2024-02-12_f1d2dc542e86bfcc9aa6ff348cb94f0f_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-12_f1d2dc542e86bfcc9aa6ff348cb94f0f_icedid
Size

4.3MB
MD5

f1d2dc542e86bfcc9aa6ff348cb94f0f
SHA1

316e69f64d48c8d36e352fca8e99d11af658efff
SHA256

e2a3a3d622ea75380e4d600921d08a57f966c2046a7be03bd33fc16a0c3d8cdd
SHA512

c53b36572ffb10739e35ac2e9dfd31122975084bc2b3223a2c2b224aea378b7cc0ff705464b747acd6c8247fe6382daac5f2a5a0e9698e360cd12e8cf897ba94
SSDEEP

49152:7NxaQ9+YwqFs5Dxq72E+iDE7IUOX00r77ZHElD:76QFs5C2E+Fstd7REp

Score

1^/10

Malware Config

Signatures

Files

2024-02-12_f1d2dc542e86bfcc9aa6ff348cb94f0f_icedid
.exe windows:5 windows x86 arch:x86

b89e68f3e46ee86aa5842e099001cf8f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:89:ab:cb:bf:0c:72:b7:97:d2:b4:42:26:a0:63:a2
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-01-2017 00:00

Not After

25-03-2020 23:59

Subject

CN=비엔씨피주식회사,OU=IT Team,O=비엔씨피주식회사,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\source\src\webhard\Projects\Ondisk\Client\Download\Bin\Client\OnDiskGDown.pdb

Imports

urlmon

URLDownloadToFileW
URLDownloadToFileA

kernel32

TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetModuleHandleW
SetErrorMode
RtlUnwind
ExitThread
RaiseException
CreateDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
TlsGetValue
VirtualFree
GetTimeZoneInformation
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GlobalFlags
GetFileTime
GetFileSizeEx
TlsAlloc
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
FileTimeToLocalFileTime
FormatMessageA
GlobalGetAtomNameA
GlobalFindAtomA
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GetCurrentThread
SetThreadPriority
ReleaseMutex
MoveFileA
GetCurrentDirectoryA
FileTimeToSystemTime
GetCommandLineA
SetCurrentDirectoryA
SetLastError
FindFirstFileA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
LocalAlloc
LocalFree
GetNumberFormatA
GetDiskFreeSpaceExA
FreeResource
ResumeThread
MulDiv
GetLocalTime
CopyFileA
WritePrivateProfileStringA
GetCurrentProcess
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
OpenMutexA
GetSystemTime
GetTempPathA
GetLongPathNameA
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32Next
MoveFileExA
CreateProcessA
DeleteFileA
lstrcmpiA
SetFilePointer
GetFileSize
ReadFile
WriteFile
CreateFileA
GetFullPathNameA
GlobalHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetModuleFileNameA
GetWindowsDirectoryA
lstrcpyA
GetVolumeInformationA
lstrlenA
lstrcmpA
GetExitCodeThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
WaitForMultipleObjects
TerminateThread
GetPrivateProfileStringA
GetModuleHandleA
GetProcAddress
GetVersionExA
lstrcmpW
lstrcatW
CopyFileW
DeleteFileW
GetModuleFileNameW
lstrcpynW
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
SetEvent
WaitForSingleObject
GetTickCount
ResetEvent
CloseHandle
CreateEventA
OutputDebugStringA
CreateMutexA
GetLastError
Sleep
HeapSize

user32

GetSysColorBrush
CharUpperA
DrawIcon
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
CharNextA
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetFocus
LoadCursorA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetCursor
ScreenToClient
GetWindowThreadProcessId
ReplyMessage
FlashWindowEx
FillRect
ReleaseDC
ExitWindowsEx
MoveWindow
MessageBoxW
PeekMessageA
GetMessageA
TranslateMessage
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetMenuItemInfoA
UnregisterClassA
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
DispatchMessageA
WaitForInputIdle
FindWindowA
SetWindowRgn
GetWindowLongA
GetActiveWindow
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
PostThreadMessageA
DeferWindowPos
GetDC
LoadBitmapA
SetRect
GetParent
GetWindowRect
SetWindowLongA
CallWindowProcA
RedrawWindow
UpdateWindow
SetCursor
IsWindow
EnableWindow
WindowFromPoint
SetCapture
GetCapture
InvalidateRect
ClientToScreen
GetClientRect
OffsetRect
InflateRect
PtInRect
CopyRect
DestroyIcon
LoadImageA
GetIconInfo
DrawIconEx
ReleaseCapture
GetSysColor
GetSystemMetrics
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
ShowWindow
LoadIconA
KillTimer
SetTimer
SendMessageA
PostMessageA
wsprintfW
GetClassInfoA
MessageBoxA
IntersectRect

gdi32

LineTo
CreateRectRgnIndirect
CreateEllipticRgn
GetTextColor
GetRgnBox
CreatePen
LPtoDP
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetObjectA
GetTextExtentPoint32A
Ellipse
Rectangle
ExcludeClipRect
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateFontA
CreateRectRgn
GetTextExtentPointA
GetCurrentObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetBkColor
GetDeviceCaps
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateCompatibleDC
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
MoveToEx

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
LookupAccountNameA
SetEntriesInAclA
InitializeSecurityDescriptor
InitializeAcl
GetUserNameA
RegCloseKey
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegFlushKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

shell32

DragQueryFileA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteExA
SHGetFolderPathA
SHFileOperationA
Shell_NotifyIconA
DragFinish

comctl32

_TrackMouseEvent
UninitializeFlatSB
FlatSB_EnableScrollBar
ord17
InitializeFlatSB

shlwapi

StrFormatByteSize64A
PathFileExistsA
PathGetArgsA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromProgID
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocStringLen
OleLoadPicture
VariantChangeType

ws2_32

socket
connect
WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
htons
WSAConnect
closesocket
WSASocketA
WSAGetLastError
WSAStartup
WSACleanup
recv
WSASetLastError
inet_addr

netapi32

Netbios

wininet

InternetCanonicalizeUrlA
InternetQueryOptionA
InternetCrackUrlA
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
DeleteUrlCacheEntry
InternetReadFile
DeleteUrlCacheEntryW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetOpenA
InternetOpenUrlA
InternetQueryDataAvailable

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b89e68f3e46ee86aa5842e099001cf8f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

23:89:ab:cb:bf:0c:72:b7:97:d2:b4:42:26:a0:63:a2Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

netapi32

wininet

version

wintrust

iphlpapi

Sections

.text Size: 872KB - Virtual size: 872KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 14KB - Virtual size: 43KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

23:89:ab:cb:bf:0c:72:b7:97:d2:b4:42:26:a0:63:a2
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

.text
Size: 872KB - Virtual size: 872KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 14KB - Virtual size: 43KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB