2024-03-06_433a7fedc6ae1adf9f5821950ed332fc_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-06_433a7fedc6ae1adf9f5821950ed332fc_icedid
Size

2.9MB
MD5

433a7fedc6ae1adf9f5821950ed332fc
SHA1

d2e065ef00776eeb5144d391243cc42e1d5ed850
SHA256

3aaa58936399ee2f21776c531acc825efca601a5def92a4e2b1886aa4df3836b
SHA512

95e87ad753981c5c042607eaafe96a8a959bc708ad056a797e4c6ae02b4ae29812242942f74117f9fd778d0e0f96ad47bb92f8beb4354f898d60b5363bd1daed
SSDEEP

24576:WCb1pa0B6VonrAYr/exw7MGgD9pLs9iJinaN:W86VorAYrywDgTs9iJinaN

Score

1^/10

Malware Config

Signatures

Files

2024-03-06_433a7fedc6ae1adf9f5821950ed332fc_icedid
.exe windows:4 windows x86 arch:x86

9909d9b588bd4d91f6b355967de5c2de

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5b:41:7c:56:b7:e8:47:c2:14:5e:ce:1a:d8:9c:19
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/04/2013, 00:00

Not After

24/06/2014, 23:59

Subject

CN=Trigem Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Platform Business Dept.,O=Trigem Computer Inc.,L=Ansan-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:d0:67:4c:8f:8c:b5:9e:9b:40:1f:45:4c:8c:1c:eb:b7:2d:4d:32
Signer

Actual PE Digest

e8:d0:67:4c:8f:8c:b5:9e:9b:40:1f:45:4c:8c:1c:eb:b7:2d:4d:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhard_clean2\__Webhard\src_client\up_client\ReleaseTGtunesUp.pdb

Imports

shell32

DragQueryFileA
SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA
DragFinish
Shell_NotifyIconA

avcodec-52

ord1928
ord1908
ord1964
ord1915
ord1962
ord1910
ord1926
ord1924
ord1912
ord1943

avformat-52

ord91
ord102
ord107
ord60
ord98
ord70

avutil-49

ord43
ord30

swscale-0

ord73
ord66
ord60

kernel32

LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GetFileAttributesA
GetFileTime
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
FlushFileBuffers
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
GetStartupInfoA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
GetCurrentProcessId
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
GetProcessHeap
GetLocalTime
GetCurrentProcess
GetCommandLineA
FreeLibrary
lstrcmpA
GetSystemDirectoryA
DeleteFileA
GetNumberFormatA
ExpandEnvironmentStringsA
CreateDirectoryA
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameA
GetCurrentThreadId
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetTickCount
CloseHandle
CreateMutexA
Sleep
CompareStringA
CompareStringW
InterlockedExchange
GetVersion
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
MultiByteToWideChar
lstrcpynA
MulDiv
lstrcpyA
lstrlenA
GetCPInfo
CreateFileW

user32

ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
DrawIcon
LoadCursorA
GetSysColorBrush
GetMenuItemInfoA
UnregisterClassA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
TranslateAcceleratorA
SetMenu
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
PostThreadMessageA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
ScrollWindow
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PeekMessageA
TranslateMessage
DispatchMessageA
ExitWindowsEx
ReplyMessage
SetWindowPos
ReleaseDC
MapWindowPoints
EnumChildWindows
GetClassNameA
FindWindowA
SetWindowRgn
GetActiveWindow
GetDC
SetRect
GetParent
IsWindow
SetWindowLongA
CallWindowProcA
RedrawWindow
UpdateWindow
SetCursor
LoadBitmapA
GetWindowRect
GetClientRect
SetTimer
KillTimer
EnableWindow
WindowFromPoint
SetCapture
GetCapture
ClientToScreen
OffsetRect
DestroyIcon
LoadImageA
GetIconInfo
ReleaseCapture
GetSysColor
GetSystemMetrics
CloseWindow
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
SetForegroundWindow
ShowWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
DrawTextExA
GetWindowDC
GrayStringA
GetMenu
SendMessageA
LoadIconA
DrawIconEx
GetWindowLongA
CopyRect
PtInRect
InflateRect
FillRect
DrawFocusRect
InvalidateRect
GetFocus
CharUpperA
GetClassInfoA
MessageBoxA
PostMessageA
DrawTextA

gdi32

CreateDIBSection
CreateFontA
CreateRectRgn
GetPixel
CreateDCA
SetStretchBltMode
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtCreateRegion
ExtSelectClipRgn
CreatePatternBrush
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
CombineRgn
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreateSolidBrush
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRoundRectRgn
SetDIBColorTable

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathGetArgsA
PathFindExtensionW
PathFindExtensionA
StrFormatByteSize64A
PathRemoveFileSpecA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromProgID

oleaut32

SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SysAllocString
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysFreeString

ws2_32

WSARecv
WSASend
WSAWaitForMultipleEvents
WSAConnect
WSASocketA
select
WSAGetLastError
__WSAFDIsSet
send
socket
closesocket
setsockopt
inet_addr
WSAStartup
WSACleanup
connect
htons

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetGetCookieA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromStreamICM
GdipGetImageEncodersSize
GdipCreateBitmapFromStream
GdipAlloc
GdipCloneImage
GdipFree
GdipDisposeImage
GdiplusShutdown

xkcsdk_xktgtunes

xk_IsXMovie
xk_NoticeXmovie

Sections

.text
Size: 524KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9909d9b588bd4d91f6b355967de5c2de

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

62:5b:41:7c:56:b7:e8:47:c2:14:5e:ce:1a:d8:9c:19Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e8:d0:67:4c:8f:8c:b5:9e:9b:40:1f:45:4c:8c:1c:eb:b7:2d:4d:32Signer

Headers

File Characteristics

PDB Paths

Imports

shell32

avcodec-52

avformat-52

avutil-49

swscale-0

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

version

gdiplus

xkcsdk_xktgtunes

Sections

.text Size: 524KB - Virtual size: 520KB

.rdata Size: 120KB - Virtual size: 117KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

62:5b:41:7c:56:b7:e8:47:c2:14:5e:ce:1a:d8:9c:19
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e8:d0:67:4c:8f:8c:b5:9e:9b:40:1f:45:4c:8c:1c:eb:b7:2d:4d:32
Signer

.text
Size: 524KB - Virtual size: 520KB

.rdata
Size: 120KB - Virtual size: 117KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB