2024-02-23_4fe1ca0e2bd1a30cb10e36193f3a9e6d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_4fe1ca0e2bd1a30cb10e36193f3a9e6d_icedid
Size

496KB
MD5

4fe1ca0e2bd1a30cb10e36193f3a9e6d
SHA1

9a95d4c8f8a90c18d3b30358d48e50633ec8ea1b
SHA256

679eee41bd1c25e61a604f1f6564cac2211e0de0192c75371341ca37b7c1d652
SHA512

02247f3cfd09f1b49abe29cd353f15cf9a237f4b0a6e0f45ad3d63999ca4b790f9eac1b9e3f846d805435f28f98bbd7cb9ca0e253db7a29fbde2196f78a41c42
SSDEEP

12288:mkMxGvwWrnnn6WNeMx8e/CK06bP0O4W2G5p/H4ZeH4a:0MIgnnxdu6bP0NW2jZ1a

Score

1^/10

Malware Config

Signatures

Files

2024-02-23_4fe1ca0e2bd1a30cb10e36193f3a9e6d_icedid
.exe windows:5 windows x86 arch:x86

ea9a28aa06d8e3c92fa86ac13d3a0511

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:01:d2:e3:66:e8:7c:8d:50:e1:84:91:f2:32:1f:4d:8a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/06/2013, 09:23

Not After

22/06/2015, 09:23

Subject

CN=Wuhan Aiwen Technology Company Limtied,OU=Marketing,O=Wuhan Aiwen Technology Company Limtied,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6f:2f:2b:ae:04:24:0e:b1:35:58:27:32:82:8b:68:b2:c7:9f:01:83
Signer

Actual PE Digest

6f:2f:2b:ae:04:24:0e:b1:35:58:27:32:82:8b:68:b2:c7:9f:01:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Program Files\BCGSoft\BCGControlBarPro\Examples\Et\NtfsDesktopSearch\Release\DesktopSearch.pdb

Imports

kernel32

WriteFile
InitializeCriticalSection
GetSystemDirectoryW
WideCharToMultiByte
TerminateThread
Sleep
SizeofResource
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
CreateFileW
MultiByteToWideChar
GetTempPathW
GetLastError
EnterCriticalSection
FindClose
GetExitCodeThread
LockResource
DeviceIoControl
FindNextFileW
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
DebugBreak
GetSystemTime
GetVolumeInformationW
CreateThread
GetFileInformationByHandle
SystemTimeToFileTime
LocalFileTimeToFileTime
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
HeapSize
SetFilePointerEx
CreateFileA
GetProcessHeap
GetModuleHandleW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetFilePointer
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLogicalDriveStringsW
LoadResource
FindResourceW
GetDriveTypeW
FindFirstFileW
GetModuleHandleA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
GetConsoleMode
GetConsoleCP
ExitProcess
GetCurrentThreadId
SetLastError
TlsFree
SetEndOfFile
GetFileSize
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
IsValidCodePage
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP

user32

SendMessageW
MessageBoxW
SetWindowTextA
CheckMenuItem
MoveWindow
DispatchMessageW
GetSystemMetrics
GetDlgItemInt
IsDlgButtonChecked
SetWindowTextW
CreateWindowExW
DestroyWindow
ScreenToClient
GetWindowRect
GetMessageW
PostQuitMessage
TrackPopupMenu
PostMessageW
KillTimer
GetSubMenu
GetClientRect
ModifyMenuW
wsprintfW
TranslateMessage
GetMenu
IsDialogMessageW
LoadIconW
MessageBoxA
InvalidateRect
LoadMenuW
GetWindowLongW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
DrawMenuBar
IsWindow

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW

shell32

SHFileOperationW
SHGetFileInfoW
ShellExecuteW
SHGetFolderPathA
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

comctl32

CreateStatusWindowW

skinh

SkinH_Attach

sqlite3

sqlite3_exec
sqlite3_open
sqlite3_close

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9a28aa06d8e3c92fa86ac13d3a0511

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:01:d2:e3:66:e8:7c:8d:50:e1:84:91:f2:32:1f:4d:8aCertificate

Extended Key Usages

Key Usages

6f:2f:2b:ae:04:24:0e:b1:35:58:27:32:82:8b:68:b2:c7:9f:01:83Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

comctl32

skinh

sqlite3

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 20KB

.rsrc Size: 308KB - Virtual size: 307KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:01:d2:e3:66:e8:7c:8d:50:e1:84:91:f2:32:1f:4d:8a
Certificate

6f:2f:2b:ae:04:24:0e:b1:35:58:27:32:82:8b:68:b2:c7:9f:01:83
Signer

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 20KB

.rsrc
Size: 308KB - Virtual size: 307KB