2024-01-25_730e2e4be47debe06b13636ad40fc110_icedid_vidar

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_730e2e4be47debe06b13636ad40fc110_icedid_vidar
Size

5.2MB
MD5

730e2e4be47debe06b13636ad40fc110
SHA1

4151c7c5d4c5008accd284ffb44d2ab6f12e5f0a
SHA256

415200bac909ff0549db8ae94392a85d8ab3e0b0182daf0b2182e665682b975b
SHA512

44e0a7689417154f6993e1904e6fd9436fb61387b2f4fae07e4af9b1c2325f67d6760689582996eb772af44468a7a78f6ee4a34c8851dbb6461e9508ab158d2b
SSDEEP

98304:7hGavIL6TP31y+wCQ6qkax4vOkusa5KcoYnWndj4SCwJ4loj9ghi1RebMIg9Cboc:7hGUZ1XxIs1fndj4SCwJuojDIg9Cbo/0

Score

1^/10

Malware Config

Signatures

Files

2024-01-25_730e2e4be47debe06b13636ad40fc110_icedid_vidar
.exe windows:5 windows x86 arch:x86

95c5ec72d8de3d2d53f53ebeeda5bd57

Code Sign

43:94:08:90:ae:06:6f:25:fc:1e:1c:f4:08:61:ff:b2
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/12/2010, 00:00

Not After

28/12/2012, 23:59

Subject

CN=Collobos Software,O=Collobos Software,L=Menlo Park,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:b5:be:20:30:d9:48:47:27:21:7f:c7:bc:47:93:7e:a7:d1:85:56
Signer

Actual PE Digest

70:b5:be:20:30:d9:48:47:27:21:7f:c7:bc:47:93:7e:a7:d1:85:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathGetDriveNumberW
PathFileExistsW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winsparkle

win_sparkle_check_update_with_ui
win_sparkle_set_appcast_url
win_sparkle_init
win_sparkle_cleanup

winmm

PlaySoundW
timeGetTime

kernel32

ReadConsoleInputA
SetConsoleMode
GetConsoleMode
VirtualAlloc
VirtualQuery
HeapQueryInformation
SetStdHandle
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetTimeZoneInformation
SetConsoleCtrlHandler
IsValidCodePage
GetConsoleCP
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
WriteConsoleW
LockFileEx
HeapValidate
FormatMessageA
UnlockFileEx
GetFullPathNameA
GetDriveTypeW
PeekNamedPipe
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
ExitProcess
CreateThread
ExitThread
RtlUnwind
AreFileApisANSI
GetSystemTime
RaiseException
GetSystemTimeAsFileTime
GetOEMCP
GetDiskFreeSpaceA
CreateFileMappingW
GetLastError
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
GlobalFree
LockResource
GetModuleHandleW
ActivateActCtx
LoadLibraryW
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleFileNameW
CreateDirectoryW
InitializeCriticalSection
LeaveCriticalSection
GetFileAttributesW
EnterCriticalSection
DeleteCriticalSection
lstrlenW
lstrcpyW
GetVersion
GetLocaleInfoW
OutputDebugStringW
GetVersionExW
GlobalDeleteAtom
CreateMutexW
GetCurrentProcess
GlobalGetAtomNameW
ReleaseMutex
CloseHandle
GlobalAddAtomW
DeleteFileW
QueryPerformanceCounter
GetComputerNameW
GetTickCount
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
OutputDebugStringA
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
GetDiskFreeSpaceW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
CopyFileW
CreateFileW
GetTempPathW
GetWindowsDirectoryW
Sleep
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA
HeapSize
HeapReAlloc
lstrcatA
lstrcpyA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
SetErrorMode
GetNumberFormatW
GetTempFileNameW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
FindResourceExW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetCurrentDirectoryW
GetSystemDirectoryW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GetVersionExA
GetFileSize
CreateFileA
LocalFree
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFlags
WaitForSingleObject
ResumeThread
SetThreadPriority
VirtualProtect
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
LoadLibraryExW
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GlobalSize
FormatMessageW
MulDiv
FlushConsoleInputBuffer
GlobalMemoryStatus
GetCurrentProcessId
GetStdHandle
GetFileType
GetModuleHandleA
ExpandEnvironmentStringsA
FindResourceA
FreeResource
CreateFileMappingA
MapViewOfFile
GetTempPathA
GetTempFileNameA
CopyFileA
UnmapViewOfFile
WriteFile
SetFilePointer
ReadFile
lstrcmpA
GetModuleFileNameA
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
MoveFileA
GetEnvironmentVariableA
CreateDirectoryA
LoadLibraryA
GetFileAttributesA

user32

GetWindowRgn
DestroyCursor
CreateMenu
MapVirtualKeyExW
IsCharLowerW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
SubtractRect
CharUpperBuffW
FrameRect
RegisterClipboardFormatW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
HideCaret
InvertRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetUpdateRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DestroyAcceleratorTable
SetClassLongW
GetDoubleClickTime
CopyIcon
SetCursorPos
SetRect
LockWindowUpdate
GetMenuDefaultItem
CreatePopupMenu
IsZoomed
NotifyWinEvent
EmptyClipboard
SetClipboardData
CharUpperW
WindowFromPoint
DeleteMenu
PostThreadMessageW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
UnregisterClassW
SetLayeredWindowAttributes
EnumDisplayMonitors
IntersectRect
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
WaitMessage
GetMessageW
TranslateMessage
SetWindowContextHelpId
MapDialogRect
GetAsyncKeyState
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawStateW
GetIconInfo
CopyImage
DrawIconEx
GetNextDlgGroupItem
SetCapture
DrawFocusRect
OffsetRect
IsRectEmpty
ShowOwnedPopups
ReleaseCapture
InflateRect
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
InvalidateRect
SetRectEmpty
DrawEdge
LoadCursorW
DrawTextW
FillRect
SetCursor
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
PtInRect
GetWindow
GetMenuStringW
InsertMenuW
RemoveMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetKeyState
CloseClipboard
SetMenuDefaultItem
IsWindow
MessageBoxW
EnableWindow
SendMessageW
GetClientRect
GetWindowRect
LoadIconW
PostQuitMessage
GetSystemMetrics
GetMenuItemCount
RedrawWindow
AppendMenuW
BringWindowToTop
LoadMenuW
GetMenu
DrawIcon
SetForegroundWindow
GetSubMenu
KillTimer
PostMessageW
EnumChildWindows
GetCursorPos
GetClassNameW
SystemParametersInfoW
FindWindowW
SetParent
LoadImageW
RegisterWindowMessageW
TrackPopupMenu
SetActiveWindow
DrawAnimatedRects
IsWindowVisible
BroadcastSystemMessageW
GetLastActivePopup
wsprintfA
GetUserObjectInformationW
GetMenuItemID
IsIconic
GetProcessWindowStation
SetTimer
GetSystemMenu
MessageBeep
DestroyIcon
GetParent
GetDesktopWindow
MessageBoxA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetDC
LoadBitmapW
CopyRect
GetSysColor

gdi32

LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CopyMetaFileW
CreateEllipticRgn
CreatePolygonRgn
CombineRgn
IntersectClipRect
GetTextColor
Polyline
Ellipse
Polygon
GetTextMetricsW
SetRectRgn
GetMapMode
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateDIBSection
SetDIBColorTable
RealizePalette
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetClipBox
ExcludeClipRect
SetMapMode
CreatePen
GetObjectW
Rectangle
CreateFontIndirectW
CreateSolidBrush
GetStockObject
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetPixel
StretchBlt
DeleteDC
SetTextColor
GetTextExtentPoint32W
BitBlt
EndDoc
ResetDCW
StartDocW
CreateDCW
GetDeviceCaps
StartPage
EndPage
CreateBitmap
CreateRectRgnIndirect
PatBlt
SaveDC
RestoreDC
SetBkColor
SetPolyFillMode
GetBkColor
SetROP2

msimg32

AlphaBlend
TransparentBlt
GradientFill

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
SetJobW
EnumPrintersW
ClosePrinter

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExW
RegEnumKeyExW
AdjustTokenPrivileges
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegisterEventSourceA
DeregisterEventSource
RegCreateKeyExW
FreeSid
SetEntriesInAclA
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
ReportEventA
RegisterEventSourceW
RegSetValueExW

shell32

DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHAppBarMessage
SHGetFileInfoW
ord727
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

ole32

CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoFreeUnusedLibraries
OleUninitialize
OleLockRunning
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
CoCreateGuid
OleInitialize

oleaut32

OleCreateFontIndirect
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString
VariantCopy
SafeArrayDestroy
SysStringLen

oledlg

OleUIBusyW

gdiplus

GdipCloneImage
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteBrush
GdipDeletePen
GdipCloneBrush
GdipCreateSolidFill
GdipFillRectangleI
GdipCreatePen1
GdipDrawRectangleI
GdiplusShutdown
GdiplusStartup
GdipCreateHICONFromBitmap
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipGetImageHeight
GdipStringFormatGetGenericDefault
GdipMeasureString
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipGetImageGraphicsContext
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDeleteFontFamily
GdipGetImageEncodersSize
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipGetImageEncoders
GdipDrawString
GdipCreateFontFamilyFromName
GdipSaveImageToFile
GdipCreateStringFormat
GdipGetImageWidth
GdipDeleteStringFormat
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipDisposeImage
GdipAlloc
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipSetStringFormatAlign
GdipFree

wsock32

WSASetLastError
WSAAsyncSelect
htons
ioctlsocket
listen
WSAGetLastError
closesocket
socket
recv
accept
shutdown
select
connect
WSAStartup
WSACleanup
send

netapi32

NetUserEnum
NetApiBufferFree

iphlpapi

SendARP
GetAdaptersInfo
GetIpNetTable

winhttp

WinHttpAddRequestHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser

ws2_32

WSAAddressToStringA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

xpdfprint

pdfPrintSetLastPage
pdfPrintSetPrinter
pdfPrintSetFirstPage
pdfPrintToDC2
pdfLoadFileW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95c5ec72d8de3d2d53f53ebeeda5bd57

Code Sign

43:94:08:90:ae:06:6f:25:fc:1e:1c:f4:08:61:ff:b2Certificate

Extended Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

70:b5:be:20:30:d9:48:47:27:21:7f:c7:bc:47:93:7e:a7:d1:85:56Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

winsparkle

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

gdiplus

wsock32

netapi32

iphlpapi

winhttp

ws2_32

oleacc

imm32

xpdfprint

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 616KB - Virtual size: 616KB

.data Size: 139KB - Virtual size: 184KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

43:94:08:90:ae:06:6f:25:fc:1e:1c:f4:08:61:ff:b2
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

70:b5:be:20:30:d9:48:47:27:21:7f:c7:bc:47:93:7e:a7:d1:85:56
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 616KB - Virtual size: 616KB

.data
Size: 139KB - Virtual size: 184KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB