2024-02-20_cfe6d656c69ebfc33853c6f4af64ed91_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_cfe6d656c69ebfc33853c6f4af64ed91_icedid
Size

9.1MB
MD5

cfe6d656c69ebfc33853c6f4af64ed91
SHA1

eed1e4b4b2611d6a36a72bae0f89d0ed7b3a297a
SHA256

c4aafc2dc3f66b40c08bd8e957e4c77ce0ba21f8c009fa0b4866ea5de7a364e8
SHA512

1f2ebf100f3da103734704c485026d7d32037970e0f1ad4198e76ce154ff480a8c9edd6fe885acb41bade2d456b29f4729e3bf2b2c0a960819fd465221a84c33
SSDEEP

196608:g6BUqiRRsfBeQUUQIMxo+HqGcE9iNS2gyTGb62TWp:giUqiRyfBefUnM2+Dd9iNdgip

Score

10^/10

Malware Config

Signatures

Detects executables with modified PE resources using the unpaid version of Resource Tuner 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_PE_ResourceTuner

Files

2024-02-20_cfe6d656c69ebfc33853c6f4af64ed91_icedid
.exe windows:5 windows x86 arch:x86

392e5ee53f6c361cebd5c300950ca0a4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

15:8f:14:6c:36:58:92:d4:0b:f3:24:c3:38:fc:27:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2017, 00:00

Not After

27/12/2018, 23:59

Subject

CN=Hangzhou Shunwang Technology Co.\,Ltd,OU=QC Department,O=Hangzhou Shunwang Technology Co.\,Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:52:7a:b0:33:d3:94:a4:6c:8d:ef:40:4c:20:da:3c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/01/2018, 00:00

Not After

01/01/2019, 23:59

Subject

CN=Hangzhou Shunwang Technology Co.\,Ltd,OU=QC Department,O=Hangzhou Shunwang Technology Co.\,Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:d0:ff:d7:9e:5a:03:8b:54:2d:ab:58:ca:a3:d5:bc:89:4c:20:47:6a:78:a7:97:9e:e4:3c:e2:10:7a:2d:b4
Signer

Actual PE Digest

72:d0:ff:d7:9e:5a:03:8b:54:2d:ab:58:ca:a3:d5:bc:89:4c:20:47:6a:78:a7:97:9e:e4:3c:e2:10:7a:2d:b4

Digest Algorithm

sha256

PE Digest Matches

false

e1:1d:81:cd:45:61:87:2c:51:3e:46:ad:1e:e4:ae:0e:3f:71:10:e0
Signer

Actual PE Digest

e1:1d:81:cd:45:61:87:2c:51:3e:46:ad:1e:e4:ae:0e:3f:71:10:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\slave\workspace\9060\bin\pdb\BarServer.pdb

Imports

iocptcp

TcpListen
TcpGetLinkAddr
TcpConnect
TcpCreate
TcpUninit
TcpInit
TcpSend
TcpDestroy
TcpSetLinkAttr

iocpudp

UdpDestroy
UdpCreate
UdpUninit
UdpInit
UdpSendTo

routemonitordll

RM_SetHostUrl
RM_GetClientChecksum
RM_Init
RM_Uninit
RM_DeleteFlowControlRule
RM_AddFlowControlRule
RM_DeleteStaticNat
RM_AddStaticNat
RM_EnableSwQos
RM_QueryRuleList
RM_QuerySwQos
RM_QueryNatList
RM_QueryWanList
RM_GetIcon
RM_QueryRouteInfo

uxtheme

GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetWindowTheme

kernel32

LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
CompareStringW
GetLocaleInfoW
GetUserDefaultUILanguage
GetOEMCP
GetCPInfo
GetACP
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetTempPathA
GetTempFileNameA
GetProfileIntA
SearchPathA
VirtualProtect
GetDiskFreeSpaceA
GetUserDefaultLCID
FindResourceExW
GetFullPathNameW
CreateMutexW
QueryPerformanceCounter
InterlockedCompareExchange
OutputDebugStringW
UnlockFileEx
FormatMessageW
HeapCreate
HeapValidate
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetSystemInfo
GetSystemTime
AreFileApisANSI
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
GetConsoleCP
CompareStringA
GetConsoleMode
FreeResource
GetStdHandle
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
CreateEventW
UnhandledExceptionFilter
SetEnvironmentVariableA
GetDriveTypeW
GetCurrentDirectoryW
SetStdHandle
HeapQueryInformation
ExitThread
VirtualAlloc
GetCommandLineA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
FreeLibraryAndExitThread
GetThreadTimes
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW
GetExitCodeThread
FindFirstFileExW
SetThreadPriority
MulDiv
GlobalSize
FindResourceW
GetSystemDirectoryW
EncodePointer
IsValidCodePage
GlobalGetAtomNameA
ReadConsoleW
LocalReAlloc
Sleep
SetConsoleCtrlHandler
SetFileAttributesA
WriteFile
ReadFile
SetFilePointer
CloseHandle
CreateFileA
GetLastError
GetTickCount
FreeLibrary
GetProcAddress
GetCurrentThread
GetCurrentThreadId
SetLastError
ResumeThread
LoadLibraryA
GetModuleFileNameA
OutputDebugStringA
GetCurrentDirectoryA
GetFileAttributesA
GetVersionExA
OpenProcess
GetCurrentProcess
TerminateProcess
GetFileSizeEx
DeviceIoControl
FindClose
SetSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
OpenMutexA
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
GetDriveTypeA
CreateDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
GetVolumeInformationA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
LockFile
UnlockFile
GetFileSize
FlushFileBuffers
SetEndOfFile
GetFileTime
DuplicateHandle
lstrcmpiA
lstrlenA
GetFullPathNameA
MoveFileA
LocalFree
GetFileType
SetFilePointerEx
lstrlenW
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
LockResource
LoadResource
SizeofResource
lstrcpyA
LoadLibraryExA
FindResourceA
EnumResourceNamesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetComputerNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetCurrentProcessId
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
LoadLibraryW
GetModuleHandleA
IsBadWritePtr
GetModuleFileNameW
GetDiskFreeSpaceExA
InterlockedIncrement
GetExitCodeProcess
CreateProcessA
InterlockedDecrement
lstrcmpA
GetModuleHandleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
LocalAlloc

user32

ShowOwnedPopups
IntersectRect
IsIconic
PostQuitMessage
CopyImage
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
FillRect
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
DestroyIcon
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
LoadAcceleratorsA
TranslateAcceleratorA
GetDC
ReleaseDC
MessageBoxA
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
wsprintfA
CharUpperA
GetSystemMetrics
LoadMenuA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
UnhookWindowsHookEx
SendMessageA
EnableWindow
IsWindowEnabled
GetWindowLongA
DrawFocusRect
SetRectEmpty
OffsetRect
IsRectEmpty
LoadImageA
DrawIconEx
GetIconInfo
MessageBeep
GetAsyncKeyState
EnableScrollBar
SetCursor
InvertRect
LoadCursorW
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyA
BringWindowToTop
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
GetSysColor
GetSysColorBrush
LoadCursorA
GetWindowTextA
GetWindowTextLengthA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextA
TrackMouseEvent
LoadMenuW
GetComboBoxInfo
IsZoomed
DeleteMenu
SetTimer
KillTimer
InvalidateRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
ReleaseCapture
HideCaret
GetSystemMenu
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetCursorPos
SetRect
SetParent
LockWindowUpdate
SetClassLongA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
DrawIcon
GetWindowRgn
DestroyCursor
IsMenu
UpdateLayeredWindow
MonitorFromPoint
WindowFromPoint
GetScrollPos
SetScrollPos
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow

gdi32

CreateDCA
CopyMetaFileA
CreateDIBSection
StretchBlt
SelectObject
GetStockObject
GetPaletteEntries
DeleteObject
DeleteDC
CreateCompatibleDC
SetDIBColorTable
GetTextFaceA
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetPixel
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetNearestPaletteIndex
CreatePalette
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32A
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
BitBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AllocateAndInitializeSid
RegEnumKeyExA
RegDeleteValueA
FreeSid
RegDeleteKeyA
SetNamedSecurityInfoA
SetEntriesInAclA

shell32

ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHAppBarMessage
SHGetSpecialFolderPathA

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysStringLen
LoadTypeLi
SysAllocStringByteLen
VariantInit
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocString
VarBstrFromDate

bcmanagerupdate

Clit_Init
Clit_UnInit
Clit_SetSrvInfo
Clit_SetUpdateNotify
Clit_SetSyncInfo

dbghelp

MiniDumpWriteDump

ws2_32

htonl
ntohl
inet_addr
setsockopt
sendto
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
closesocket
htons
ntohs

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetIfEntry
SendARP
GetAdaptersInfo

rpcrt4

UuidCreate

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA

wininet

InternetCrackUrlA
InternetReadFile
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
HttpAddRequestHeadersA

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapSetResolution
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageGraphicsContext

psapi

GetProcessMemoryInfo

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

msimg32

TransparentBlt
AlphaBlend

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

392e5ee53f6c361cebd5c300950ca0a4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

15:8f:14:6c:36:58:92:d4:0b:f3:24:c3:38:fc:27:83Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

4a:52:7a:b0:33:d3:94:a4:6c:8d:ef:40:4c:20:da:3cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

72:d0:ff:d7:9e:5a:03:8b:54:2d:ab:58:ca:a3:d5:bc:89:4c:20:47:6a:78:a7:97:9e:e4:3c:e2:10:7a:2d:b4Signer

e1:1d:81:cd:45:61:87:2c:51:3e:46:ad:1e:e4:ae:0e:3f:71:10:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

routemonitordll

uxtheme

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

bcmanagerupdate

dbghelp

ws2_32

version

iphlpapi

rpcrt4

shlwapi

wininet

gdiplus

psapi

oleacc

msimg32

imm32

winmm

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 364KB - Virtual size: 414KB

.rsrc Size: 105KB - Virtual size: 105KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

15:8f:14:6c:36:58:92:d4:0b:f3:24:c3:38:fc:27:83
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

4a:52:7a:b0:33:d3:94:a4:6c:8d:ef:40:4c:20:da:3c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

72:d0:ff:d7:9e:5a:03:8b:54:2d:ab:58:ca:a3:d5:bc:89:4c:20:47:6a:78:a7:97:9e:e4:3c:e2:10:7a:2d:b4
Signer

e1:1d:81:cd:45:61:87:2c:51:3e:46:ad:1e:e4:ae:0e:3f:71:10:e0
Signer

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 364KB - Virtual size: 414KB

.rsrc
Size: 105KB - Virtual size: 105KB