2024-02-25_456ab822a70de15ae3e0328c65f64497_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_456ab822a70de15ae3e0328c65f64497_icedid
Size

5.1MB
MD5

456ab822a70de15ae3e0328c65f64497
SHA1

35e34e755d6795f95c3091662266584991acb90d
SHA256

ab02372d5a1f41cbdbf993e3bcf1f1bea27dd624b68e83deb5ee427467905af5
SHA512

e7f6b44181b3f3655361b07048472f76375c755247dbd697e577f9587d0c9719e49b4b931503d872b828f1b185ea78ce34cf50f04ec6af22b6738b7eaaeead1f
SSDEEP

98304:pqh+xhHzILDXhLOtB0ikIf/+3wg/pQykUr6RBrvIRlsVpIw8rHlbUPHL:pqAXHzILloHR+yRBrvUsV6/Lgr

Score

1^/10

Malware Config

Signatures

Files

2024-02-25_456ab822a70de15ae3e0328c65f64497_icedid
.exe windows:6 windows x86 arch:x86

bc3952b9873a8f15a696d18e686ccd4d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/12/2010, 00:00

Not After

06/12/2015, 23:59

Subject

CN=Dillobits Software\, Inc.,O=Dillobits Software\, Inc.,POSTALCODE=30041,STREET=2150 Arbor Chase,L=Cumming,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

af:44:40:bb:cf:f5:53:37:e0:50:5d:27:3d:a5:7f:fd:d8:5f:1c:29
Signer

Actual PE Digest

af:44:40:bb:cf:f5:53:37:e0:50:5d:27:3d:a5:7f:fd:d8:5f:1c:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\jcyr\data\dillobits\Projects\dev\InSync\exe\InSync.pdb

Imports

kernel32

IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
LCMapStringW
GetStringTypeW
GetCPInfo
GetOEMCP
CreateMailslotW
CreateWaitableTimerW
WaitForMultipleObjects
SetWaitableTimer
GetTimeFormatW
GetDateFormatW
GetDriveTypeW
GetTimeZoneInformation
GetACP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SizeofResource
SetStdHandle
VirtualQuery
HeapQueryInformation
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
RtlUnwind
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
SearchPathW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
lstrcmpiW
DuplicateHandle
UnlockFile
GetFullPathNameW
FlushFileBuffers
GetCurrentDirectoryW
lstrcpyW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GetThreadLocale
GlobalGetAtomNameW
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SuspendThread
SetThreadPriority
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringA
lstrcmpA
GetVersionExW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
CopyFileW
MulDiv
GlobalFree
GlobalSize
GlobalAlloc
IsWow64Process
GetVolumeInformationW
SetErrorMode
GetErrorMode
GetLogicalDrives
GetNumberFormatW
GetFileAttributesW
RemoveDirectoryW
GetOverlappedResult
FindNextFileW
FindClose
FindFirstFileW
MoveFileW
LocalAlloc
DeleteFileW
Sleep
DecodePointer
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThread
lstrlenW
GetQueuedCompletionStatus
ResetEvent
RaiseException
PostQueuedCompletionStatus
TerminateThread
GetExitCodeThread
CreateIoCompletionPort
InitializeCriticalSectionEx
GlobalUnlock
GlobalLock
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLocaleInfoW
GetSystemInfo
GetEnvironmentVariableW
LocalFree
FormatMessageW
GetFileSize
GetLocalTime
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResumeThread
VerSetConditionMask
VerifyVersionInfoW
SystemTimeToFileTime
GetSystemTime
CreateDirectoryW
GetComputerNameW
GetModuleFileNameW
IsDebuggerPresent
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
VirtualFree
SetLastError
SetFileTime
SetFileAttributesW
VirtualAlloc
WriteFile
GetLastError
ReadFile
CreateEventW
LockFile
SetEndOfFile
SetFilePointer
CreateFileW
WaitForSingleObject
CreateMutexW
CloseHandle
ReleaseMutex
MultiByteToWideChar
FindResourceW
LoadResource
LockResource

user32

RegisterClipboardFormatW
EnumChildWindows
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
WaitMessage
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
CharUpperW
TrackMouseEvent
SetParent
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DeleteMenu
MonitorFromPoint
EnableScrollBar
GetAsyncKeyState
UpdateLayeredWindow
IsMenu
UnionRect
EmptyClipboard
SetClipboardData
IntersectRect
EnumDisplayMonitors
SetLayeredWindowAttributes
RealChildWindowFromPoint
LoadCursorW
GetMenuItemInfoW
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
GetWindowThreadProcessId
ShowOwnedPopups
TranslateMessage
GetMessageW
GetSysColorBrush
SetWindowRgn
DrawStateW
GetSystemMetrics
DrawFrameControl
DrawEdge
SystemParametersInfoW
MessageBeep
IsZoomed
MapDialogRect
SetWindowContextHelpId
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
PostQuitMessage
LockWindowUpdate
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
GetIconInfo
CopyImage
IsRectEmpty
OffsetRect
SetRectEmpty
FillRect
ClientToScreen
GetCursorPos
SetCursor
ReleaseCapture
SetCapture
GetNextDlgGroupItem
InflateRect
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
EnableWindow
SendMessageW
SetTimer
KillTimer
PostMessageW
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
SetClassLongW
SetCursorPos
GetDoubleClickTime
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
GetUpdateRect
HideCaret
InvertRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetWindowTextLengthW
GetWindowTextW
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetComboBoxInfo
DestroyCursor
DrawIcon
GetWindowRgn
GetDesktopWindow
DestroyIcon
GetDC
ReleaseDC
GetParent
GetSysColor
DrawIconEx
LoadImageW
DrawFocusRect
InvalidateRect
BringWindowToTop
CreateMenu
GetSystemMenu
AppendMenuW
EnableMenuItem
IsIconic
MessageBoxW
SetClipboardViewer
OpenClipboard
GetClipboardData
CloseClipboard
UnregisterClassW
GetMenuStringW
GetMenuState
GetSubMenu
WindowFromPoint
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
LoadMenuW
GetWindowRect
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW

gdi32

CreateRoundRectRgn
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
SetPixelV
GetTextFaceW
GetDIBits
DPtoLP
SetRectRgn
GetMapMode
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
Polyline
Polygon
CreatePolygonRgn
PatBlt
GetTextColor
GetBkColor
Ellipse
CreateRectRgnIndirect
CreateEllipticRgn
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
GetRgnBox
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
Rectangle
SetDIBColorTable
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetTextExtentPoint32W
CreateSolidBrush
DeleteObject
GetTextMetricsW
GetObjectW
CreateFontIndirectW
DeleteDC
CopyMetaFileW
CreateDCW
GetDeviceCaps
CreateDIBSection
StretchBlt
SetPixel
OffsetWindowOrgEx
RealizePalette
SetBkColor
SetTextColor
CreateBitmap
CreateCompatibleDC
BitBlt
GetObjectType
SelectObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

InitiateSystemShutdownExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
SetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
EqualSid
DeleteAce
GetAce
GetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath
DragFinish
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
DragQueryFileW
SHGetDesktopFolder
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
ord191
SHStrDupW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground

ole32

CoDisconnectObject
CreateStreamOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoRegisterMessageFilter
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
StringFromCLSID
OleRun
CoInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayDestroy
SysAllocStringLen
SysStringLen
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantTimeToSystemTime
VariantClear
SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantChangeType
VariantInit
GetErrorInfo

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

dbghelp

MiniDumpWriteDump

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

powrprof

SetSuspendState

vssapi

CreateVssBackupComponentsInternal

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext

wintrust

WinVerifyTrust

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc3952b9873a8f15a696d18e686ccd4d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2fCertificate

Extended Key Usages

Key Usages

af:44:40:bb:cf:f5:53:37:e0:50:5d:27:3d:a5:7f:fd:d8:5f:1c:29Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

dbghelp

netapi32

version

mpr

powrprof

vssapi

crypt32

wintrust

oleacc

imm32

winmm

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 396KB - Virtual size: 396KB

.data Size: 28KB - Virtual size: 58KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2f
Certificate

af:44:40:bb:cf:f5:53:37:e0:50:5d:27:3d:a5:7f:fd:d8:5f:1c:29
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 396KB - Virtual size: 396KB

.data
Size: 28KB - Virtual size: 58KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB