2024-02-13_4e6aa3277f4fef31ffcac6ce5f3309a3_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_4e6aa3277f4fef31ffcac6ce5f3309a3_icedid
Size

5.2MB
MD5

4e6aa3277f4fef31ffcac6ce5f3309a3
SHA1

469ef081785464ba6b196edf6fa0e8ba27276566
SHA256

75cab13b50216b71d02d88151e807898bf1ad30e5769c27305e08ee193edff5e
SHA512

1e6fca480208683c816a0e69af82137a016a5572750b86d185f99bc2988612c49b00a5080b2af0ba91f7246c8e51c8d4c08c5311fa80f7fd8e5a83873b869c83
SSDEEP

98304:tGzK5vQdLp5N4ijnWBWl5Mvja72fxIY8qe9hc:2KMnWol5Mvja7exIY89c

Score

1^/10

Malware Config

Signatures

Files

2024-02-13_4e6aa3277f4fef31ffcac6ce5f3309a3_icedid
.exe windows:4 windows x86 arch:x86

5170b0c9c049eb2f44e7fbebde1ec11a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:50:96:28:71:c0:cd:06:c5:11:f7:09:33:97:df:7b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/03/2007, 00:00

Not After

09/02/2010, 23:59

Subject

CN=Morpheus Software,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Morpheus Software,L=Santa Barbara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
IsBadCodePtr
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
HeapSize
ExitThread
IsBadReadPtr
FindNextFileA
HeapReAlloc
GetCommandLineA
GetStartupInfoA
LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryW
TerminateThread
GetPrivateProfileSectionNamesA
EnumResourceTypesA
EnumResourceNamesA
LoadLibraryExA
VirtualQuery
HeapAlloc
TerminateProcess
ExitProcess
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
FindResourceExA
SetFileAttributesA
FileTimeToLocalFileTime
GetShortPathNameA
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
VirtualProtect
GetFullPathNameA
GetFileTime
GetFileAttributesA
ConvertDefaultLocale
EnumResourceLanguagesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetProfileIntA
lstrcmpA
FileTimeToSystemTime
SetLastError
CopyFileA
GlobalSize
FormatMessageA
LocalFree
SuspendThread
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalGetAtomNameA
GlobalAddAtomA
lstrcpynA
lstrcatA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetCurrentThread
GetThreadPriority
GetModuleHandleA
lstrcpyA
MulDiv
CreateThread
SetThreadPriority
SetErrorMode
VirtualAlloc
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
WaitForMultipleObjects
ResetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentDirectoryA
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetVersion
CreateEventA
SetEvent
MultiByteToWideChar
GlobalFree
GlobalAlloc
CreateFileMappingA
GetLastError
MapViewOfFile
Sleep
UnmapViewOfFile
GetTempFileNameA
GetExitCodeThread
LoadLibraryA
GetProcAddress
CreateSemaphoreA
CloseHandle
FreeLibrary
GlobalLock
GlobalUnlock
GetModuleFileNameA
SetCurrentDirectoryA
InterlockedExchange
GetWindowsDirectoryA
CreateDirectoryA
lstrlenA
ReleaseSemaphore
WaitForSingleObject
GetTempPathA
ResumeThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsValidCodePage

user32

GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
ScrollWindow
MessageBoxA
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
SetWindowPlacement
DefWindowProcA
CallWindowProcA
GetWindowPlacement
LoadMenuA
DestroyMenu
GetClassNameA
WinHelpA
EqualRect
GetDlgItem
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
GetClassInfoA
LoadAcceleratorsA
SetActiveWindow
InsertMenuItemA
CreatePopupMenu
SetMenu
GetDesktopWindow
AdjustWindowRectEx
SetWindowPos
TranslateAcceleratorA
TranslateMDISysAccel
CreateWindowExA
BringWindowToTop
DrawMenuBar
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefMDIChildProcA
SendDlgItemMessageA
MoveWindow
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
RedrawWindow
GetParent
LoadIconA
LoadCursorA
SendMessageA
EnableWindow
OffsetRect
LoadBitmapA
DeleteMenu
DefFrameProcA
DispatchMessageA
GetMenuState
wsprintfA
GetQueueStatus
PostThreadMessageA
DestroyIcon
IsWindowEnabled
FindWindowExA
GetSysColor
MapWindowPoints
GetActiveWindow
IsWindowVisible
EndPaint
BeginPaint
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
SetWindowRgn
DrawEdge
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MapDialogRect
GetCapture
RegisterWindowMessageA
CharUpperA
SetRectEmpty
ChildWindowFromPoint
EnableScrollBar
SetFocus
IsChild
CopyRect
PeekMessageA
ClipCursor
GetCursorPos
SetCursor
IsDialogMessageA
GetMenu
PostMessageA
SetWindowTextA
GetSystemMenu
IsIconic
IsZoomed
GetWindowRect
SetTimer
KillTimer
GetFocus
GetWindow
UnregisterClassA
GetSystemMetrics
SystemParametersInfoA
ScreenToClient
ClientToScreen
GetClientRect
ShowScrollBar
LoadImageA
SetClassLongA
IsWindow
GetKeyState
UpdateWindow
InvalidateRect
SetWindowLongA
GetWindowLongA
GetDoubleClickTime
GetClipboardFormatNameA
RegisterClassW
RegisterClipboardFormatA
DefMDIChildProcW
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefWindowProcW
CallWindowProcW
EnumWindows
GetWindowThreadProcessId
ModifyMenuA
SetMenuItemBitmaps
ValidateRect
TranslateMessage
GetMessageA
FindWindowA
IsRectEmpty
FillRect
DrawIcon
InsertMenuA
AppendMenuA
GetMenuStringA
CopyAcceleratorTableA
GetDC
ReleaseDC
InvalidateRgn
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetWindowDC
GetMenuItemInfoA
GetKeyNameTextA
MapVirtualKeyA
IsClipboardFormatAvailable
PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
SetParent
LockWindowUpdate
GetDCEx
MessageBeep
GetNextDlgGroupItem
CharNextA
UnionRect
GetSysColorBrush
WindowFromPoint
GetAsyncKeyState
MsgWaitForMultipleObjects
SendMessageTimeoutA
SetCursorPos
GetCursor
GetMenuStringW
LookupIconIdFromDirectoryEx
IsWindowUnicode
GetWindowLongW
SetWindowLongW
HideCaret
ShowCaret
IsMenu
GetWindowRgn
GetMenuDefaultItem
DrawFrameControl
EmptyClipboard
CloseClipboard
OpenClipboard
SetClipboardData
CreateIconFromResourceEx
CreateIconIndirect
CopyIcon
GetIconInfo
SetCapture
InvertRect
FrameRect
IntersectRect
InflateRect
SetRect
PtInRect
ReleaseCapture
GetLastActivePopup
ShowWindow
SetForegroundWindow
DrawStateA
DrawFocusRect
DrawIconEx
LoadStringA
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerA
MapVirtualKeyExA
GetKeyboardLayout

gdi32

LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
PatBlt
SetRectRgn
StretchDIBits
GetCharWidthA
CreateFontA
GetBkColor
GetTextColor
EnumFontFamiliesExA
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetRgnBox
CopyMetaFileA
GetDeviceCaps
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
SetBkColor
SetTextColor
GetClipBox
InvertRgn
GetRegionData
GetTextMetricsA
DeleteObject
GetViewportOrgEx
CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetMapMode
SelectObject
CreateCompatibleBitmap
GetTextExtentPoint32A
SetDIBitsToDevice
SetPixel
FillRgn
Rectangle
Polygon
GetWindowOrgEx
StretchBlt
CreateDIBSection
GetDIBits
GetCurrentObject
PtInRegion
GetBitmapBits
CreatePolygonRgn
RoundRect
OffsetRgn
GetTextCharsetInfo
ExtCreateRegion
ExtFloodFill
SetPixelV
SetBrushOrgEx
CreatePalette
CreateDIBitmap
CombineRgn
CreateRectRgnIndirect
CreateBitmap
SetDIBColorTable
BitBlt
CreateCompatibleDC
CreateRoundRectRgn
GetStockObject
GetObjectA
CreateFontIndirectA

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA
RegCreateKeyExA

shell32

SHGetMalloc
SHFileOperationA
SHChangeNotify
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragFinish
ShellExecuteA

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ImageList_Draw
ImageList_Create
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
_TrackMouseEvent
ord17
ImageList_AddMasked
ImageList_LoadImageA
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_DrawEx
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_DragLeave
ImageList_Remove
ImageList_DrawIndirect

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord1
ord8

ole32

CreateILockBytesOnHGlobal
CoLockObjectExternal
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleDuplicateData
CreateStreamOnHGlobal
CoFreeUnusedLibraries
CoTaskMemAlloc
CoDisconnectObject
CreateBindCtx
MkParseDisplayName
CoInitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium
RevokeDragDrop
OleGetClipboard
CLSIDFromProgID
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemFree
RegisterDragDrop
StgCreateDocfileOnILockBytes
OleUninitialize

oleaut32

LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
VarDateFromStr
SysAllocStringByteLen
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
VariantCopy
SysStringByteLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantChangeType
SysFreeString
SysAllocString
VariantInit
VariantClear
VarUdateFromDate
VariantChangeTypeEx
OleLoadPicturePath

wininet

HttpSendRequestA
InternetOpenUrlA
InternetSetStatusCallback
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetCloseHandle
InternetReadFile
InternetSetOptionA
HttpQueryInfoA

imagehlp

ImageDirectoryEntryToData

winmm

timeBeginPeriod
timeKillEvent
timeSetEvent
PlaySoundA
timeEndPeriod

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5170b0c9c049eb2f44e7fbebde1ec11a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

60:50:96:28:71:c0:cd:06:c5:11:f7:09:33:97:df:7bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

imagehlp

winmm

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 140KB - Virtual size: 161KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

60:50:96:28:71:c0:cd:06:c5:11:f7:09:33:97:df:7b
Certificate

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 140KB - Virtual size: 161KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB