2024-02-23_afbf6b346a27f16a0528fb874df22460_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_afbf6b346a27f16a0528fb874df22460_icedid
Size

333KB
MD5

afbf6b346a27f16a0528fb874df22460
SHA1

d55173723cb4d062ea25d69e85dc452da3f65e83
SHA256

87f5531895fa97cb98e328bb512293bd1581c3f230a4bfb3e51695de57597bee
SHA512

1bb9160159b248db4d65a9b603b561a0e3e6e36b122e07eb25dab3372c8883f2c90a400fd2fa65b940444ebd3affdf065ce49e5ccfe9c328d191d8607d62288e
SSDEEP

6144:HcJkCXCm4UtOEgSHibQsAaUvZY3v9fIW8oLTHidT7Btf:8JqBqOvYcRAaURYH8oLri5X

Score

1^/10

Malware Config

Signatures

Files

2024-02-23_afbf6b346a27f16a0528fb874df22460_icedid
.exe windows:4 windows x86 arch:x86

753cc453ac4e4b594d68389141605c33

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:ba:d2:a4:74:f4:e4:1c:6a:80:c6:b4:08:54:74:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/07/2006, 00:00

Not After

14/09/2009, 23:59

Subject

CN=Garmin International,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Garmin International,O=Garmin International,L=Olathe,ST=Kansas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\install\InstallBrowser_TrainingCenter_v4\Setup\Release\_TrainingCenter.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

SetupCopyOEMInfA

kernel32

SetErrorMode
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetStartupInfoA
GetSystemTimeAsFileTime
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
GlobalFlags
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
InterlockedDecrement
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
SetFilePointer
GetFileSize
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetVolumeInformationA
GetLogicalDriveStringsA
GetDriveTypeA
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
FindNextFileA
ExpandEnvironmentStringsA
GetSystemDirectoryA
FindFirstFileA
FindClose
GetCommandLineA
CreateFileA
lstrcatA
CreateProcessA
GetExitCodeProcess
TerminateProcess
GetTickCount
GetDiskFreeSpaceA
WaitForSingleObject
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
HeapAlloc
HeapFree
SetLastError
lstrcmpA
OpenProcess
CloseHandle
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
MulDiv
CreateMutexA
ReleaseMutex
lstrcpyA
CreateDirectoryA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapCreate

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
DestroyMenu
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
GetCursorPos
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsChild
GetForegroundWindow
GetLastActivePopup
GetMessageTime
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
GetWindowTextLengthA
GetWindowTextA
GetWindow
SetFocus
ExitWindowsEx
RegisterClipboardFormatA
EnumWindows
PostQuitMessage
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
GetWindowThreadProcessId
LoadImageA
IsWindow
PostThreadMessageA
GetDC
PostMessageA
GetWindowLongA
SetWindowLongA
GetMessagePos
ScreenToClient
DrawIcon
LoadBitmapA
SetCursor
LoadCursorA
GetParent
GetClientRect
GetWindowRect
DrawFrameControl
UnregisterClassA
EnableWindow
LoadIconA
SendMessageA
InvalidateRect
CharUpperA
GetTopWindow

gdi32

TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
ExtTextOutA
GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
DeleteObject
GetTextExtentPoint32A
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
SelectObject
StretchBlt
Escape

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
SetSecurityDescriptorDacl
FreeSid
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
SetEntriesInAclA
LookupPrivilegeValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegFlushKey
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor

shell32

ShellExecuteA
SHCreateDirectoryExA
SHFileOperationA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveBackslashA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
StrRChrA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize

oleaut32

VariantCopy
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

753cc453ac4e4b594d68389141605c33

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6c:ba:d2:a4:74:f4:e4:1c:6a:80:c6:b4:08:54:74:6cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 212KB - Virtual size: 208KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 28KB - Virtual size: 24KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6c:ba:d2:a4:74:f4:e4:1c:6a:80:c6:b4:08:54:74:6c
Certificate

.text
Size: 212KB - Virtual size: 208KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 28KB - Virtual size: 24KB