2024-02-23_301bb401ec2feb6cbd1a11093877543a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_301bb401ec2feb6cbd1a11093877543a_icedid
Size

2.3MB
MD5

301bb401ec2feb6cbd1a11093877543a
SHA1

149e7ee8cbf040c0a536b36c02eb486941624ac0
SHA256

53c2b4cb99d01c57098c39de986a0f16cc6b63951b48092bfbf8bb4eeca2b1b2
SHA512

e1a1ed42e3e65353df073a0f6203e359c58263bde20d2c307ae4d9e866b3dea607fc9a5b76c77a7962fe1deb82fd8b38d6b902b810fcfa42b0d70f7eb213a26f
SSDEEP

49152:zp7x5iyDOD9BkzuA0QsnF4n2tS7GIjo96v:z5LtDOBQ0/en26Hjo9q

Score

1^/10

Malware Config

Signatures

Files

2024-02-23_301bb401ec2feb6cbd1a11093877543a_icedid
.exe windows:4 windows x86 arch:x86

29743b746a4d55e0a910d21481648f34

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:a9:e4:1d:0e:8e:c8:64:a7:b7:0d:75:ac:f9:c3:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/08/2012, 00:00

Not After

14/10/2013, 23:59

Subject

CN=浙江鼎昊宏业科技股份有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=浙江鼎昊宏业科技股份有限公司,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:d9:15:2a:80:35:04:b2:7e:cd:c7:91:d7:89:8a:55:21:e3:07:3e
Signer

Actual PE Digest

8b:d9:15:2a:80:35:04:b2:7e:cd:c7:91:d7:89:8a:55:21:e3:07:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerClose
mixerGetNumDevs
waveOutOpen
mixerGetID
waveOutClose
mixerOpen
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetLineInfoA
mixerGetLineControlsA

imm32

ImmGetContext
ImmSetOpenStatus
ImmNotifyIME
ImmReleaseContext

iphlpapi

GetAdaptersInfo

psapi

EnumProcessModules
GetModuleBaseNameA
GetModuleInformation
GetModuleFileNameExA
EnumProcesses

kernel32

GlobalFlags
LocalAlloc
GlobalHandle
TlsGetValue
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetComputerNameA
GlobalReAlloc
SuspendThread
GetTempPathA
GetSystemDirectoryA
GetExitCodeThread
ExitProcess
GetLocalTime
CompareStringW
CompareStringA
GetCurrentThread
lstrlenA
lstrcmpiA
GetVersion
DeviceIoControl
Module32First
Module32Next
RaiseException
ReadProcessMemory
GetThreadContext
SetThreadContext
FlushInstructionCache
InterlockedCompareExchange
SetEnvironmentVariableA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
UnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringW
LCMapStringA
QueryPerformanceCounter
SetUnhandledExceptionFilter
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
GetCommandLineA
LocalFree
Thread32First
OpenThread
Thread32Next
MultiByteToWideChar
lstrlenW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
CreateRemoteThread
VirtualFreeEx
GetCurrentProcess
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
ResumeThread
GlobalAlloc
ResetEvent
GetFileAttributesA
SetFileAttributesA
CopyFileA
FreeLibrary
LoadLibraryA
WriteFile
WinExec
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcessId
CreateFileA
GetFileSize
GetTickCount
GetProcAddress
CreateProcessA
Sleep
OpenProcess
TerminateProcess
CreateEventA
CreateThread
SetEvent
WaitForSingleObject
TerminateThread
CreateMutexA
GetModuleFileNameA
OutputDebugStringA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
CreateFileMappingA
GetLastError
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
ReleaseMutex
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
GetFullPathNameA
GetVolumeInformationA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetErrorMode
GetFileTime
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileA
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
FormatMessageA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
TlsSetValue
LocalReAlloc
TlsFree
GetOEMCP
WritePrivateProfileStringA
TlsAlloc

user32

MessageBoxA
EnableWindow
RegisterClassExA
ShowWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
MessageBeep
PeekMessageA
MsgWaitForMultipleObjects
PostThreadMessageA
DestroyWindow
ReleaseCapture
SetCapture
GetCapture
PtInRect
GetClassNameA
RegisterWindowMessageA
GetCursorPos
SetParent
SetActiveWindow
LoadMenuA
GetMessagePos
ScreenToClient
LoadImageA
SetCursor
DestroyCursor
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
FrameRect
OffsetRect
InflateRect
EndDialog
IsWindowEnabled
GetDlgItem
CreateDialogIndirectParamA
GetWindow
GetWindowPlacement
IsIconic
IntersectRect
SetWindowLongA
CallWindowProcA
GetDlgCtrlID
GetClassInfoA
DeferWindowPos
EqualRect
AdjustWindowRectEx
UpdateWindow
IsWindowVisible
GetKeyState
TrackPopupMenu
MapWindowPoints
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetWindowTextA
GetWindowTextLengthA
IsChild
SetFocus
GetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetClientRect
IsDialogMessageA
SetWindowTextA
MoveWindow
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuStringA
PostQuitMessage
ShowOwnedPopups
ValidateRect
GetWindowDC
BeginPaint
EndPaint
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
IsRectEmpty
CopyAcceleratorTableA
InvalidateRgn
CharNextA
MapDialogRect
SetWindowContextHelpId
LoadCursorA
RegisterClipboardFormatA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
GetIconInfo
CreateIconIndirect
DrawStateA
IsMenu
GetMenuItemInfoA
GetSysColorBrush
DrawIconEx
DestroyIcon
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
ExitWindowsEx
SystemParametersInfoA
wsprintfA
UnregisterClassA
CharUpperA
FindWindowA
SetRect
CopyRect
GetDC
ReleaseDC
GetSysColor
FillRect
GetMenu
DestroyMenu
SetMenu
LoadIconA
GetMessageA
TranslateMessage
DispatchMessageA
ClipCursor
IsWindow
GetForegroundWindow
CloseWindow
SetForegroundWindow
SetWindowPos
EnumWindows
InvalidateRect
LoadBitmapA
keybd_event
GetWindowLongA
GetWindowRect
GetSystemMetrics
GetParent
GetDesktopWindow
PostMessageA
KillTimer
SetTimer
WinHelpA
SendMessageA

gdi32

ExcludeClipRect
ExtSelectClipRgn
CreatePatternBrush
MaskBlt
CreateBitmap
SetBkColor
SetTextColor
CreateDIBSection
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
PatBlt
Ellipse
GetBkMode
CreateFontIndirectA
GetSystemPaletteEntries
SetDIBitsToDevice
GetStockObject
SelectPalette
GetDIBits
StretchBlt
RealizePalette
CreatePalette
GetObjectA
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
DeleteDC
SelectObject
BitBlt
Rectangle
CreateCompatibleDC
CreateFontA
CreateSolidBrush
CreatePen
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetMapMode
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetTextColor
GetBkColor
GetRgnBox
GetMapMode
CombineRgn
SetRectRgn
GetCharWidthA
StretchDIBits
CreateRectRgnIndirect

advapi32

RegOpenKeyA
RegQueryValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
SHAddToRecentDocs
ShellExecuteExA
DragQueryFileA
ShellExecuteA
DragFinish
SHEmptyRecycleBinA

ole32

OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal
CoGetClassObject
CoRegisterMessageFilter

oleaut32

DispCallFunc
VariantClear
VariantInit
VariantChangeType
VariantCopy
SysAllocString
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleLoadPicture
VarUdateFromDate
SystemTimeToVariantTime
SysFreeString
OleCreateFontIndirect
SysAllocStringLen

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo
ImageList_ReplaceIcon

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathIsURLA

oledlg

ord8

ws2_32

accept
ntohs
select
WSASetLastError
recvfrom
WSAAsyncSelect
gethostname
WSAGetLastError
htonl
inet_addr
sendto
htons
socket
inet_ntoa
closesocket
connect
WSAStartup
setsockopt
send
gethostbyname
recv
WSACleanup
bind

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

GetFileTitleA

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29743b746a4d55e0a910d21481648f34

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:a9:e4:1d:0e:8e:c8:64:a7:b7:0d:75:ac:f9:c3:b8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8b:d9:15:2a:80:35:04:b2:7e:cd:c7:91:d7:89:8a:55:21:e3:07:3eSigner

Headers

File Characteristics

Imports

winmm

imm32

iphlpapi

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

oledlg

ws2_32

version

oleacc

winspool.drv

comdlg32

Sections

.text Size: 452KB - Virtual size: 448KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 20KB - Virtual size: 31KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:a9:e4:1d:0e:8e:c8:64:a7:b7:0d:75:ac:f9:c3:b8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8b:d9:15:2a:80:35:04:b2:7e:cd:c7:91:d7:89:8a:55:21:e3:07:3e
Signer

.text
Size: 452KB - Virtual size: 448KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB