2024-02-04_40cd8c6adf4c76f1440ebc714cae1680_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_40cd8c6adf4c76f1440ebc714cae1680_icedid
Size

285KB
MD5

40cd8c6adf4c76f1440ebc714cae1680
SHA1

7f0e0a416fc263a266d92ff71c41d12ec59f0880
SHA256

a8245deab9fbe04df7bd48328ff0c7cc6ced9719c1e43b8cfd17db30fa7aad29
SHA512

71be7e8bad8095d22ec7b93b12d5eeaa67ae6415a802a5ffc6616991a764d7306bfe21c7ac33b03723b11149fcd9124314af051129eeee715a6aebb52f413012
SSDEEP

6144:GkbJzxkzWZ+nhcYbqDzajMeyZoI9399wVvuoDvqmc:nbJKyZ+h1qDOweyKuom9

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_40cd8c6adf4c76f1440ebc714cae1680_icedid
.exe windows:4 windows x86 arch:x86

31e76616fd19e15dbeceacb62b682eba

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6a
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

26/10/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fa:4c:69:45:6e:75:0e:de:6e:bf:f8:06:53:5f:d6:cd:59:b3:e8:ae
Signer

Actual PE Digest

fa:4c:69:45:6e:75:0e:de:6e:bf:f8:06:53:5f:d6:cd:59:b3:e8:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\公司产品\万能软件\万能五笔内置版\2.源码\WnMutual\WnMutual\Release\WnMutual.pdb

Imports

kernel32

HeapFree
GetFileType
DeleteFileA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapAlloc
VirtualFree
IsBadWritePtr
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStartupInfoW
GetFileTime
GetFileAttributesW
SetErrorMode
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
FormatMessageW
GlobalFlags
MulDiv
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
InterlockedDecrement
GetCurrentThread
GlobalAlloc
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
lstrcpyW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SizeofResource
lstrcmpiW
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcatW
lstrcmpW
GetModuleHandleW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
LockResource
FreeResource
ReleaseMutex
CreateMutexW
FreeLibrary
WritePrivateProfileStringW
LocalAlloc
LocalFree
MoveFileW
SystemTimeToFileTime
FileTimeToSystemTime
GetLastError
GetPrivateProfileIntW
FindFirstFileW
FindClose
WideCharToMultiByte
CreateDirectoryW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetPrivateProfileStringW
GetModuleFileNameW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateThread
Sleep
GetExitCodeThread
TerminateThread
LoadLibraryW
GetProcAddress
RemoveDirectoryW
GetTickCount
MultiByteToWideChar
DeleteFileW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
HeapCreate
GetFileAttributesA

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
DestroyMenu
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
wsprintfW
CharUpperW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
WinHelpW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
RegisterClipboardFormatW
SetWindowTextW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SendMessageW
MessageBoxW
PostThreadMessageW
PeekMessageW
FindWindowW
GetDesktopWindow
GetWindowRect
SetWindowPos
EnableWindow
KillTimer
GetCapture

gdi32

OffsetViewportOrgEx
GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
GetDeviceCaps
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
SetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

comctl32

ord17

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
CLSIDFromString
StgCreateDocfileOnILockBytes
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

urlmon

URLDownloadToFileW

cabinet

ord14
ord11
ord13
ord22
ord21
ord23
ord20
ord10

wininet

HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
InternetOpenUrlW
InternetReadFile
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetQueryDataAvailable
HttpAddRequestHeadersW

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31e76616fd19e15dbeceacb62b682eba

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6aCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

fa:4c:69:45:6e:75:0e:de:6e:bf:f8:06:53:5f:d6:cd:59:b3:e8:aeSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

cabinet

wininet

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 20KB - Virtual size: 18KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

9f:cf:2b:3a:2c:32:b2:8a:ca:83:da:d0:c3:12:a8:6a
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

fa:4c:69:45:6e:75:0e:de:6e:bf:f8:06:53:5f:d6:cd:59:b3:e8:ae
Signer

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 20KB - Virtual size: 18KB