18a4af7ea_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-23_c948474817ca3e492c71d6d18a4af7ea_icedid
Size

8.3MB
MD5

c948474817ca3e492c71d6d18a4af7ea
SHA1

bddbbb4bd0719879eebd173f89384a35bca18dd1
SHA256

8244b10c44709054c710d0d532c6c79c9c066870aef4da6e385e6f13119d9342
SHA512

31a554962e303a165a9c1270231325dcfd7bd7aaaa900698c32529910212fc42054b3a92f1bb739706d1b02ef351d1c26d601b53ea0c1c6da5bf03c0a465c4b0
SSDEEP

49152:rf4Z26OIx9kaPtdiQIiPEtSig59Uyn/JTDVEmTDVEeJ:rCjp9kOtciPEwig59Uyn/BvVJ

Score

1^/10

Malware Config

Signatures

Files

2024-01-23_c948474817ca3e492c71d6d18a4af7ea_icedid
.exe windows:4 windows x86 arch:x86

4fe6f6bde971f84ae3230df14153dae9

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:47:17:2a:61:f5:95:f3:0a:48:ae:a7:68:8a:7f:a8
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/11/2008, 00:00

Not After

21/11/2011, 23:59

Subject

CN=inKline Global\, Inc.,O=inKline Global\, Inc.,POSTALCODE=89513,STREET=P.O. Box 5479,L=Reno,ST=NV,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:6c:43:9b:db:94:a0:4a:f2:60:d2:8e:0d:66:83:83:ba:1a:43:72
Signer

Actual PE Digest

71:6c:43:9b:db:94:a0:4a:f2:60:d2:8e:0d:66:83:83:ba:1a:43:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumConnectionsA

ws2_32

setsockopt
WSAStartup
inet_ntoa
select
sendto
closesocket
inet_addr
htons
recvfrom
gethostbyname
bind

kernel32

TerminateProcess
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
CreateThread
ExitThread
ExitProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapFree
HeapAlloc
GetCurrentDirectoryA
SetErrorMode
FindResourceExA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
InterlockedIncrement
GlobalFlags
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetShortPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpA
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
DeleteCriticalSection
InitializeCriticalSection
RaiseException
VirtualProtect
SuspendThread
SetThreadPriority
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
FreeResource
_lopen
_lread
_lclose
GlobalReAlloc
GetModuleHandleA
SetFilePointer
GetFileSize
CreateFileA
WriteFile
lstrcpyA
GetCurrentProcess
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
DeleteFileA
InterlockedDecrement
GetWindowsDirectoryA
lstrcpynA
QueryPerformanceCounter
GetTickCount
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventA
ResumeThread
SetEvent
CloseHandle
ResetEvent
MoveFileA
CreateMutexA
ReleaseMutex
GetCurrentProcessId
GlobalAlloc
GetFileAttributesA
CreateDirectoryA
WritePrivateProfileStringA
GetModuleFileNameA
CopyFileA
WaitForSingleObject
Sleep
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LCMapStringW

user32

InvalidateRgn
CopyAcceleratorTableA
GetSysColorBrush
WaitMessage
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
UnionRect
IsZoomed
SetCursorPos
WindowFromPoint
DestroyMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
DestroyCursor
IsRectEmpty
MapDialogRect
GetAsyncKeyState
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
CharNextA
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
GetNextDlgTabItem
EndDialog
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
PtInRect
ReleaseCapture
IsChild
CharUpperA
GetWindowRect
EnableWindow
PostMessageA
GetClientRect
LoadCursorA
GetDesktopWindow
FindWindowA
UpdateWindow
SetCapture
GetWindowRgn
SetWindowRgn
wsprintfA
SystemParametersInfoA
GetClassInfoA
GetMenuItemInfoA
DrawEdge
OffsetRect
ExitWindowsEx
GetCursorPos
GetMenuItemCount
EnableMenuItem
CheckMenuItem
AppendMenuA
CreatePopupMenu
SetRect
CopyRect
GetSysColor
FillRect
GetWindowTextA
MessageBoxA
SetParent
CreateMenu
GetTabbedTextExtentA
LockWindowUpdate
DeleteMenu
InvalidateRect
LoadMenuA
GetSubMenu
SetCursor
LoadImageA
GetSystemMetrics
IsIconic
DrawIcon
DrawMenuBar
GetMenu
RemoveMenu
RedrawWindow
PeekMessageA
ShowWindow
IsWindowEnabled
SetFocus
DestroyIcon
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
UnregisterClassA
SetTimer
KillTimer
PostThreadMessageA
FindWindowExA
IsWindowVisible
SendMessageA
keybd_event
SetForegroundWindow
EnumChildWindows
DispatchMessageA
TranslateMessage
GetMessageA
InflateRect
LoadIconA
SetWindowPos
IsWindow
LoadBitmapA
GetParent
ReleaseDC
GetDC
GetDCEx

gdi32

StartDocA
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
SelectPalette
CreatePen
CreateEllipticRgn
Ellipse
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateRectRgnIndirect
StretchDIBits
GetCharWidthA
SetRectRgn
EnumFontFamiliesExA
GetTextColor
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetWindowOrgEx
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
SelectClipRgn
DeleteObject
DeleteDC
BitBlt
DPtoLP
GetMapMode
CreateCompatibleBitmap
CreateBitmap
GetObjectA
SelectObject
CreateDIBSection
TextOutA
CreateCompatibleDC
CreateFontIndirectA
GetDeviceCaps
CreateFontA
StretchBlt
CreatePalette
Escape
ExtTextOutA
RectVisible
PtVisible
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetBkColor
GetViewportOrgEx
SetViewportOrgEx
GetStockObject
Rectangle
PtInRegion
CombineRgn
GetRgnBox
CreateRectRgn
OffsetRgn
SetROP2
RealizePalette
ExtFloodFill
FloodFill
PatBlt
CreatePatternBrush
GetPixel
SetPixel
GetTextMetricsA
GetTextExtentPoint32A
CreateSolidBrush
ExtCreateRegion

comdlg32

GetFileTitleA
PrintDlgA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
GetJobA
DocumentPropertiesA

advapi32

GetFileSecurityA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueA
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegCloseKey
SetFileSecurityA
RegOpenKeyA

shell32

ExtractIconA
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetFileInfoA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_LoadImageA
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
UrlUnescapeA
PathFindExtensionA

oledlg

ord8

ole32

CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

oleaut32

OleLoadPicture
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect

wsock32

WSAGetLastError
socket
WSAAsyncSelect
recv
send
connect
WSASetLastError
WSACleanup
accept

wininet

InternetHangUp
InternetConnectA
InternetCloseHandle
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetQueryOptionA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 892KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fe6f6bde971f84ae3230df14153dae9

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

79:47:17:2a:61:f5:95:f3:0a:48:ae:a7:68:8a:7f:a8Certificate

Extended Key Usages

Key Usages

71:6c:43:9b:db:94:a0:4a:f2:60:d2:8e:0d:66:83:83:ba:1a:43:72Signer

Headers

File Characteristics

Imports

rasapi32

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

wininet

version

Sections

.text Size: 892KB - Virtual size: 889KB

.rdata Size: 176KB - Virtual size: 174KB

.data Size: 44KB - Virtual size: 73KB

.rsrc Size: 7.2MB - Virtual size: 7.2MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

79:47:17:2a:61:f5:95:f3:0a:48:ae:a7:68:8a:7f:a8
Certificate

71:6c:43:9b:db:94:a0:4a:f2:60:d2:8e:0d:66:83:83:ba:1a:43:72
Signer

.text
Size: 892KB - Virtual size: 889KB

.rdata
Size: 176KB - Virtual size: 174KB

.data
Size: 44KB - Virtual size: 73KB

.rsrc
Size: 7.2MB - Virtual size: 7.2MB