2024-01-24_00b9360e88257813e31d34e9415c6518_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_00b9360e88257813e31d34e9415c6518_icedid
Size

716KB
MD5

00b9360e88257813e31d34e9415c6518
SHA1

44ccf3aef16a7360a77bff6eeb479f012dd81202
SHA256

7677649641c38d6845ad3ec09113deada4a065433ec8846bfa48115afd64c8e6
SHA512

b4ee86fffe74736a055f0234a33c99b3df3b467e3d61bd6fd8c750be5c4035f94f1d08ea84189ee7bf84dafdf01cc3528d9a20c146a2e0464d7c6dd96f10a67a
SSDEEP

12288:kC+57c1y1wvYvIERD97x1PcHAHrn5dWpZ5gGjD8nVBwRWQHgwXVS6Z+til:R+5iv+IODx7cu5dmZQVB2W6gUcMWs

Score

1^/10

Malware Config

Signatures

Files

2024-01-24_00b9360e88257813e31d34e9415c6518_icedid
.exe windows:5 windows x86 arch:x86

e64bc2b6e1b2c98b33bb98d67e76a437

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c9:76:e4:09:f2:b5:1b:84:62:a6:ea:14:8e:22:52
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/05/2021, 00:00

Not After

20/08/2024, 23:59

Subject

CN=ShenZhen LiZhongXiang Technology Co.\, Ltd,O=ShenZhen LiZhongXiang Technology Co.\, Ltd,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:de:66:71:5f:11:35:00:d7:90:fe:9a:4e:89:91:5b:15:a0:f7:62:99:d0:29:2e:4a:4c:de:2c:29:7f:29:2d
Signer

Actual PE Digest

8f:de:66:71:5f:11:35:00:d7:90:fe:9a:4e:89:91:5b:15:a0:f7:62:99:d0:29:2e:4a:4c:de:2c:29:7f:29:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndplayer

_NDPlayer_SetLogLevel@4
_NDPlayer_SetPacketCacheFrameNum@8
ord31
ord27
ord50
ord55
ord42
ord14
ord20
ord2
ord6
ord62
ord67
ord49
ord58
ord70
ord41
ord87
ord28
ord97
ord16
ord95
ord18
ord52
ord74
ord53
ord8
ord101
ord120
ord4
ord84
ord12
ord117
ord116
ord135
ord13
ord96
ord115
ord57
ord132
ord103
ord30
ord56
ord73
ord94
ord66
ord54
ord15
ord102
ord21
ord123
ord124
ord29
ord69
ord93
ord127
ord98
ord60
ord68
_NDPlayer_EnableDisplayDelayTime@8
ord76
ord11
ord78
ord5
ord59
ord86
ord134
ord17
ord19
ord24
ord72
ord23
ord7
ord99
ord126
ord91
ord92
ord26
ord106
ord89
ord51
ord107
ord1
ord61
ord63
ord75
ord90
ord125
ord71

ndrm_module

IMCP_RM_Cleanup
IMCP_RM_GetAudioInfo
IMCP_RM_PlayStream
IMCP_RM_PauseStream
_IMCP_RM_StartStreamV2@60
IMCP_RM_GetPayloadType
IMCP_RM_StopStream
IMCP_RM_Init

winmm

waveInGetNumDevs
timeSetEvent
timeKillEvent

kernel32

EnterCriticalSection
FindClose
GetLocalTime
LockResource
GetModuleFileNameA
GetModuleHandleA
FindNextFileW
QueryPerformanceFrequency
DeleteCriticalSection
WaitForSingleObject
Sleep
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcessId
CreateThread
GetFileSize
CompareFileTime
GlobalLock
GetTickCount
GlobalAlloc
MulDiv
ReadFile
CreateFileW
GlobalUnlock
FindFirstFileA
GlobalFree
FindNextFileA
DeleteFileW
FormatMessageW
GetLastError
GetProcAddress
LoadLibraryA
GetCurrentThreadId
CreateMutexW
lstrlenW
SetLastError
GetModuleFileNameW
GetProfileIntW
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventW
GetVersionExA
GetModuleHandleW
lstrcmpW
FreeLibrary
CompareStringW
LoadLibraryW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedDecrement
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
LocalFree
lstrlenA
GetThreadLocale
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
CreateDirectoryW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
DeleteFileA
MoveFileA
HeapReAlloc
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetProcessHeap
CreateDirectoryA
RaiseException
MultiByteToWideChar
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
InitializeCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadResource
FindResourceW
FindFirstFileW
GetACP
InterlockedCompareExchange

user32

CharNextW
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetMenu
SetForegroundWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
InflateRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
CharUpperW
IsWindowEnabled
MessageBoxW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UpdateWindow
GetClassNameA
GetParent
EnumWindows
GetWindowTextA
EnumChildWindows
CopyRect
ClientToScreen
SetCursor
SetTimer
FillRect
SetCapture
PostMessageW
KillTimer
LoadCursorW
SetRectEmpty
GetDC
GetWindowLongW
ReleaseDC
SetWindowLongW
FrameRect
LoadBitmapW
ClipCursor
ReleaseCapture
IsWindowVisible
SetWindowRgn
GetWindowRect
SetParent
GetClientRect
PtInRect
SetRect
InvalidateRect
MonitorFromWindow
GetCursorPos
SwitchToThisWindow
SendMessageW
EnableWindow
GetMonitorInfoW
GetSysColorBrush
wsprintfW
RegisterClipboardFormatW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
UnregisterClassW
SetWindowTextW
IsDialogMessageW
GetLastActivePopup
DestroyMenu
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetSubMenu
GetMenu

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutW
Escape
CreatePolygonRgn
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetMapMode
DPtoLP
GetBkColor
CreateFontIndirectW
CreatePenIndirect
CreateBrushIndirect
CreateRectRgn
PtInRegion
BitBlt
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleBitmap
GetObjectW
CreatePen
TextOutW
GetStockObject
CreateCompatibleDC
GetRgnBox
CreateRectRgnIndirect
CombineRgn
Rectangle
CreateRoundRectRgn
SetViewportOrgEx
CreateSolidBrush
GetTextColor

comdlg32

GetFileTitleW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
DragAcceptFiles
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

RegisterDragDrop
OleIsCurrentClipboard
CoLockObjectExternal
RevokeDragDrop
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CreateStreamOnHGlobal

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
OleLoadPicture
OleCreateFontIndirect
SysAllocString
SysStringLen

wsock32

inet_ntoa
ioctlsocket
sendto
bind
socket
__WSAFDIsSet
inet_addr
connect
ntohl
gethostbyname
select
WSAGetLastError
htons
ntohs
setsockopt
recv
closesocket
send
getsockopt
getsockname
WSACleanup
accept
WSAStartup
listen
WSASetLastError
htonl

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e64bc2b6e1b2c98b33bb98d67e76a437

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:c9:76:e4:09:f2:b5:1b:84:62:a6:ea:14:8e:22:52Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

8f:de:66:71:5f:11:35:00:d7:90:fe:9a:4e:89:91:5b:15:a0:f7:62:99:d0:29:2e:4a:4c:de:2c:29:7f:29:2dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ndplayer

ndrm_module

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 471KB - Virtual size: 470KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 17KB - Virtual size: 32KB

.rsrc Size: 72KB - Virtual size: 72KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c9:76:e4:09:f2:b5:1b:84:62:a6:ea:14:8e:22:52
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

8f:de:66:71:5f:11:35:00:d7:90:fe:9a:4e:89:91:5b:15:a0:f7:62:99:d0:29:2e:4a:4c:de:2c:29:7f:29:2d
Signer

.text
Size: 471KB - Virtual size: 470KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 17KB - Virtual size: 32KB

.rsrc
Size: 72KB - Virtual size: 72KB