2024-02-02_c8ab44a414fe8a757f4649cacf5cc9b3_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_c8ab44a414fe8a757f4649cacf5cc9b3_icedid
Size

534KB
MD5

c8ab44a414fe8a757f4649cacf5cc9b3
SHA1

7851dfdf51b841c6b767b42b04e01a54489629e2
SHA256

43a78934f38f2de4eb305ccb93ce64571f919ab98cae608fb439f492a4285d9b
SHA512

31816c0cad4b5359063fb6eeafa8b0cf23a642db13c3a5d3c4ebce0209dc01f011bbec829b1f2fe184046ba9b879abcb0ea97aacd25d08957b1ddd2f129f1fe8
SSDEEP

12288:2cW7trErtJadgB4E9zDWu3xSWx5nCEJcGNjG:GBArtsE9zDWu3xSWqGNjG

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_c8ab44a414fe8a757f4649cacf5cc9b3_icedid
.exe windows:5 windows x86 arch:x86

21d50cb58085e46af66a67ddfb6b1c64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

15:af:b6:9b:ba:5e:6e:98:6c:eb:18:81:7f:34:67:11
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/07/2011, 00:00

Not After

18/08/2014, 23:59

Subject

CN=Shandong Zhongfu Information Industry Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shandong Zhongfu Information Industry Inc,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:f6:b7:e2:73:b7:33:af:22:42:1f:42:f5:f7:0c:02:80:9f:9f:56
Signer

Actual PE Digest

a8:f6:b7:e2:73:b7:33:af:22:42:1f:42:f5:f7:0c:02:80:9f:9f:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\client\branches\20130326B2272最新普通版本\src\zfClientTrans\Release\zfClientTrans.pdb

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeFormatA
GetDateFormatA
HeapSize
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ExitProcess
Sleep
RaiseException
HeapReAlloc
RtlUnwind
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapFree
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
lstrcpynW
FileTimeToLocalFileTime
SetErrorMode
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
lstrlenA
GlobalFlags
GetModuleHandleA
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
WritePrivateProfileStringW
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
MultiByteToWideChar
SleepEx
GetLocalTime
GetTickCount
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
Beep
GetCurrentDirectoryW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
GetWindowsDirectoryW
GetCommandLineW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateMutexW
InitializeCriticalSectionAndSpinCount

user32

PostThreadMessageW
RegisterClipboardFormatW
SetRectEmpty
CharUpperW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckRadioButton
GetWindowThreadProcessId
IsWindowEnabled
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
PostMessageW
SendMessageW
LoadCursorW
LoadIconW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
DefWindowProcW
RegisterClassW
EnableWindow
GetFocus
GetClientRect
OffsetRect
CopyRect
UnionRect
FillRect
GetParent
SetTimer
KillTimer
InvalidateRect
IsWindow
SetForegroundWindow
LoadImageW
GetCursorPos
RegisterWindowMessageW
CreatePopupMenu
WindowFromPoint
IsZoomed
AppendMenuW
PostQuitMessage
GetDC
ReleaseDC
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
CallWindowProcW
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
UnhookWindowsHookEx

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetRgnBox
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
DeleteObject
GetStockObject
SelectObject
Rectangle
CreatePen
CreateSolidBrush
CreateRectRgnIndirect
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateBitmap
SaveDC
RestoreDC
SetBkMode
GetViewportOrgEx
CreateDIBSection
StretchBlt
SetBrushOrgEx
SetStretchBltMode
GetTextColor
GetBkColor
GetTextExtentPoint32W
GetMapMode
CreateFontIndirectW
SetMapMode

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

SHGetValueW
PathAppendW
PathAddBackslashW
SHSetValueW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathAddExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
OleInitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VarDateFromStr
VarUdateFromDate
SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy

unzip

unzReadCurrentFile
unzGoToFirstFile
unzOpen
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzOpenCurrentFile
unzGoToNextFile

zftrans

ZfTransGetLastError
ZfTransStart
ZfTransCreate
ZfTransClose
ZfTransStop

sqlite3

sqlite3_exec
sqlite3_mprintf
sqlite3_free

zfdatacommon

DBGetKVDWORD
CloseDBHandle
CreateDBHandle

psapi

GetModuleFileNameExW

msimg32

GradientFill
TransparentBlt
AlphaBlend

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21d50cb58085e46af66a67ddfb6b1c64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

15:af:b6:9b:ba:5e:6e:98:6c:eb:18:81:7f:34:67:11Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a8:f6:b7:e2:73:b7:33:af:22:42:1f:42:f5:f7:0c:02:80:9f:9f:56Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

unzip

zftrans

sqlite3

zfdatacommon

psapi

msimg32

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 76KB - Virtual size: 76KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

15:af:b6:9b:ba:5e:6e:98:6c:eb:18:81:7f:34:67:11
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a8:f6:b7:e2:73:b7:33:af:22:42:1f:42:f5:f7:0c:02:80:9f:9f:56
Signer

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 76KB - Virtual size: 76KB