2024-01-24_b195c18a5acae6104f30d005922abdc2_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_b195c18a5acae6104f30d005922abdc2_icedid
Size

2.1MB
MD5

b195c18a5acae6104f30d005922abdc2
SHA1

8da2554663b3f781169bfc96a0a47865f771cf53
SHA256

726b86796f551ab8e9674ec5225583a57698076c13a5d1db5d16963fd3c6768d
SHA512

87cf351e588f77ef6d39de132e7be160be42246ed51fa11bf22207d492f9804ccc12cea9d711443c142c0205e80ab70755ea5d45fa4a6838b1894a44f9ba847e
SSDEEP

24576:f9dQnU/QUHThK5UQ/ijoeXoBX4yzAx0TxS7nj1Xrj1diR2vEAxgrxo:f7Q7UNKd/ij/3yzAaxSzjljKsgrq

Score

1^/10

Malware Config

Signatures

Files

2024-01-24_b195c18a5acae6104f30d005922abdc2_icedid
.exe windows:6 windows x86 arch:x86

8086001809a1093b90b07d498a9f60c2

Code Sign

0c:e5:82:64:22:8b:18:6b:aa:4d:e7:a2:3f:8d:f9:a6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/05/2020, 00:00

Not After

08/05/2021, 23:59

Subject

CN=Ivica Nikolic,O=Ivica Nikolic,POSTALCODE=D15WYR8,STREET=1 Barnwell Square North,L=Dublin,ST=Dublin,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:31:c0:1c:cc:31:bc:3e:14:21:59:18:5e:01:5d:21:5c:e0:11:31:a1:dc:9d:f8:16:f6:4b:d3:bc:bc:5a:48
Signer

Actual PE Digest

9a:31:c0:1c:cc:31:bc:3e:14:21:59:18:5e:01:5d:21:5c:e0:11:31:a1:dc:9d:f8:16:f6:4b:d3:bc:bc:5a:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oledlg

OleUIBusyW

usp10

ScriptStringAnalyse
ScriptString_pSize
ScriptStringOut
ScriptStringFree

kernel32

GetStringTypeExW
GetThreadLocale
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalAlloc
LocalReAlloc
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
SetErrorMode
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleCP
LCMapStringW
ReadConsoleW
GetConsoleMode
GetStringTypeW
GetFileType
GetStdHandle
WriteFile
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlUnwind
OutputDebugStringW
SetStdHandle
SetEnvironmentVariableA
CreateMutexW
GetLastError
GetTickCount
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentProcessId
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
GlobalLock
GlobalUnlock
MultiByteToWideChar
GlobalAlloc
GlobalSize
ExitProcess
DeleteFileW
GetFileAttributesW
GetModuleFileNameW
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
OpenProcess
GetProcessTimes
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetCurrentProcess
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetFullPathNameW
GetFileTime
GetDiskFreeSpaceW
GlobalReAlloc
GetProfileIntW
ResumeThread
lstrcmpiW
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GlobalGetAtomNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetCurrentThread
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetCurrentThreadId
EncodePointer
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
GetLocaleInfoW
EnumSystemLocalesW
GetSystemTime
GetModuleHandleW
FreeResource
MoveFileW
CreateDirectoryW
GetTempFileNameW
GetSystemDirectoryW
FindNextFileW
GetCurrentDirectoryW
FindClose
FindFirstFileW
Sleep
DuplicateHandle

user32

DestroyIcon
SetCursor
InsertMenuItemW
DestroyMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
FillRect
TabbedTextOutW
GrayStringW
DrawTextExW
GetWindowThreadProcessId
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
GetPropW
SetPropW
ShowScrollBar
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsMenu
GetClassInfoExW
EnableWindow
GetScrollRange
GetScrollPos
SetScrollPos
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetSubMenu
LoadMenuW
SendDlgItemMessageA
DeleteMenu
GetMenuItemInfoW
GetMenuItemID
GetMenuStringW
GetKeyboardLayoutNameW
BroadcastSystemMessageW
GetKeyboardLayoutList
LoadKeyboardLayoutW
GetKeyboardLayout
ActivateKeyboardLayout
CharLowerW
CharUpperW
GetWindowDC
UnpackDDElParam
ReuseDDElParam
ShowOwnedPopups
IsZoomed
DrawIcon
SetWindowRgn
NotifyWinEvent
WindowFromPoint
IsClipboardFormatAvailable
SendInput
GetMessageExtraInfo
GetSysColorBrush
RealChildWindowFromPoint
PostThreadMessageW
RemovePropW
DestroyWindow
SendMessageW
GetWindowLongW
UpdateWindow
PostMessageW
IsWindow
GetParent
LoadCursorW
IsWindowVisible
SetWindowLongW
GetActiveWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
UnregisterClassW
GetDialogBaseUnits
GetFocus
GetSysColor
GetKeyState
GetClientRect
CreatePopupMenu
AppendMenuW
ClientToScreen
LoadBitmapW
IsRectEmpty
SetFocus
PtInRect
IsChild
GetClassNameW
GetDlgCtrlID
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
InflateRect
PostQuitMessage
CopyRect
MonitorFromRect
GetMonitorInfoW
SystemParametersInfoW
OffsetRect
UnionRect
SetWindowPos
SetRectEmpty
IntersectRect
InvertRect
GetCapture
RegisterClipboardFormatW
RegisterWindowMessageW
GetSystemMetrics
PeekMessageW
UnloadKeyboardLayout
GetAsyncKeyState
GetKeyboardState
InsertMenuW
CheckMenuItem
ShowWindow
MoveWindow
GetDlgItem
MessageBeep
KillTimer
GetMessagePos
EnableMenuItem
GetMenuItemCount
SetTimer
GetCursorPos
DragDetect
CreateWindowExW
ReleaseCapture
SetCapture
DrawFocusRect
EqualRect
MapDialogRect
SetRect
DrawTextW
GetWindow

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetPixel
GetStockObject
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetLayout
GetLayout
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextMetricsW
CreateFontW
GetCharWidthW
StretchDIBits
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetBkColor
CopyMetaFileW
CreateBitmap
SetTextColor
SetBkColor
CreatePatternBrush
CreatePolygonRgn
Polygon
Rectangle
GetDeviceCaps
GetObjectW
SelectObject
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
EnumFontFamiliesExW
CreatePen
CreateFontIndirectW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegUnLoadKeyW
RegCloseKey
RegQueryInfoKeyW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegLoadKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegCreateKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
ExtractIconW
SHAddToRecentDocs
SHGetFileInfoW
ShellExecuteW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW
wnsprintfW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathMatchSpecA

uxtheme

CloseThemeData
DrawThemeBackground
GetThemePartSize
IsAppThemed
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData

ole32

RegisterDragDrop
CoLockObjectExternal
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
OleGetClipboard
ReleaseStgMedium
OleDuplicateData
OleSetClipboard
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize
OleFlushClipboard
CoRevokeClassObject
RevokeDragDrop
OleIsCurrentClipboard
DoDragDrop
CoRegisterMessageFilter
CreateStreamOnHGlobal

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdiplusShutdown

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8086001809a1093b90b07d498a9f60c2

Code Sign

0c:e5:82:64:22:8b:18:6b:aa:4d:e7:a2:3f:8d:f9:a6Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

9a:31:c0:1c:cc:31:bc:3e:14:21:59:18:5e:01:5d:21:5c:e0:11:31:a1:dc:9d:f8:16:f6:4b:d3:bc:bc:5a:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

oledlg

usp10

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

version

oleacc

gdiplus

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 30KB - Virtual size: 69KB

.rsrc Size: 357KB - Virtual size: 356KB

0c:e5:82:64:22:8b:18:6b:aa:4d:e7:a2:3f:8d:f9:a6
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

9a:31:c0:1c:cc:31:bc:3e:14:21:59:18:5e:01:5d:21:5c:e0:11:31:a1:dc:9d:f8:16:f6:4b:d3:bc:bc:5a:48
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 30KB - Virtual size: 69KB

.rsrc
Size: 357KB - Virtual size: 356KB