2024-02-02_b1b6d59e54b368f44eb4e89ef94f6baf_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_b1b6d59e54b368f44eb4e89ef94f6baf_icedid
Size

2.4MB
MD5

b1b6d59e54b368f44eb4e89ef94f6baf
SHA1

f6acd23b845064a813fff0d564fd4d94f0ead03e
SHA256

6149e7acb42dd7a69574301e7815990a864a009aedcb16cf8ede27ccae9dca5f
SHA512

b01c6bf9edf1ef605a9cadd4e6dc9930f0b5bb0dfafab6320592c978aefff2367ac3dd45594f5880c64e5b118cec1b070d401a2f8fbb894457a869e172e1c947
SSDEEP

49152:l0GF+8DrV+G9QXFFH6OikYT5fpZTPZlEa2:lVDrkGqXFFHg5T5fp1q

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_b1b6d59e54b368f44eb4e89ef94f6baf_icedid
.exe windows:4 windows x86 arch:x86

66ef1b0b8ed4b2a2dad8d75f4f3444e5

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:12:88:bf:c2:c3:e6:7b:77:91:ee:5a:55:cb:24:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/07/2010, 00:00

Not After

12/07/2013, 23:59

Subject

CN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\p4\sprt\project\aro\2012\Version2010\Release\ARO.pdb

Imports

rpcrt4

UuidToStringW

dbghelp

MiniDumpWriteDump

sqlite3

sqlite3_column_text
sqlite3_step
sqlite3_finalize
sqlite3_changes
sqlite3_column_count
sqlite3_open
sqlite3_close
sqlite3_exec
sqlite3_busy_timeout
sqlite3_prepare_v2
sqlite3_free
sqlite3_mprintf
sqlite3_errmsg

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetStartupInfoW
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
TlsAlloc
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetExitCodeThread
TerminateThread
EnumResourceTypesW
EnumResourceNamesW
GetDateFormatW
GetTimeFormatW
SizeofResource
LockResource
LoadResource
FindResourceW
GetLastError
MultiByteToWideChar
GetModuleFileNameW
ReleaseMutex
ExpandEnvironmentStringsW
CreateDirectoryW
lstrlenW
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
Sleep
DeleteFileW
LoadLibraryA
GetTickCount
WideCharToMultiByte
lstrlenA
CreateMutexW
CloseHandle
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
lstrcpyW
IsBadReadPtr
SetUnhandledExceptionFilter
OutputDebugStringW
MoveFileW
RemoveDirectoryW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetModuleHandleA
WaitForSingleObject
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
CreateProcessW
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFileTime
GlobalGetAtomNameW
GlobalFindAtomW
CompareStringW
GetVersionExA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
GlobalAddAtomW
SuspendThread
ResumeThread
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
lstrcmpA
GlobalFree
MulDiv
RaiseException
GetFileAttributesExW
FlushFileBuffers
SetFilePointerEx
UnmapViewOfFile
GetFileInformationByHandle
FormatMessageW
OpenProcess
GetProcessHeap
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetLongPathNameW
FreeResource
GetComputerNameW
GetVersion
SetCurrentDirectoryW
GetShortPathNameW
SetPriorityClass
GetFileSize
GetTempFileNameW
CreateDirectoryA
GetLocalTime
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
CreateThread
WritePrivateProfileStringW
GetPrivateProfileStringW
LocalFree
LocalAlloc
InterlockedExchange
ReadFile
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
GetWindowsDirectoryW
lstrcmpW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
SetLastError
GetCurrentThread
SetThreadPriority
FreeLibrary
GetProfileIntW
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
CreateEventW
WriteFile
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLogicalDriveStringsW
GetSystemDirectoryW
SearchPathW
GetDriveTypeW
LoadLibraryW
CopyFileW

user32

GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
DeferWindowPos
GetScrollInfo
SetScrollInfo
CallWindowProcW
SetWindowLongW
SetRect
SetWindowContextHelpId
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowDC
ReleaseDC
ScreenToClient
ShowOwnedPopups
CharUpperW
GetWindowThreadProcessId
IsWindowEnabled
MessageBoxW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
CheckMenuItem
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RegisterWindowMessageW
GetDlgCtrlID
MoveWindow
AdjustWindowRectEx
ClientToScreen
EndPaint
BeginPaint
GetSystemMetrics
RedrawWindow
DrawFocusRect
FillRect
GetSysColor
GetDC
ExitWindowsEx
EnableMenuItem
GetWindowLongW
GetWindow
GetMessageW
SystemParametersInfoW
GetCapture
SetCapture
RegisterClipboardFormatW
InflateRect
GetMenuItemInfoW
DestroyMenu
MapVirtualKeyW
GetSysColorBrush
DeleteMenu
InvalidateRgn
DestroyIcon
UnregisterClassW
GetParent
SetPropW
OffsetRect
LoadImageW
GetClassNameW
GetClassLongW
MapDialogRect
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
GetDlgItemInt
IsDialogMessageW
SetWindowTextW
CharNextW
GetNextDlgGroupItem
MessageBeep
TranslateMDISysAccel
DrawMenuBar
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
UnregisterClassA
GetDoubleClickTime
BringWindowToTop
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
LoadAcceleratorsW
TranslateAcceleratorW
SetCursorPos
IsWindowUnicode
GetWindowLongA
SetWindowLongA
CreatePopupMenu
GetMenuDefaultItem
SetMenu
DrawEdge
SendMessageTimeoutW
SetParent
GetDesktopWindow
IsRectEmpty
GetWindowRgn
EqualRect
DefWindowProcW
GetClassInfoW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SetFocus
FindWindowExW
WaitForInputIdle
EnableWindow
LoadBitmapW
RegisterWindowMessageA
DispatchMessageW
TranslateMessage
PeekMessageW
LoadIconW
SetCursor
LoadCursorW
SetWindowRgn
SendMessageW
AppendMenuW
GrayStringW
PtInRect
TrackPopupMenu
GetSystemMenu
DrawTextExW
KillTimer
GetWindowRect
DrawTextW
SetMenuItemInfoW
SetTimer
GetCursorPos
TabbedTextOutW
GetSubMenu
CopyRect
LoadMenuW
IsWindow
FindWindowW
GetKeyState
PostQuitMessage
HideCaret
ShowCaret
IsMenu
DrawFrameControl
GetCursor
CreateIconIndirect
CopyIcon
GetIconInfo
ReleaseCapture
GetClientRect
UpdateWindow
GetLastActivePopup
SetForegroundWindow
GetAsyncKeyState
InvalidateRect
ShowWindow
PostMessageW
PostThreadMessageW
CopyAcceleratorTableW
SetRectEmpty
InvertRect
GetDCEx
LockWindowUpdate
EnableScrollBar
IsClipboardFormatAvailable
DrawIconEx
mouse_event
WindowFromPoint
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
UnionRect
DrawStateW

gdi32

SetBkMode
SetStretchBltMode
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
RestoreDC
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreatePen
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetTextMetricsW
GetTextColor
GetRgnBox
SaveDC
CopyMetaFileW
GetTextExtentPointA
GetTextMetricsA
PatBlt
CreateFontIndirectW
CreateCompatibleDC
TextOutW
LPtoDP
ExtTextOutW
CreateCompatibleBitmap
GetMapMode
DPtoLP
Escape
CreateRoundRectRgn
BitBlt
PtVisible
RectVisible
CreateSolidBrush
RoundRect
SelectObject
DeleteObject
CreateRectRgn
GetStockObject
DeleteDC
GetDeviceCaps
GetCurrentObject
Polygon
SetPixel
EnumFontFamiliesExW
GetBoundsRect
GetDIBits
GetBitmapBits
CreatePolygonRgn
PtInRegion
ExtCreateRegion
StretchDIBits
GetViewportOrgEx
GetWindowOrgEx
CreateBitmap
GetObjectW
CreateDIBSection
CreateFontW
SetBkColor
Rectangle
GetViewportExtEx
GetBkColor
StretchBlt

comdlg32

GetFileTitleW

advapi32

LookupPrivilegeValueW
RegQueryValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyW
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
CopySid
GetTokenInformation
QueryServiceStatusEx
GetUserNameW
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
RegSaveKeyW
AdjustTokenPrivileges
RegOpenKeyExW
RegReplaceKeyW
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken
RegFlushKey
RegEnumKeyW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

DragFinish
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
SHGetFolderPathW
SHChangeNotify
SHEmptyRecycleBinW
ShellExecuteExW
ShellExecuteW
DragQueryFileW

comctl32

ImageList_GetImageCount
ImageList_DrawEx
ImageList_Destroy
ord17
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFileExistsW
SHDeleteKeyW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathAppendW
SHCreateStreamOnFileW
PathSearchAndQualifyW
PathIsNetworkPathW
PathIsFileSpecW
PathGetArgsW
PathFindOnPathW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoSetProxyBlanket
CLSIDFromProgID
CoTaskMemFree
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal

oleaut32

SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SysAllocStringByteLen
SysStringLen
SysAllocString
VarDateFromStr
VariantInit
VariantClear
SysAllocStringLen
SysStringByteLen
VariantCopy
VariantChangeType
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi
GetErrorInfo
VariantChangeTypeEx
VarCmp
VarBstrFromDate

sfc

SfcIsFileProtected

xmllite

CreateXmlWriter

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

userenv

GetProfilesDirectoryW

secur32

GetUserNameExW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66ef1b0b8ed4b2a2dad8d75f4f3444e5

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

63:12:88:bf:c2:c3:e6:7b:77:91:ee:5a:55:cb:24:6fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

dbghelp

sqlite3

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

sfc

xmllite

version

userenv

secur32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 438KB - Virtual size: 438KB

.data Size: 37KB - Virtual size: 63KB

.rsrc Size: 34KB - Virtual size: 33KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

63:12:88:bf:c2:c3:e6:7b:77:91:ee:5a:55:cb:24:6f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 438KB - Virtual size: 438KB

.data
Size: 37KB - Virtual size: 63KB

.rsrc
Size: 34KB - Virtual size: 33KB