2024-02-25_fd63f990fa1d87c0271c9e6ef08c2b5f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_fd63f990fa1d87c0271c9e6ef08c2b5f_icedid
Size

651KB
MD5

fd63f990fa1d87c0271c9e6ef08c2b5f
SHA1

653b1fce74d7781c57f547f4bb8054ea15a77764
SHA256

2dc9d777f55fd0c94948b78c88b9700f77368ebdf0133fcc8d2dc281ea99c390
SHA512

12b37a09a329808216ccc20238d4c769c93c449f001f5787e403acfede25f33f83d7921a56c81bb52467c08008a7ce380d384b83229a905e4f105352f8140d77
SSDEEP

12288:NnEN/LQ92no96WGlz2269nndeo4fJG9ByD4y9m:xuyeWndeogGiD4y9m

Score

1^/10

Malware Config

Signatures

Files

2024-02-25_fd63f990fa1d87c0271c9e6ef08c2b5f_icedid
.exe windows:5 windows x86 arch:x86

5cf7a29151f15a628d4e880bc9c3376f

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:c3:89:61:1c:65:6a:f0:d3:ab:84:78:6e:c9:51:79:46
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

27/06/2011, 03:56

Not After

27/06/2014, 03:56

Subject

CN=Hangzhou Shunwang Technology Co.\,Ltd,O=Hangzhou Shunwang Technology Co.\,Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WorkCopies\newServer\IDC_Repo\GameIDCServerMain\tags\T_20120210_01_D\Source\Bin\Release\LocalSSS.pdb

Imports

iocptcp

TcpListen
TcpUninit
TcpInit
TcpInitMemoryPool
TcpDestroy
TcpCreate
TcpSend
TcpSetLinkAttr
TcpConnect
TcpGetLinkAddr

iocpudp

UdpSendTo
UdpUninit
UdpInit
UdpCreate

kernel32

GetModuleHandleW
GlobalGetAtomNameA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFlags
InterlockedExchange
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
RaiseException
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
GetModuleFileNameW
CompareStringA
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalHandle
QueryPerformanceCounter
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
TlsFree
ExitProcess
FreeLibrary
LocalReAlloc
TlsSetValue
HeapSize
TlsAlloc
CreateDirectoryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFileAttributesA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetLastError
DeleteFileA
TerminateProcess
GetCurrentProcess
CloseHandle
VirtualAlloc
AllocateUserPhysicalPages
HeapAlloc
GetProcessHeap
GetSystemInfo
VirtualFree
HeapFree
FreeUserPhysicalPages
MapUserPhysicalPages
OpenEventA
Sleep
SetConsoleCtrlHandler
GetModuleHandleA
HeapCreate
GetCommandLineA
SetUnhandledExceptionFilter
FormatMessageA
GetModuleFileNameA
VirtualQuery
IsBadWritePtr
FindClose
FindNextFileA
FindFirstFileA
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
SetErrorMode
GetProcAddress
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
MultiByteToWideChar
lstrlenA
lstrcmpA
SetLastError
WaitForSingleObject
CreateThread
GetTickCount
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
SetEvent
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
CreateEventA
MapViewOfFile
GetPrivateProfileStringA
GetVersionExA
CreateProcessA
GetTimeZoneInformation

user32

PostQuitMessage
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowTextA
ValidateRect
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowsHookExA
PeekMessageA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
CharUpperA
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
SendMessageA
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush

gdi32

SetTextColor
SetMapMode
GetClipBox
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
RestoreDC
SaveDC
SelectObject
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

ntohs
htonl
ntohl
htons

Sections

.text
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cf7a29151f15a628d4e880bc9c3376f

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

11:21:c3:89:61:1c:65:6a:f0:d3:ab:84:78:6e:c9:51:79:46Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 522KB - Virtual size: 521KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 22KB - Virtual size: 428KB

.rsrc Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

11:21:c3:89:61:1c:65:6a:f0:d3:ab:84:78:6e:c9:51:79:46
Certificate

.text
Size: 522KB - Virtual size: 521KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 22KB - Virtual size: 428KB

.rsrc
Size: 1KB - Virtual size: 1KB