2024-02-19_9454962d3db534718d3ae597b860203d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_9454962d3db534718d3ae597b860203d_icedid
Size

1.7MB
MD5

9454962d3db534718d3ae597b860203d
SHA1

f417d316151b6c10ea2f865a3425b9a1d90b89d6
SHA256

0797fc01b28d29ad024f901d79c062ed26d23404436ce72c86d53eb2c185bd24
SHA512

3f2da95b86f06c4861f3ab9082c48b5192b389e984f8bfd4fe9a97fd49982d02a2e2728f1e333a731dd925934449f076af7fa8bfa8fcb5d699d1ca9fae62d5b3
SSDEEP

49152:qvojcamY1KzFyrOQcOU84MlHyMMYguHYo:yvY1KRyHcOb4MlHyMMYguHf

Score

1^/10

Malware Config

Signatures

Files

2024-02-19_9454962d3db534718d3ae597b860203d_icedid
.exe windows:5 windows x86 arch:x86

4f3776ab529f892d316999b9306d8ca9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/09/2009, 00:00

Not After

08/09/2012, 23:59

Subject

CN=Jetico Inc. Oy,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jetico Inc. Oy,L=Espoo,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:0c:62:22:dd:6e:9f:90:00:5f:8c:29:65:65:f8:1d:1f:81:9d:04
Signer

Actual PE Digest

f9:0c:62:22:dd:6e:9f:90:00:5f:8c:29:65:65:f8:1d:1f:81:9d:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSACleanup
WSAStartup
connect
htons
gethostbyname
socket
recv
send
closesocket
shutdown

winscard

SCardReleaseContext
SCardConnectA
SCardEstablishContext
SCardDisconnect
SCardTransmit
g_rgSCardT0Pci
g_rgSCardT1Pci

kernel32

InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetFileTime
GetFileTime
GetTempFileNameW
GlobalGetAtomNameW
GetModuleHandleA
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryW
MoveFileW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
InterlockedDecrement
UnlockFile
SetEndOfFile
DuplicateHandle
lstrlenA
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
GetFileSizeEx
SetErrorMode
GetStartupInfoW
RtlUnwind
GetFileAttributesA
HeapReAlloc
GetTimeFormatA
RaiseException
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
FormatMessageW
LocalFree
MulDiv
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetShortPathNameW
GetShortPathNameA
GetVersion
GetDateFormatW
GetDateFormatA
GetVersionExA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
SystemTimeToFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetFileAttributesW
VirtualAlloc
VirtualFree
QueryDosDeviceW
GetWindowsDirectoryW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
GetSystemDirectoryW
FindFirstVolumeW
GetVolumeInformationW
GetDiskFreeSpaceW
FindNextVolumeW
FindVolumeClose
GetExitCodeProcess
GetLogicalDrives
GetVolumeNameForVolumeMountPointW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateSemaphoreA
lstrcpynW
CreateSemaphoreW
SetLastError
GetModuleHandleW
CopyFileW
GetFullPathNameW
lstrcpyW
GetTickCount
WaitForSingleObject
ReleaseSemaphore
ExitProcess
GetCurrentThreadId
GetSystemDirectoryA
GetSystemTime
CreateDirectoryA
FindFirstFileW
FindNextFileW
FindClose
DeviceIoControl
GetExitCodeThread
CreateThread
DeleteFileA
Sleep
FlushFileBuffers
WideCharToMultiByte
SetFileAttributesW
GetLastError
CreateFileA
MultiByteToWideChar
GetDriveTypeW
GetVersionExW
CreateFileW
CreateDirectoryW
WriteFile
GetFileSize
SetFilePointer
ReadFile
DeleteFileW
GetModuleFileNameW
CreateProcessW
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
LoadLibraryExW
CloseHandle
GetModuleFileNameA
LoadLibraryA
GetCurrentProcess
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
LockFile

user32

TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
RedrawWindow
SetCapture
SetCursorPos
DestroyCursor
GetMenuItemInfoW
SystemParametersInfoW
SetRect
SetTimer
KillTimer
WindowFromPoint
IsZoomed
GetSysColorBrush
CharUpperW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetMenu
SetScrollRange
SetScrollPos
GetScrollPos
IsWindowVisible
UnpackDDElParam
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
DestroyIcon
ClientToScreen
GetSysColor
SetCursor
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
DestroyMenu
GetDlgCtrlID
SetWindowPos
GetDesktopWindow
InsertMenuW
GetMenuState
GetMenuItemCount
CheckMenuItem
AppendMenuW
DeleteMenu
CreatePopupMenu
SetWindowsHookExW
GetFocus
GetParent
CallNextHookEx
UnhookWindowsHookEx
GetKeyState
ToAsciiEx
IsClipboardFormatAvailable
GetClipboardData
EnumClipboardFormats
LoadKeyboardLayoutW
ReleaseDC
GetDC
SetWindowTextA
PostMessageW
DrawIcon
CopyRect
EndPaint
BeginPaint
LoadMenuW
GetSubMenu
InflateRect
ShowScrollBar
InvalidateRect
GetClientRect
FillRect
LoadBitmapW
GetWindowRect
wsprintfW
DefWindowProcW
MessageBoxExW
LoadStringA
EnumDisplaySettingsW
GetSystemMetrics
LoadImageW
UnregisterClassW
MessageBoxW
OpenClipboard
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
GetMenuStringW
SetRectEmpty
EmptyClipboard
CloseClipboard
SetClipboardData
MessageBoxA
LoadIconW
LoadCursorW
SetForegroundWindow
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetActiveWindow
GetMenuItemID
CreateDialogIndirectParamW
GetLastActivePopup
FindWindowW
UpdateWindow
IsIconic
SendMessageW
GetKeyboardLayout
MapVirtualKeyExW
GetWindowLongW
CallWindowProcW
MapVirtualKeyW
SetWindowTextW
SetWindowLongW
EnableWindow
GetKeyboardLayoutNameW

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
LineTo
GetTextExtentPoint32W
GetBkColor
GetTextMetricsW
GetPixel
IntersectClipRect
ExcludeClipRect
SetMapMode
SetTextAlign
CreateCompatibleBitmap
StretchDIBits
DeleteDC
GetCharWidthW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
SetBkMode
SelectObject
CreateFontW
GetStockObject
GetTextAlign
Rectangle
CreateFontIndirectW
CreateHatchBrush
CreatePen
BitBlt
CreateCompatibleDC
GetObjectW
CreateSolidBrush
RestoreDC
SaveDC
PatBlt
GetDeviceCaps
MoveToEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegSetValueW
RegCreateKeyW
RegDeleteKeyA
RegFlushKey
RegCloseKey
RegEnumValueW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyExW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegDeleteKeyW

shell32

DragFinish
SHFormatDrive
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
ExtractIconW
DragQueryFileW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHBrowseForFolderW

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_Merge
ImageList_ReplaceIcon
ImageList_LoadImageW
ImageList_Create

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 859KB - Virtual size: 859KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f3776ab529f892d316999b9306d8ca9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

f9:0c:62:22:dd:6e:9f:90:00:5f:8c:29:65:65:f8:1d:1f:81:9d:04Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

winscard

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 688KB - Virtual size: 688KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 37KB - Virtual size: 329KB

.rsrc Size: 859KB - Virtual size: 859KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

f9:0c:62:22:dd:6e:9f:90:00:5f:8c:29:65:65:f8:1d:1f:81:9d:04
Signer

.text
Size: 688KB - Virtual size: 688KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 37KB - Virtual size: 329KB

.rsrc
Size: 859KB - Virtual size: 859KB