2024-01-29_361ec02681bc2cb40223c32d40a26b9c_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-29_361ec02681bc2cb40223c32d40a26b9c_icedid
Size

877KB
MD5

361ec02681bc2cb40223c32d40a26b9c
SHA1

a9786d07b04cfc13344e2111cd4868e3107a8b9d
SHA256

9c836bb77f6574c44a575db05cfc2b0b5ca58084c2efde86fb7aa32c47166094
SHA512

5cd472f5075f402980961aec2e146a61be9af18c6a7c8a1c389289d711906490bc06233f7855c5957873ac8a62258ed20a1dbc09d3a437de29a01d9d8a70234e
SSDEEP

12288:aNtIu5BKm4HrmUXOtbxK7hprA/Qgf2Y3qj9Xzl8J7O:aNtriHXebxKhprA/Qgf2Y3qj9Xzl8J7O

Score

1^/10

Malware Config

Signatures

Files

2024-01-29_361ec02681bc2cb40223c32d40a26b9c_icedid
.exe windows:4 windows x86 arch:x86

f0b4b006f34bc4086a2c5b23290b9585

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:38:83:3c:75:ad:f4:17:fe:de:b6:ba:3b:45:84:4d:9c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

05/09/2011, 08:15

Not After

05/09/2013, 08:15

Subject

CN=TTNET A.S.,O=TTNET A.S.,L=Sisli,ST=Istanbul,C=TR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:4c:f0:da:c4:79:37:ab:a5:14:4c:7f:a9:df:c1:29:96:8a:45:ac
Signer

Actual PE Digest

6e:4c:f0:da:c4:79:37:ab:a5:14:4c:7f:a9:df:c1:29:96:8a:45:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\MKSagiroglu\My Documents\Visual Studio Projects\TTNetMD\RelaseEXE\TTNetMD.pdb

Imports

iphlpapi

GetAdaptersInfo
GetIpNetTable
GetIfTable

wininet

InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
InternetGetCookieA
InternetReadFile
InternetOpenA
InternetConnectA

kernel32

GlobalFlags
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
FindResourceExA
SetErrorMode
GetFileAttributesA
GetFileTime
GetProfileIntA
WritePrivateProfileStringA
RtlUnwind
ExitThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetShortPathNameA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetUserDefaultLCID
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
SetLastError
CopyFileA
GlobalSize
FormatMessageA
lstrcpynA
LocalFree
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
WaitForSingleObject
CloseHandle
ResetEvent
GetSystemTime
CreateThread
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
GetTickCount
Sleep
FreeLibrary
GetLastError
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ExitProcess

user32

SetRectEmpty
EnumChildWindows
LockWindowUpdate
GetSysColorBrush
DestroyIcon
GetDialogBaseUnits
GetTabbedTextExtentA
GetDCEx
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
AdjustWindowRectEx
ScreenToClient
EqualRect
LoadCursorA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
IsChild
GetClassNameA
PtInRect
CallWindowProcA
GetMenu
SetWindowPos
SetWindowLongA
GetSubMenu
GetMenuItemID
OffsetRect
InflateRect
DefWindowProcA
ShowWindow
DrawEdge
SetParent
GetDesktopWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
wsprintfA
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCapture
ReleaseCapture
RegisterClipboardFormatA
SetCursor
PostMessageA
IsRectEmpty
CreateMenu
DestroyMenu
MoveWindow
GetClassInfoA
SetWindowTextA
GetParent
UpdateWindow
GetWindowRect
CharUpperA
SetRect
IsWindowVisible
InvalidateRect
CopyRect
GetDC
ReleaseDC
GetSysColor
PostQuitMessage
LoadStringA
LoadIconA
SendMessageA
GetWindow
EnableWindow
FillRect
GetMenuItemCount

gdi32

CreateDCA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
CreatePatternBrush
CopyMetaFileA
CreatePen
CombineRgn
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetTextAlign
CreateRectRgnIndirect
SetRectRgn
PatBlt
EnumFontFamiliesExA
Rectangle
UnrealizeObject
CreateRectRgn
SelectClipRgn
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
LPtoDP
CreateBitmap
GetStockObject
GetDeviceCaps
BitBlt
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
MoveToEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
ExtractIconA

comctl32

ord17

shlwapi

StrTrimA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoDisconnectObject
CreateOleAdviseHolder
CreateDataAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
ReadClassStm
OleSaveToStream
OleDuplicateData
ReleaseStgMedium
ReadFmtUserTypeStg
CoTaskMemAlloc
CreateDataCache
StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CreateStreamOnHGlobal
CoCreateInstance
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

OleCreatePictureIndirect
OleCreateFontIndirect
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocString
OleCreatePropertyFrame
LoadRegTypeLi
SysAllocStringLen
SysFreeString
OleLoadPicture
SysStringByteLen
RegisterTypeLi
LoadTypeLi
OleTranslateColor

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_addr

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0b4b006f34bc4086a2c5b23290b9585

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

11:21:38:83:3c:75:ad:f4:17:fe:de:b6:ba:3b:45:84:4d:9cCertificate

Extended Key Usages

Key Usages

6e:4c:f0:da:c4:79:37:ab:a5:14:4c:7f:a9:df:c1:29:96:8a:45:acSigner

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 238KB - Virtual size: 238KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 559KB - Virtual size: 558KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

11:21:38:83:3c:75:ad:f4:17:fe:de:b6:ba:3b:45:84:4d:9c
Certificate

6e:4c:f0:da:c4:79:37:ab:a5:14:4c:7f:a9:df:c1:29:96:8a:45:ac
Signer

.text
Size: 238KB - Virtual size: 238KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 559KB - Virtual size: 558KB