2024-02-11_e64dcfe0e97f8f6667aaecc7f7c108b9_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-11_e64dcfe0e97f8f6667aaecc7f7c108b9_icedid
Size

1.1MB
MD5

e64dcfe0e97f8f6667aaecc7f7c108b9
SHA1

6449f59afcb0832d8095bbb74a9f76dd683d6b01
SHA256

be4cb329fba9105df671b1bbdc05077abfbc9da8e087f2cbf12ff2090a5bb518
SHA512

020ead6795d10249fd2c5652f2dd83d309d10adadb7301b7b7531de9ba61caa618ab6bdb6a4955c938c3b52b84e68ac1b56fc71cd317475c68095fe1d81e11b6
SSDEEP

12288:VZPapdqSIAzc94NScGezEmgwj04arcZ3B7l+FpiNlbt/VlzILkpn0AjP2d7eOX4I:0C493B7lwiPt/P8e9PI1VZYZLv8

Score

1^/10

Malware Config

Signatures

Files

2024-02-11_e64dcfe0e97f8f6667aaecc7f7c108b9_icedid
.exe windows:4 windows x86 arch:x86

79da9553de6f1aceef34cde8f97585d0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:26:12:ff:b0:6d:13:83:05:62:f7:ab:8d:d0:ab:07
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/01/2007, 00:00

Not After

28/01/2010, 23:59

Subject

CN=VisionWorks Solutions Inc\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VisionWorks Solutions Inc\ ,L=Windsor,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:36:79:5f:7b:89:22:33:58:c8:07:15:5d:5f:96:bd:f6:7d:1e:e9
Signer

Actual PE Digest

fe:36:79:5f:7b:89:22:33:58:c8:07:15:5d:5f:96:bd:f6:7d:1e:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crashrpt32

InstallImpl

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
GetFileTime
SetErrorMode
ExitThread
HeapAlloc
HeapReAlloc
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
SetConsoleCtrlHandler
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
HeapSize
GetTimeFormatA
GetDateFormatA
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
InterlockedDecrement
GetLastError
GetModuleHandleW
LoadLibraryW
MultiByteToWideChar
GetVersionExW
GetProcAddress
SetLastError
GetModuleFileNameW
ReleaseMutex
CreateMutexW
ExitProcess
SetCurrentDirectoryW
GetVersion
Sleep
CloseHandle
CreateFileW
DeleteFileW
FindResourceExW
DeviceIoControl
GetFileSize
lstrcpyW
lstrlenW
GetWindowsDirectoryW
TerminateThread
CreateThread
DuplicateHandle
GetCurrentProcess
WideCharToMultiByte
FormatMessageW
ReadFile
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
InterlockedIncrement
HeapFree
GetProcessHeap
FileTimeToSystemTime
GetThreadLocale
lstrlenA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
WritePrivateProfileStringW
GlobalGetAtomNameW
GetCurrentProcessId
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetFilePointer
GetFileInformationByHandle
SystemTimeToFileTime
UnmapViewOfFile
WriteFile
GetTickCount
ResumeThread
SuspendThread
FindFirstFileW
GetFileSizeEx
GetCommandLineW
CreateDirectoryW
GetFileAttributesW
FindClose
FindNextFileW
ResetEvent
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
GetCurrentThreadId
MoveFileW
QueryDosDeviceW
LocalFree
LocalAlloc
FileTimeToLocalFileTime
LCMapStringW

user32

UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
GetMessageW
TranslateMessage
ValidateRect
GetWindowThreadProcessId
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
MapDialogRect
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
UnregisterClassA
SendMessageW
EnableWindow
LoadBitmapW
MessageBoxW
GetActiveWindow
TrackPopupMenu
GetKeyState
GetScrollRange
GetScrollPos
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
SetWindowContextHelpId
PostQuitMessage
ShowOwnedPopups
InflateRect
GetMenuItemInfoW
SystemParametersInfoW
WindowFromPoint
GetSysColorBrush
UnregisterClassW
IsRectEmpty
DrawTextExW
DrawTextW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
CharUpperW
EndDeferWindowPos
FindWindowW
RegisterClipboardFormatW
LoadIconW
CreatePopupMenu
SetForegroundWindow
GetCursorPos
CopyRect
SetRect
OffsetRect
FillRect
FrameRect
DrawEdge
AppendMenuW
GetMenuState
GetSysColor
PtInRect
GetClientRect
InvalidateRect
RedrawWindow
SetCapture
GetParent
ReleaseCapture
SetCursor
LoadCursorW
SetWindowLongW
PostMessageW
SetTimer
IsWindowVisible
MessageBeep
KillTimer
ExitWindowsEx
GetSubMenu
ModifyMenuW
LoadMenuW
GetWindowRect
IsWindow
GetDesktopWindow
TabbedTextOutW
GetMenuItemID
GetMenuItemCount
IsWindowEnabled

gdi32

GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetViewportExtEx
CreatePatternBrush
CreateBitmap
CreateRectRgnIndirect
CreateCompatibleBitmap
GetTextExtentPoint32W
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteObject
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
GetStockObject
GetObjectW
CreateFontIndirectW
BitBlt
CreateCompatibleDC
CreatePen
CreateSolidBrush
CreateFontW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegSetValueExW
RegQueryValueExW

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
ShellExecuteExW

comctl32

ord17

shlwapi

PathIsDirectoryW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
OleRun
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayLock
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
GetErrorInfo
SafeArrayGetVartype

ws2_32

__WSAFDIsSet
recv
htons
socket
bind
connect
getsockname
ntohs
closesocket
send
gethostname
ioctlsocket
setsockopt
WSAStartup
select
gethostbyname

iphlpapi

GetAdaptersInfo

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

Sections

.text
Size: 692KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79da9553de6f1aceef34cde8f97585d0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

58:26:12:ff:b0:6d:13:83:05:62:f7:ab:8d:d0:ab:07Certificate

Extended Key Usages

Key Usages

fe:36:79:5f:7b:89:22:33:58:c8:07:15:5d:5f:96:bd:f6:7d:1e:e9Signer

Headers

File Characteristics

Imports

crashrpt32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

iphlpapi

wtsapi32

Sections

.text Size: 692KB - Virtual size: 688KB

.rdata Size: 180KB - Virtual size: 177KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 240KB - Virtual size: 236KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

58:26:12:ff:b0:6d:13:83:05:62:f7:ab:8d:d0:ab:07
Certificate

fe:36:79:5f:7b:89:22:33:58:c8:07:15:5d:5f:96:bd:f6:7d:1e:e9
Signer

.text
Size: 692KB - Virtual size: 688KB

.rdata
Size: 180KB - Virtual size: 177KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 240KB - Virtual size: 236KB