2024-01-25_e23ba923e3c125757681477570e56ed8_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_e23ba923e3c125757681477570e56ed8_icedid
Size

2.4MB
MD5

e23ba923e3c125757681477570e56ed8
SHA1

536a199e74624ed3e38de65d7f90f82caf060461
SHA256

8fd22925e705ffc08ab0877053b76cc390b0ca7d6967f79ab10af85affa92cf0
SHA512

0ac90a0153a546f73e9eeeb28899b4f98c60eb058e2e1363fa73e968fd91d7681d423ee3e3cdd23e5013c886a7e8667376ce32115115e3e8b1458911af7888c2
SSDEEP

49152:jsaNBDiGNGfQ9J8H39GRGGQJKUMG1TgvjOW7hfn6sXmA8TN:jsaNBOGNBJ8HYRYJKUMG1T+jp7R6eAN

Score

1^/10

Malware Config

Signatures

Files

2024-01-25_e23ba923e3c125757681477570e56ed8_icedid
.exe windows:5 windows x86 arch:x86

14782503ef7b8e421998ca3768d96a69

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:db:23:fd:0b:76:d2:d4:1b:f3:5f:4d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/11/2023, 01:55

Not After

10/01/2026, 06:13

Subject

SERIALNUMBER=110111-0042955,CN=Daishin Securities Co.\,LTD,O=Daishin Securities Co.\,LTD,STREET=343 Samil-daero,L=Jung-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:48:4d:22:1b:62:a3:35:e5:80:62:82:d0:56:b0:af:25:42:af:2c
Signer

Actual PE Digest

13:48:4d:22:1b:62:a3:35:e5:80:62:82:d0:56:b0:af:25:42:af:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawRectangleI
GdipDrawImageRect
GdipCloneBitmapAreaI
GdipRestoreGraphics
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSaveGraphics
GdipDrawImageI
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipTranslateWorldTransform
GdipGetImageGraphicsContext
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipFree
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSetStringFormatAlign

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

spednetmodule

ProcessCancel

kernel32

GetModuleHandleW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExA
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitThread
GetTimeZoneInformation
VirtualAlloc
GetSystemInfo
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualFree
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
CompareStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FindNextFileA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetModuleFileNameW
GetThreadLocale
InterlockedIncrement
ConvertDefaultLocale
GlobalAddAtomA
ResumeThread
GlobalDeleteAtom
CompareStringA
lstrcmpW
FreeResource
GlobalSize
MulDiv
GetEnvironmentVariableA
GetVersionExA
CopyFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
GetWindowsDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
GetCurrentThread
SetErrorMode
SetEnvironmentVariableA
CreateDirectoryA
GetVersion
GetCurrentDirectoryA
SetCurrentDirectoryA
WinExec
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateThread
LoadLibraryExA
ReadFile
GetFileSize
lstrcpyA
TerminateThread
lstrlenA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenW
FindClose
FindFirstFileA
GetFileAttributesA
MultiByteToWideChar
CreateProcessA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
WaitForMultipleObjects
InterlockedDecrement
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetTickCount
IsBadWritePtr
GetSystemTime
LocalFree
OpenMutexA
CreateMutexA
Sleep
OpenProcess
FreeLibrary
SetLastError
WaitForSingleObject
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetProcAddress
LoadLibraryA
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
VirtualQuery
GetModuleHandleA
FormatMessageA
SetUnhandledExceptionFilter
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
OutputDebugStringA
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GlobalFindAtomA
SetThreadPriority
GetFileSizeEx
GlobalGetAtomNameA
GetProcessHeap
TlsAlloc

user32

DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
DeleteMenu
UnregisterClassA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
InvalidateRgn
CopyAcceleratorTableA
GetSysColorBrush
DestroyMenu
GetMenuItemInfoA
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
WindowFromPoint
CharUpperA
MapVirtualKeyA
GetKeyNameTextA
WaitMessage
CharNextA
GetCursorPos
SetCursor
LoadCursorA
IsRectEmpty
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
MoveWindow
IsDialogMessageA
CheckDlgButton
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
DefMDIChildProcA
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetWindow
GetLastActivePopup
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
WinHelpA
DrawIcon
AppendMenuA
GetSystemMenu
LoadIconA
SetFocus
SetActiveWindow
SetWindowPos
IsWindowVisible
GetWindowThreadProcessId
ShowWindow
IsIconic
SetWindowLongA
CreateWindowExA
RegisterClassA
GetClassInfoA
DestroyWindow
GetDlgItem
GetDC
GetDesktopWindow
UpdateWindow
DrawFocusRect
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
wsprintfA
DefWindowProcA
GetFocus
RedrawWindow
GetDCEx
ReleaseDC
GetWindowDC
DestroyIcon
DrawStateA
GetIconInfo
GetSystemMetrics
IsWindowEnabled
GetSysColor
InflateRect
CopyRect
GetWindowLongA
PostThreadMessageA
SetTimer
KillTimer
SetWindowRgn
PtInRect
SetRect
OffsetRect
SystemParametersInfoA
GetParent
LoadImageA
FillRect
InvalidateRect
ReleaseCapture
EqualRect
SetCapture
DefFrameProcA
CharUpperBuffA
CopyIcon
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
GetKeyboardState
GetKeyboardLayout
ScreenToClient
PostMessageA
IsWindow
MessageBoxA
SetForegroundWindow
FindWindowA
GetClientRect
GetWindowRect
EnableWindow
SendMessageA
ToAsciiEx
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
RegisterClipboardFormatA
GetNextDlgGroupItem
GetMenuDefaultItem
SetScrollRange
SetMenuDefaultItem
GetDlgCtrlID

gdi32

SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
CopyMetaFileA
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
GetObjectType
CreateHatchBrush
GetDCOrgEx
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetWindowExtEx
RestoreDC
CombineRgn
GetTextMetricsA
PatBlt
GetRgnBox
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBSection
CreatePolygonRgn
Polyline
Polygon
OffsetRgn
SetDIBColorTable
StretchBlt
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
GetViewportExtEx
CreateRectRgn
SetRectRgn
SaveDC
SelectClipRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
Rectangle
SetBkColor
ExtTextOutA
SetPixel
CreateBrushIndirect
SelectObject
CreateCompatibleBitmap
RoundRect
CreateRoundRectRgn
CreatePen
CreatePalette
GetDIBColorTable
CreateHalftonePalette
BitBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
Arc
CreateFontIndirectA
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetMapMode
CreateSolidBrush
GetPixel

msimg32

GradientFill
AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegRestoreKeyA
RegCreateKeyA
RegSaveKeyA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetFolderPathA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHAppBarMessage

comctl32

_TrackMouseEvent
ord17
ImageList_GetIconSize

shlwapi

UrlUnescapeA
PathRemoveFileSpecW
SHCreateStreamOnFileW
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
CoInitializeEx
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SafeArrayLock
SafeArrayUnlock
SysFreeString
SysAllocStringLen
SysAllocString
SysStringByteLen
DispCallFunc
VarDateFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SysStringLen
VarBstrCat
SysAllocStringByteLen
VariantChangeType
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy

wsock32

WSAStartup
WSACleanup
htons
socket
connect
closesocket
WSASetLastError
sendto
recvfrom
shutdown
WSAAsyncSelect
getsockname
htonl
inet_ntoa
setsockopt
recv
send
select
accept
bind
inet_addr
WSAGetLastError
gethostbyname
WSAAsyncGetHostByName
ioctlsocket

iphlpapi

GetAdaptersInfo

msi

ord67

wininet

InternetCanonicalizeUrlA
InternetQueryOptionA
InternetCrackUrlA
InternetQueryDataAvailable
InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 542KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14782503ef7b8e421998ca3768d96a69

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

6b:db:23:fd:0b:76:d2:d4:1b:f3:5f:4dCertificate

Extended Key Usages

Key Usages

13:48:4d:22:1b:62:a3:35:e5:80:62:82:d0:56:b0:af:25:42:af:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

version

spednetmodule

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

iphlpapi

msi

wininet

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 42KB - Virtual size: 72KB

.rsrc Size: 542KB - Virtual size: 542KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

6b:db:23:fd:0b:76:d2:d4:1b:f3:5f:4d
Certificate

13:48:4d:22:1b:62:a3:35:e5:80:62:82:d0:56:b0:af:25:42:af:2c
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 42KB - Virtual size: 72KB

.rsrc
Size: 542KB - Virtual size: 542KB