2024-02-03_d3bd197a3c7b63b77570449762abeee8_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-03_d3bd197a3c7b63b77570449762abeee8_icedid
Size

813KB
MD5

d3bd197a3c7b63b77570449762abeee8
SHA1

f71bf0c17580052a72824c1c3db84ff42f3feeb4
SHA256

b39dd2b753b5dd7eee59f41e6a0cac7c9690303c1e70e2d9a9c8741b2c8bc1ca
SHA512

e14cd28bb1a34c1b1410297db434f38b820ee1d97eadbe9e2422ff59048155c4dc18079bf537d6f7c1a21c2d5c5c4dc244b3eb2903e31589c803fae3ee4447a3
SSDEEP

12288:FUVI7Ym9frH+DIBJw6OxK/H9tpi4EKjch55UR7YfobF2kMNsSK4LWxXabzC0:FUVJirGIBBG5OR7koQnNJLWV0

Score

1^/10

Malware Config

Signatures

Files

2024-02-03_d3bd197a3c7b63b77570449762abeee8_icedid
.exe windows:4 windows x86 arch:x86

a44ae11f8fb9c2bcb3461f4f6699db17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:b3:3f:e3:1e:ca:33:25:00:4d:7d:84:57:e2:e1:cc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-11-2006 00:00

Not After

03-02-2009 23:59

Subject

CN=Attachmate Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Attachmate Corporation,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:36:73:bc:4f:17:a2:74:7e:24:66:fe:37:40:a9:7a:56:65:ad:c2
Signer

Actual PE Digest

75:36:73:bc:4f:17:a2:74:7e:24:66:fe:37:40:a9:7a:56:65:ad:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord169
ord141
ord94
ord8
ord74
ord20
ord28
ord19
ord78
ord153
ord151
ord32
ord159
ord160
ord163
ord70
ord165
ord92
ord17
ord123
ord120
ord150
ord118
ord121
ord125
ord139
ord62
ord58
ord116
ord47
ord181
ord145
ord22
ord24
ord186
ord175
ord90
ord113
ord205
ord49
ord34
ord232
ord96

advapi32

CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
AdjustTokenPrivileges
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
OpenProcessToken

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

rpcrt4

RpcStringFreeW
UuidToStringW

kernel32

GetModuleHandleW
GetVersion
FreeResource
GetExitCodeProcess
WaitForSingleObject
GetVersionExW
GetUserDefaultUILanguage
GetSystemDirectoryW
lstrcmpW
InterlockedExchange
CompareStringA
WideCharToMultiByte
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GetModuleHandleA
GetThreadLocale
lstrlenW
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
SetLastError
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
FileTimeToSystemTime
GetFileAttributesW
GetFileTime
GlobalAddAtomW
GetCurrentProcessId
InterlockedDecrement
GetVersionExA
CompareStringW
GlobalFindAtomW
lstrlenA
FindNextFileW
GlobalFlags
InterlockedIncrement
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetConsoleCP
GetConsoleMode
DeleteFileA
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
Sleep
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
WriteFile
lstrcatA
GetShortPathNameW
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateFileW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
LocalFree
GetDriveTypeW
FormatMessageW
GetCurrentProcess
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTempFileNameW
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileAttributesA
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileInformationByHandle
CreateFileA
DeleteFileW
CreateDirectoryA
DosDateTimeToFileTime
LoadLibraryA
GetTempPathA
MoveFileW
SetFileAttributesW
CopyFileW
CreateDirectoryW
FreeLibrary
GetProcAddress
MulDiv
GetModuleFileNameW
GetLastError
CreateMutexW
LoadLibraryW
FindResourceW
LoadResource
GetTickCount
LockResource
SizeofResource
GetTempPathW
ExpandEnvironmentStringsW
GetFullPathNameW

user32

GetPropW
SetPropW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
DestroyMenu
GetNextDlgGroupItem
SetCapture
ReleaseCapture
GetSysColorBrush
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetMenuStringW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
PeekMessageW
GetCursorPos
ValidateRect
GetWindow
UnregisterClassA
MapDialogRect
SetWindowPos
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetFocus
KillTimer
GetMenu
SetTimer
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
GetClassNameW
IsClipboardFormatAvailable
UpdateWindow
TrackMouseEvent
SetCursor
LoadCursorW
IntersectRect
GetClientRect
GetWindowLongW
InvalidateRect
GetMenuItemInfoW
GetMenuItemCount
SystemParametersInfoW
CopyRect
RemoveMenu
InsertMenuW
DrawIcon
GetMenuItemID
OffsetRect
FillRect
CreatePopupMenu
IsMenu
GetSysColor
LoadMenuW
CharNextW
LoadBitmapW
PtInRect
GetWindowRect
wsprintfW
SetWindowLongW
CallWindowProcW
MessageBoxW
GetWindowTextW
InflateRect
MessageBeep
GetCaretPos
ExitWindowsEx
GetKeyState
GetParent
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
SendMessageW
GetDC
ReleaseDC
GetSubMenu
SetWindowContextHelpId

gdi32

SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetPixel
CreateBitmap
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateSolidBrush
SelectObject
CreateFontIndirectW
GetObjectW
DeleteObject
SelectClipRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
CreateFontW
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

shell32

SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathAppendW
StrCpyW
PathFileExistsW
PathRemoveFileSpecW
PathSkipRootW
PathAddBackslashW
PathFindExtensionW
StrCmpW
PathRemoveExtensionW
PathAddExtensionW
StrCmpIW
PathIsDirectoryW
PathIsUNCW
PathStripToRootW
PathCombineW
PathStripPathW
StrToIntW
StrCatW
PathGetDriveNumberW
StrChrW

oledlg

OleUIBusyW

ole32

CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
OleLoadPicture
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
VariantTimeToSystemTime

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a44ae11f8fb9c2bcb3461f4f6699db17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

06:b3:3f:e3:1e:ca:33:25:00:4d:7d:84:57:e2:e1:ccCertificate

Extended Key Usages

Key Usages

75:36:73:bc:4f:17:a2:74:7e:24:66:fe:37:40:a9:7a:56:65:ad:c2Signer

Headers

File Characteristics

Imports

msi

advapi32

version

rpcrt4

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 16KB - Virtual size: 36KB

.rsrc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

06:b3:3f:e3:1e:ca:33:25:00:4d:7d:84:57:e2:e1:cc
Certificate

75:36:73:bc:4f:17:a2:74:7e:24:66:fe:37:40:a9:7a:56:65:ad:c2
Signer

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 16KB - Virtual size: 36KB

.rsrc
Size: 24KB - Virtual size: 20KB