2024-01-28_0531e8c7c14d8c8704f087dc6e5893ec_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_0531e8c7c14d8c8704f087dc6e5893ec_icedid
Size

233KB
MD5

0531e8c7c14d8c8704f087dc6e5893ec
SHA1

f17bcbe60905acc4b621771a1c2211a17c2c7e8e
SHA256

312705b32046fa8953ed635eb4292f0e5b3caff74b0b9d508c63ee97de05dfbb
SHA512

2c2d2f800bc473ad43a43e887ade1d787468c7d643adfe1f5b70c613435ec511ccc29155595cff191cf6eeb24075bfcfe62cd7d7cf0b280f78b1c1de49baf79a
SSDEEP

3072:nss9WjEyukFvVCEXjWY7dLKmCajvmuk++bXEqlsIVfNTaKAzTCwJ:tuEyjFdC8qypCajtQJVuj

Score

1^/10

Malware Config

Signatures

Files

2024-01-28_0531e8c7c14d8c8704f087dc6e5893ec_icedid
.exe windows:4 windows x86 arch:x86

9f7a374f1803f0f0ca8afc979f39f5a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:9c:c7:5a:12:13:a3:f3:db:52:a3:5f:ae:89:83:4d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/03/2009, 00:00

Not After

19/05/2012, 23:59

Subject

CN=International Business Machines Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Lotus Software Group,O=International Business Machines Corporation,L=Westford,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\build\install\Notes\nomad\autorun\autorun.pdb

Imports

kernel32

HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetErrorMode
GetFullPathNameA
GetVolumeInformationA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
CloseHandle
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
SetLastError
MulDiv
LocalFree
GlobalAlloc
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GetProcAddress
SetCurrentDirectoryA
GetCommandLineA
GetCurrentDirectoryA
GetSystemDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
SetEnvironmentVariableA
GetTempPathA
SetFileAttributesA
CopyFileA
WaitForSingleObject
GetExitCodeProcess
Sleep
FormatMessageA
GetTickCount
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetMenuState
PostQuitMessage
GetDesktopWindow
GetActiveWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DrawTextA
CharUpperA
DrawIcon
SendMessageA
IsIconic
GetClientRect
InvalidateRect
SetTimer
EnableWindow
LoadIconA
GetSystemMetrics
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
CreateDialogIndirectParamA
MessageBoxA
GetWindowTextA
IsWindow
RegisterWindowMessageA
GetWindow
PtInRect
CopyRect
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
GetClassInfoA
RegisterClassA
UnregisterClassA

gdi32

GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
StretchBlt
BitBlt
Ellipse
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegCloseKey
RegQueryValueA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f7a374f1803f0f0ca8afc979f39f5a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:9c:c7:5a:12:13:a3:f3:db:52:a3:5f:ae:89:83:4dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 60KB - Virtual size: 58KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:9c:c7:5a:12:13:a3:f3:db:52:a3:5f:ae:89:83:4d
Certificate

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 60KB - Virtual size: 58KB