2024-02-17_3ba31318a8723c52e0f4944ebfb2f31d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-17_3ba31318a8723c52e0f4944ebfb2f31d_icedid
Size

989KB
MD5

3ba31318a8723c52e0f4944ebfb2f31d
SHA1

58954bf6f92b01e6fce7d74acc8bd9754c5a2b7e
SHA256

7d3560ae9bcff002da3bc7952d52f2d6fb6b17052c6746035bafb74e962b7197
SHA512

fffcae0bba0536a4ae0b0cadf5929f78ecdc6abcb24f3abc287ba5fc7bfb38715ca63d697a8b6affa0efeb83d28e4c00634d53fcda543e719648686528950f57
SSDEEP

6144:P3y7wooEFzRO7oKrx/pi6delhJA9Se8NaqsHRjpjLI6f:/y74EFE1rlpnkfRFsHRdjLj

Score

1^/10

Malware Config

Signatures

Files

2024-02-17_3ba31318a8723c52e0f4944ebfb2f31d_icedid
.exe windows:4 windows x86 arch:x86

68cb9eb8cb81f06046ffba2e89ba6c9f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fc
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/10/2007, 00:00

Not After

28/10/2008, 23:59

Subject

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

17:09:4c:b8:10:5a:ee:d3:7e:fb:ac:4c:c8:09:62:ee:79:49:58:0a
Signer

Actual PE Digest

17:09:4c:b8:10:5a:ee:d3:7e:fb:ac:4c:c8:09:62:ee:79:49:58:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
CreateThread
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadWritePtr
GetTimeZoneInformation
GetOEMCP
GetCPInfo
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitThread
RtlUnwind
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetSystemPowerState
GetStartupInfoW
GlobalGetAtomNameW
GlobalFlags
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
ResumeThread
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetVersionExA
FreeResource
GetFullPathNameW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
InterlockedDecrement
WideCharToMultiByte
MulDiv
lstrcpyW
lstrlenW
GlobalLock
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
GetTempPathW
GlobalFree
GlobalAlloc
SetLastError
GetModuleHandleW
CreateMutexW
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileStringW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileW
DeviceIoControl
MultiByteToWideChar
GetVersionExW
WaitForSingleObject
GetSystemDirectoryW
GetVolumeInformationW
Sleep
UnmapViewOfFile
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
CreateFileMappingW
GetLastError
MapViewOfFile
CloseHandle
GetTickCount
FindResourceW
LoadResource
LockResource
SizeofResource
QueryPerformanceCounter
DeleteFileW

user32

IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
MessageBoxW
GetKeyState
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
IntersectRect
SetWindowTextW
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
wsprintfW
CharUpperW
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetWindowRect
CheckMenuItem
InvalidateRect
GetLastInputInfo
ExitWindowsEx
SetCapture
EnableWindow
ReleaseCapture
SetLayeredWindowAttributes
RegisterClipboardFormatW
UnpackDDElParam
LoadMenuW
GetCursorPos
GetSubMenu
TrackPopupMenu
DestroyMenu
GetSystemMetrics
LoadIconW
SetForegroundWindow
IsWindowVisible
GetClientRect
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
FillRect
MoveWindow
ShowWindow
LoadBitmapW
GetMenuCheckMarkDimensions
GetFocus
SetTimer
KillTimer
ClientToScreen
PostMessageW
SendMessageW
ScreenToClient
GetParent
LoadCursorW
SetCursor
GetWindowLongW
SetWindowLongW
SystemParametersInfoA
PostThreadMessageW
ReuseDDElParam
LoadAcceleratorsW
CreatePopupMenu
InsertMenuItemW
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
GetSysColorBrush
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
WindowFromPoint
GetMessageW
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
ModifyMenuW
OffsetRect
EnableMenuItem

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateCompatibleBitmap
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateSolidBrush
SetMapMode
CreateFontW
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
LookupPrivilegeValueW

shell32

DragQueryFileW
Shell_NotifyIconW
DragFinish
ShellExecuteW

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ImageList_Draw
ord17

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CreateILockBytesOnHGlobal
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
VariantInit

urlmon

URLDownloadToFileW

powrprof

SetActivePwrScheme
ReadGlobalPwrPolicy
WritePwrScheme
GetActivePwrScheme
ReadPwrScheme
CanUserWritePwrScheme
WriteGlobalPwrPolicy

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68cb9eb8cb81f06046ffba2e89ba6c9f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fcCertificate

Extended Key Usages

Key Usages

17:09:4c:b8:10:5a:ee:d3:7e:fb:ac:4c:c8:09:62:ee:79:49:58:0aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

powrprof

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 668KB - Virtual size: 667KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fc
Certificate

17:09:4c:b8:10:5a:ee:d3:7e:fb:ac:4c:c8:09:62:ee:79:49:58:0a
Signer

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 668KB - Virtual size: 667KB