2024-02-22_61a6fb01beb327b969984cb01e67490f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-22_61a6fb01beb327b969984cb01e67490f_icedid
Size

237KB
MD5

61a6fb01beb327b969984cb01e67490f
SHA1

f97ed5fee108e545f2c50dd03e1284077a847a24
SHA256

6594c677793ad7688d00cbc75941b15a2f8334d23b280345253e59de258f6c7d
SHA512

5203de50ca588023ed4c14b9e7e20695d37c1cc689e478be27dde23825a5e6db8f74d3cbc9a8435b1e8d3d88176a2d115b08140165258a75c89842663b471710
SSDEEP

6144:ontfzHrDaKKYbv2u7UFSiqLaXHAU7DlnVkI99PQ:otHDa9Y6uYJ3XxNVkoQ

Score

1^/10

Malware Config

Signatures

Files

2024-02-22_61a6fb01beb327b969984cb01e67490f_icedid
.exe windows:4 windows x86 arch:x86

869c35cc0e5c596af7c5cd28d430b222

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

bb:9e:58:72:c9:07:f4:bb:51:ed:8d:58:98:fc:db:f4
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2013, 23:59

Subject

CN=eCode Sky Network Technology Co.\, Ltd.,O=eCode Sky Network Technology Co.\, Ltd.,POSTALCODE=100000,STREET=159\, Kehai Blvd.\,Fuzhang Park\, Tongzhou District\, Beijing,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\works\webcammax\OBJ\WebcamMaxHelp.sln\CAMTHINS.vcproj\Release\CAMTHINS.pdb

Imports

newdev

UpdateDriverForPlugAndPlayDevicesA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupDiGetDeviceRegistryPropertyA

kernel32

GetVolumeInformationA
GetFullPathNameA
SetErrorMode
GetCPInfo
GetOEMCP
GetFileTime
GetTickCount
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentProcess
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
lstrcatA
WritePrivateProfileStringA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
InterlockedDecrement
FreeResource
GlobalAddAtomA
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GetLongPathNameA
GetModuleFileNameA
SetFilePointer
GetFileSize
ReadFile
WriteFile
lstrcpyA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetCurrentThreadId
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetFileAttributesA
MultiByteToWideChar
FindFirstFileA
LocalAlloc
lstrlenA
GetLastError
FormatMessageA
LocalFree
SetLastError
CreateThread
GetCurrentProcessId
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetStartupInfoA

user32

PostThreadMessageA
SetRect
IsRectEmpty
CharNextA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
ShowWindow
MoveWindow
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
RegisterClipboardFormatA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextA
TabbedTextOutA
GetDlgCtrlID
PtInRect
SetWindowTextA
wsprintfA
ReleaseCapture
GetCapture
SetCapture
ClientToScreen
LoadCursorA
GetSystemMetrics
GetSysColor
GetSysColorBrush
IsWindow
SetFocus
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
DestroyMenu
GetSubMenu
GetClassNameA
GetDC
ReleaseDC
GetCursorPos
GetDesktopWindow
GetWindowRect
CharUpperA
GetWindowTextA
GetDlgItem
SendMessageA
FindWindowExA
GetWindowThreadProcessId
MessageBoxA
UnregisterClassA
CreateDialogIndirectParamA
EndDialog
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
DrawTextExA
CopyAcceleratorTableA

gdi32

ExtSelectClipRgn
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetWindowExtEx
GetViewportExtEx
GetObjectA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetDeviceCaps
DeleteDC
SelectObject
GetMapMode
GetClipBox
SetMapMode
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject

oleaut32

SysFreeString
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantChangeType
VariantClear
VariantInit
OleCreateFontIndirect
SysAllocStringLen
SysAllocStringByteLen
SysStringLen

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

869c35cc0e5c596af7c5cd28d430b222

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

bb:9e:58:72:c9:07:f4:bb:51:ed:8d:58:98:fc:db:f4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

newdev

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 13KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

bb:9e:58:72:c9:07:f4:bb:51:ed:8d:58:98:fc:db:f4
Certificate

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 13KB