2024-02-02_ffa1ccc34c854382d01e89ba5eb97263_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-02_ffa1ccc34c854382d01e89ba5eb97263_icedid
Size

1.6MB
MD5

ffa1ccc34c854382d01e89ba5eb97263
SHA1

3639f28502200a2d8dba9678d5dbf35f4b314d02
SHA256

23e59202a9aa94e14f2b4066076056e27b41cb1575c0f80e4201cedce549e00b
SHA512

65ebca8f027895cfb1c84741e869a8b0ac96959d097b91763f2092b0930ec622483ab78ba0c03562fe6afd8844f8b2fc70b53983adca0bd299568411949a7705
SSDEEP

49152:2V2Jhb9crpKTXSKDjwJPL3at40R9tBwM53sXNLMeb/YjGRFnwYt:DhbWpKOKDjuPL3at40XtBfMNLT/YjG/

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_ffa1ccc34c854382d01e89ba5eb97263_icedid
.exe windows:5 windows x86 arch:x86

74e8832411bdc1b399ceea4d7c04d8b7

Code Sign

02:80:ae:12:d4:c5:28:dc:0a:a1:06:fb:9f:17:aa:37
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-04-2021 00:00

Not After

21-04-2022 23:59

Subject

CN=HP Inc.,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:1c:e5:19:e2:3d:b3:d9:e9:be:51:31:22:bc:63:ba:0c:8c:96:80:f7:04:49:94:1a:c9:46:d1:51:72:a0:ff
Signer

Actual PE Digest

fe:1c:e5:19:e2:3d:b3:d9:e9:be:51:31:22:bc:63:ba:0c:8c:96:80:f7:04:49:94:1a:c9:46:d1:51:72:a0:ff

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\K12_Prod_Active_Build\build118\SxS\src\Release\Setup.pdb

Imports

kernel32

EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
Process32NextW
IsValidLocale
CreateToolhelp32Snapshot
VerifyVersionInfoW
MoveFileExW
DeviceIoControl
ProcessIdToSessionId
GetUserDefaultLangID
SetCurrentDirectoryW
GetComputerNameExW
GetSystemDefaultLCID
FlushViewOfFile
OpenFileMappingW
GlobalMemoryStatusEx
CreatePipe
WaitForMultipleObjects
TryEnterCriticalSection
PeekNamedPipe
OpenMutexW
GetSystemTime
GetLocalTime
ResetEvent
OpenEventW
TerminateThread
GetExitCodeProcess
GetExitCodeThread
GetDiskFreeSpaceExW
CreateProcessW
InterlockedCompareExchange
WriteConsoleW
SetEnvironmentVariableA
Process32FirstW
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
ExitProcess
HeapQueryInformation
HeapSize
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
GetNumberFormatW
GetTempPathW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
SetFileAttributesW
lstrcpyW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DeleteFileW
lstrcmpiW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
InitializeCriticalSectionAndSpinCount
lstrcmpW
FileTimeToSystemTime
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
GetModuleHandleW
CreateEventW
SetEvent
ResumeThread
SetThreadPriority
CopyFileW
GlobalSize
MulDiv
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalSize
lstrlenW
LocalAlloc
HeapFree
GetProcessHeap
HeapAlloc
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
VerSetConditionMask
GetWindowsDirectoryW
WideCharToMultiByte
GetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
SetLastError
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingW
WaitForSingleObject
CreateMutexW
LocalFree
FormatMessageW
GetLastError
SearchPathW
GetLongPathNameW
GetTempFileNameW
GetCommandLineW
GetFileAttributesExW
OpenProcess
QueryPerformanceCounter
GetCurrentThreadId
OutputDebugStringW
CloseHandle
WriteFile
SetFilePointer
Sleep
CreateFileW
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetCurrentProcessId
InitializeCriticalSection
ExpandEnvironmentStringsW
GetModuleFileNameW
LoadLibraryA

user32

DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
IsIconic
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
DestroyCursor
GetWindowRgn
GetClassLongW
GetClassNameW
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
CreatePopupMenu
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
DrawIconEx
DrawEdge
DrawIcon
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
NotifyWinEvent
GetAsyncKeyState
SetClassLongW
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
GetWindowRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetClientRect
GetWindowPlacement
GetDlgCtrlID
UpdateWindow
RedrawWindow
ShowScrollBar
SetForegroundWindow
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
BeginDeferWindowPos
WindowFromPoint
GetFocus
ModifyMenuW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
OpenWindowStationW
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
CloseWindowStation
GetParent
SendMessageW
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
CheckMenuItem
EnableMenuItem
SendMessageCallbackW
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
LoadImageW
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamW
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawStateW
MonitorFromWindow
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
SetWindowPlacement

gdi32

GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
Escape
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
CreatePatternBrush
GetTextFaceW
SetPixelV
DeleteDC
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
ExcludeClipRect
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
GetDeviceCaps
CopyMetaFileW
CreateDCW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
SetTextColor
RealizePalette
SetBkColor

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

BackupEventLogW
DuplicateToken
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseEventLog
OpenEventLogW
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetUserNameW
RegQueryInfoKeyW
CheckTokenMembership
OpenProcessToken
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
ImpersonateLoggedOnUser

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
ExtractIconW
SHGetFolderPathW
SHGetFileInfoW

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW
PathFindExtensionW

ole32

CoCreateInstance
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

SysFreeString
VariantInit
VarBstrFromDate
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysAllocString

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipGetImagePixelFormat
GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

ws2_32

WSACleanup
WSASocketW
setsockopt
WSACreateEvent
WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSAStringToAddressW
shutdown
WSAStartup
closesocket
WSACloseEvent
WSADuplicateSocketW
bind
listen
accept
recv
send
getaddrinfo
freeaddrinfo
WSAGetLastError
WSAResetEvent
WSAAddressToStringW

secur32

GetUserNameExW

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertAddEncodedCertificateToStore
CryptUnprotectData
CertOpenStore

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74e8832411bdc1b399ceea4d7c04d8b7

Code Sign

02:80:ae:12:d4:c5:28:dc:0a:a1:06:fb:9f:17:aa:37Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fe:1c:e5:19:e2:3d:b3:d9:e9:be:51:31:22:bc:63:ba:0c:8c:96:80:f7:04:49:94:1a:c9:46:d1:51:72:a0:ffSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

psapi

oleacc

gdiplus

imm32

winmm

ws2_32

secur32

crypt32

version

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 289KB - Virtual size: 288KB

.data Size: 25KB - Virtual size: 59KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 171KB - Virtual size: 240KB

02:80:ae:12:d4:c5:28:dc:0a:a1:06:fb:9f:17:aa:37
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fe:1c:e5:19:e2:3d:b3:d9:e9:be:51:31:22:bc:63:ba:0c:8c:96:80:f7:04:49:94:1a:c9:46:d1:51:72:a0:ff
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 289KB - Virtual size: 288KB

.data
Size: 25KB - Virtual size: 59KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 171KB - Virtual size: 240KB