2024-02-19_1fa9509d008a1460e4973a1e05225f79_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-19_1fa9509d008a1460e4973a1e05225f79_icedid
Size

562KB
MD5

1fa9509d008a1460e4973a1e05225f79
SHA1

d3a2c7a7c980bfb1de5ec9b9d331532e38115dc6
SHA256

b284aa798d9aa0000a526e479c76a385a0f2f3e544aadf484e18ca127a930608
SHA512

e1ab66011b228b405c61b2ffd879c7b8fb42dc941a9d911071af0d4e6a69b42bd9b2b9876c79098646abf4f1955d5f82d47d369e81f5a5207b8714d56e3df624
SSDEEP

12288:2XCdGIa85A77lhynfj7MG59QZBFBBebDTBs2PcW6stS8eo/qtA5:2ydGyY7lhyrB9QbFBB8HPPT17AA5

Score

1^/10

Malware Config

Signatures

Files

2024-02-19_1fa9509d008a1460e4973a1e05225f79_icedid
.exe windows:5 windows x86 arch:x86

67c1a1c330b4b483815a92c436ac8433

Code Sign

01:00:00:00:00:01:26:e6:21:91:ba
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2010 11:37

Not After

19-02-2013 11:37

Subject

CN=SecurStar GmbH,O=SecurStar GmbH,L=Munich,ST=Germany,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:2e:da:62:c5:de:a3:46:2d:b7:28:38:55:59:6a:78:83:c0:94:d7
Signer

Actual PE Digest

3b:2e:da:62:c5:de:a3:46:2d:b7:28:38:55:59:6a:78:83:c0:94:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetModuleHandleW
GlobalFree
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
GetProcAddress
GetModuleHandleA
WriteFile
GetVolumeInformationA
GetDiskFreeSpaceExA
GetSystemDirectoryA
DeviceIoControl
GetDiskFreeSpaceA
SetFilePointerEx
QueryDosDeviceA
DefineDosDeviceA
GetCurrentProcessId
LocalFree
FormatMessageA
GetLastError
FindClose
FindNextFileW
GetTickCount
FindFirstFileW
GetSystemTimeAsFileTime
GetTempPathW
ExitThread
Sleep
CreateThread
QueryPerformanceCounter
VirtualAlloc
GetDriveTypeA
GetVersionExA
SetEvent
GetWindowsDirectoryA
CreateMutexA
GetFileSize
FindNextFileA
OpenEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindFirstFileA
GetCurrentProcess
CopyFileExA
CopyFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryW
LCMapStringW
LCMapStringA
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
GetSystemInfo
RaiseException
IsBadReadPtr
HeapValidate
RtlUnwind
GetLocaleInfoA
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
CreateDirectoryExA
InterlockedIncrement
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
DeleteVolumeMountPointA
ResumeThread
lstrcmpA
GetAtomNameA
GlobalGetAtomNameA
MultiByteToWideChar
GlobalLock
GlobalUnlock
lstrlenA
SetLastError
InitializeCriticalSection
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
GlobalMemoryStatus
GetThreadTimes
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlushFileBuffers
FreeLibrary
GetVolumeNameForVolumeMountPointA
CallNamedPipeA
LoadLibraryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetCommandLineA
GetVersion
GetTempPathA
SetErrorMode
ExitProcess
SetVolumeMountPointA
CreateDirectoryA
DeleteFileA
CloseHandle

user32

SetCursor
SetRectEmpty
GetMenuCheckMarkDimensions
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
WinHelpA
TrackPopupMenu
GetKeyState
GetDlgCtrlID
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetMenu
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
RegisterWindowMessageA
GetWindowThreadProcessId
GetSysColor
LoadMenuA
SetMenuItemBitmaps
ModifyMenuA
InsertMenuItemA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
CreatePopupMenu
GrayStringA
DrawTextExA
DrawFocusRect
FillRect
GetSysColorBrush
GetWindowLongA
GetForegroundWindow
SetForegroundWindow
GetParent
GetLastActivePopup
GetWindow
GetTopWindow
ReleaseCapture
SetActiveWindow
ShowOwnedPopups
IsWindowVisible
ValidateRect
GetWindowDC
ScreenToClient
ClientToScreen
MapWindowPoints
BringWindowToTop
TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
IsIconic
TabbedTextOutA
IsWindow
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuItemID
CharUpperA
SetWindowsHookExA
GetActiveWindow
GetCapture
GetClipboardOwner
GetClipboardViewer
GetDesktopWindow
GetFocus
GetInputState
DestroyMenu
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
GetMouseMovePointsEx
GetCursorPos
GetSystemMetrics
InflateRect
PtInRect
GetWindowRect
GetWindowTextW
EnumChildWindows
EnumWindows
GetAsyncKeyState
MessageBoxA
UpdateWindow
ShowWindow
CreateWindowExA
SendMessageA
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
GetQueueStatus
GetCaretPos
CallNextHookEx
UnhookWindowsHookEx
GetWindowTextA
IsWindowEnabled
LoadBitmapA
InvalidateRect
RedrawWindow
MessageBeep
SetWindowPos
SetFocus
GetDC
ReleaseDC
LoadAcceleratorsA
LoadCursorA
RegisterClassExA
LoadStringA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
EndPaint
SetWindowTextA
GetDlgItem
LoadIconA
GetDlgItemTextA
EndDialog
EnableWindow
PostQuitMessage
PostMessageA
FindWindowExA
ExitWindowsEx
SetDlgItemTextA
GetClipboardFormatNameA
CallWindowProcA

gdi32

GetObjectType
ExtTextOutA
CreateFontA
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
GetDeviceCaps
SetBkColor
CreateSolidBrush
CreateCompatibleDC
PtVisible
RectVisible
BitBlt
StretchBlt
GetPixel
TextOutA
GetTextExtentPoint32A
Escape
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
CreatePatternBrush
CreateBitmap
CreateCompatibleBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetOpenFileNameA

advapi32

RevertToSelf
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegFlushKey
SetThreadToken
OpenThreadToken

shell32

DragFinish
DragQueryFileA
SHChangeNotify

ole32

StringFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantClear
VariantChangeType

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67c1a1c330b4b483815a92c436ac8433

Code Sign

01:00:00:00:00:01:26:e6:21:91:baCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

3b:2e:da:62:c5:de:a3:46:2d:b7:28:38:55:59:6a:78:83:c0:94:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

oleacc

Sections

.text Size: 419KB - Virtual size: 419KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 10KB - Virtual size: 1.5MB

.rsrc Size: 30KB - Virtual size: 29KB

01:00:00:00:00:01:26:e6:21:91:ba
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

3b:2e:da:62:c5:de:a3:46:2d:b7:28:38:55:59:6a:78:83:c0:94:d7
Signer

.text
Size: 419KB - Virtual size: 419KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 10KB - Virtual size: 1.5MB

.rsrc
Size: 30KB - Virtual size: 29KB