2024-02-29_9b3ca687a6bfc5423c861c38a04d77d0_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-29_9b3ca687a6bfc5423c861c38a04d77d0_icedid
Size

784KB
MD5

9b3ca687a6bfc5423c861c38a04d77d0
SHA1

0e2f6624c9f1dfdfdff6d1b73ef7612e7b638c58
SHA256

eb02d8dee868760bd63b22bb17cd6114323cd5e5b99ab9297654e802341e4e4c
SHA512

2837e883386da2e2efa8ba47989f89521ed17f7b2b0d8c38b177ad809edbb88c5c1bc667b42c0766d5386ea7fa52980765986495be017e120b089464048d4592
SSDEEP

12288:dy56KFQQOWF09KFbBfFmn06IzunUKKKCjrJwc1cJ0:+FKK09KFbBf8eqkFP

Score

1^/10

Malware Config

Signatures

Files

2024-02-29_9b3ca687a6bfc5423c861c38a04d77d0_icedid
.exe windows:5 windows x86 arch:x86

926610d397b4f7a76a00b56c699d570d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:68:3c:04:98:1e:3c:13:7c:af:f2:4c:74:87:ec:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/11/2010, 00:00

Not After

21/11/2013, 23:59

Subject

CN=Beijing HaitaiFangyuan High Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Techsupport Dept,O=Beijing HaitaiFangyuan High Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:d5:2a:79:59:e2:12:ff:71:d3:d6:75:15:0a:79:c8:f9:8f:c3:9f
Signer

Actual PE Digest

55:d5:2a:79:59:e2:12:ff:71:d3:d6:75:15:0a:79:c8:f9:8f:c3:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringA
CertCreateCertificateContext
CertFreeCertificateContext

shlwapi

PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA
PathFindFileNameA
StrStrIA
PathFindExtensionA

kernel32

GetModuleHandleW
FindResourceExA
SetErrorMode
GetFileAttributesExA
LocalFileTimeToFileTime
GetFileSizeEx
GetTickCount
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
VirtualQuery
WriteConsoleW
GetFileType
GetStdHandle
GetCommandLineA
GetStartupInfoA
HeapReAlloc
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GetVersion
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
GetTempFileNameA
GetTempPathA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetCurrentDirectoryA
GetFileAttributesA
GetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
CreateMutexA
GetSystemDefaultLangID
Sleep
GetPrivateProfileIntA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
SystemTimeToFileTime
GetSystemTime
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
GetModuleFileNameW
WaitForSingleObject
VirtualProtect
GlobalAlloc
FormatMessageA
LocalFree
GetCurrentProcessId
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
SetLastError
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileStringA
RaiseException
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
lstrlenW
lstrlenA
GetModuleHandleA

user32

InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetWindowRgn
DrawIcon
IsRectEmpty
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
CharUpperA
GetMessageA
TranslateMessage
MapDialogRect
GetAsyncKeyState
GetWindowThreadProcessId
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
MoveWindow
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
EnableMenuItem
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
SetMenu
SetRect
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
GetMenu
IntersectRect
GetWindowPlacement
GetWindow
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
GetIconInfo
DrawStateA
DrawFocusRect
GetSysColor
TrackPopupMenuEx
WindowFromPoint
GetActiveWindow
GetNextDlgTabItem
DestroyIcon
DestroyCursor
DestroyMenu
KillTimer
PtInRect
SetCursor
ShowCursor
SystemParametersInfoA
LoadCursorA
LoadBitmapA
CharNextA
RegisterWindowMessageA
CopyAcceleratorTableA
EnableWindow
UnregisterClassA
SetTimer
LoadMenuA
RemoveMenu
GetSubMenu
SetMenuDefaultItem
GetCursorPos
CreateDialogParamA
GetSystemMetrics
CallNextHookEx
BeginPaint
FillRect
GetWindowTextA
DrawTextA
FrameRect
InflateRect
GetWindowLongA
EndPaint
GetSysColorBrush
GetMenuItemInfoA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
GetDC
ValidateRect
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetScrollRange
TranslateAcceleratorA
GetClientRect
GetClassNameA
InvalidateRect
IsChild
GetWindowRect
SetForegroundWindow
SendMessageA
MessageBoxA
DestroyWindow
SetWindowTextA
UpdateWindow
LoadIconA
GetParent
GetForegroundWindow
GetFocus
LoadImageA
GetDesktopWindow
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
DefWindowProcA
SetWindowPos
OffsetRect
CopyRect
ShowWindow
SetActiveWindow
FindWindowA
IsWindow
GetDlgItem
keybd_event
UnhookWindowsHookEx
GetKeyState
SetWindowLongA
PostMessageA
TrackPopupMenu
ReleaseDC
SetCapture
ReleaseCapture
CallWindowProcA
IsIconic
ModifyMenuA
CheckMenuItem
ClientToScreen
GetSystemMenu
GetLastActivePopup

gdi32

SetStretchBltMode
SetMapMode
LineTo
MoveToEx
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
RestoreDC
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetDeviceCaps
CreatePen
CreateSolidBrush
CreateRectRgnIndirect
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
CreateFontIndirectA
GetTextExtentPoint32A
GetMapMode
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
SaveDC
GetClipBox
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
StretchBlt
CreateCompatibleDC
SelectObject
SetBkMode
CreatePalette
SetDIBitsToDevice
StretchDIBits
GetObjectA
GetDIBits
RealizePalette
SetWindowExtEx
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryInfoKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegSetValueA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA
Shell_NotifyIconA
ShellExecuteExA
SHGetFileInfoA
ExtractIconA
ShellExecuteA
DragFinish

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoGetClassObject
OleIsCurrentClipboard
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoCreateInstance
CoInitialize
CoUninitialize
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VarUI4FromStr
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysFreeString

ws2_32

socket
setsockopt
ioctlsocket
htons
connect
select
closesocket
recv
ntohl
WSAStartup

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

926610d397b4f7a76a00b56c699d570d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7e:68:3c:04:98:1e:3c:13:7c:af:f2:4c:74:87:ec:27Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

55:d5:2a:79:59:e2:12:ff:71:d3:d6:75:15:0a:79:c8:f9:8f:c3:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 429KB - Virtual size: 428KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 14KB - Virtual size: 30KB

.rsrc Size: 222KB - Virtual size: 222KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7e:68:3c:04:98:1e:3c:13:7c:af:f2:4c:74:87:ec:27
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

55:d5:2a:79:59:e2:12:ff:71:d3:d6:75:15:0a:79:c8:f9:8f:c3:9f
Signer

.text
Size: 429KB - Virtual size: 428KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 14KB - Virtual size: 30KB

.rsrc
Size: 222KB - Virtual size: 222KB