2024-02-02_4414be06e2a0776d2641c6dbe98164e0_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-02_4414be06e2a0776d2641c6dbe98164e0_icedid
Size

529KB
MD5

4414be06e2a0776d2641c6dbe98164e0
SHA1

da07cc901f9d1881eb6543238992c1810d94f294
SHA256

95c5e5fc2eefa622128e2cd0fb56a359fdc8fe4de8f579aa63683ba92429e2a7
SHA512

c9443038e3b2b0663ee08a18c2ed93dc6a9be91d5624695f4569fe0b46fc7f0ad7a0c46267bcfd3a6da68d6ae7f48a1221f5027cd56382efcd6c2c7601364262
SSDEEP

12288:eqVyootnohV4Eb1k6I2aTK/nHYmyfGNjp:eApmobk6I2aTK/nOGNjp

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_4414be06e2a0776d2641c6dbe98164e0_icedid
.exe windows:5 windows x86 arch:x86

9c2f3c2c79244261f2e8363a8d6fa8af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:af:b6:9b:ba:5e:6e:98:6c:eb:18:81:7f:34:67:11
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20-07-2011 00:00

Not After

18-08-2014 23:59

Subject

CN=Shandong Zhongfu Information Industry Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shandong Zhongfu Information Industry Inc,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:99:8c:3d:a4:52:19:e4:81:d5:3e:b8:b8:4a:54:1e:23:5f:c6:5d
Signer

Actual PE Digest

cd:99:8c:3d:a4:52:19:e4:81:d5:3e:b8:b8:4a:54:1e:23:5f:c6:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\zql_Projects\3in1client\trunk\src\zfClientTrans\Release\zfClientTrans.pdb

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ExitProcess
Sleep
RaiseException
HeapReAlloc
RtlUnwind
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapFree
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
lstrcpynW
FileTimeToLocalFileTime
SetErrorMode
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
lstrlenA
GlobalFlags
GetModuleHandleA
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
WritePrivateProfileStringW
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
MultiByteToWideChar
SleepEx
GetLocalTime
GetTickCount
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
Beep
GetCurrentDirectoryW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
GetWindowsDirectoryW
GetCommandLineW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateMutexW
InitializeCriticalSectionAndSpinCount

user32

PostThreadMessageW
RegisterClipboardFormatW
SetRectEmpty
CharUpperW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckRadioButton
GetWindowThreadProcessId
IsWindowEnabled
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
PostMessageW
SendMessageW
LoadIconW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
DefWindowProcW
RegisterClassW
EnableWindow
GetFocus
GetClientRect
OffsetRect
CopyRect
UnionRect
FillRect
GetParent
SetTimer
KillTimer
InvalidateRect
IsWindow
SetForegroundWindow
LoadImageW
GetCursorPos
RegisterWindowMessageW
CreatePopupMenu
IsZoomed
AppendMenuW
PostQuitMessage
GetDC
ReleaseDC
GetSubMenu
LoadCursorW
GetMenuItemCount
GetMenuItemID
GetMenuState
SetWindowPos
MapDialogRect
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
CallWindowProcW
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetRgnBox
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
DeleteObject
GetStockObject
SelectObject
Rectangle
CreatePen
CreateSolidBrush
CreateRectRgnIndirect
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateBitmap
SaveDC
RestoreDC
SetBkMode
GetViewportOrgEx
CreateDIBSection
StretchBlt
SetBrushOrgEx
SetStretchBltMode
GetTextColor
GetBkColor
GetTextExtentPoint32W
GetMapMode
CreateFontIndirectW
SetMapMode

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

SHGetValueW
PathAppendW
SHSetValueW
PathAddBackslashW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathAddExtensionW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
OleInitialize
CoRegisterMessageFilter
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy

unzip

unzReadCurrentFile
unzGoToNextFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzCloseCurrentFile
unzOpenCurrentFile
unzClose
unzOpen

zftrans

ZfTransGetLastError
ZfTransStart
ZfTransCreate
ZfTransClose
ZfTransStop

stringmgr

GetStringMgr

sqlite3

sqlite3_exec
sqlite3_mprintf
sqlite3_free

zfdatacommon

DBGetKVDWORD
CloseDBHandle
CreateDBHandle

psapi

GetModuleFileNameExW

msimg32

GradientFill
TransparentBlt
AlphaBlend

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2f3c2c79244261f2e8363a8d6fa8af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

15:af:b6:9b:ba:5e:6e:98:6c:eb:18:81:7f:34:67:11Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cd:99:8c:3d:a4:52:19:e4:81:d5:3e:b8:b8:4a:54:1e:23:5f:c6:5dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

unzip

zftrans

stringmgr

sqlite3

zfdatacommon

psapi

msimg32

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 76KB - Virtual size: 76KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

15:af:b6:9b:ba:5e:6e:98:6c:eb:18:81:7f:34:67:11
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cd:99:8c:3d:a4:52:19:e4:81:d5:3e:b8:b8:4a:54:1e:23:5f:c6:5d
Signer

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 76KB - Virtual size: 76KB