2024-03-08_9612063ddb5d46c7068243cdb6a4b6ba_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_9612063ddb5d46c7068243cdb6a4b6ba_icedid
Size

1.4MB
MD5

9612063ddb5d46c7068243cdb6a4b6ba
SHA1

b6d74f0ae2170c245089f8f4b04cc632d74ec6cf
SHA256

4b919fd27f4ee71ff7ece779318d178f4edea5588210b2bd2c9788974244ac41
SHA512

510a2964f7e897c7c871f197cd8fadb29dabf8b6800418aff2069dcf968ce4ca27b2617be555181b15abed54cc57c36fc2824caaa6c1d02189f8a62b2c3738ed
SSDEEP

12288:+SEHB1DvPpbey41bKtpFKYaUoBCComFVqouG5MxsdXs0Vq7UNVV9u:+fB1DpbwctpdO5Ksd8x7UNVV9u

Score

1^/10

Malware Config

Signatures

Files

2024-03-08_9612063ddb5d46c7068243cdb6a4b6ba_icedid
.exe windows:4 windows x86 arch:x86

9684b85fefdedd703f3b27e17efac3f0

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:01:b2:e5:0e:fd:4c:77:bf:cc:40:10:8b:0e:3c:ff
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2013, 23:59

Subject

CN=上海格尔软件股份有限公司,O=上海格尔软件股份有限公司,POSTALCODE=200042,STREET=www.koal.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

53:e4:5b:62:3d:6f:53:ac:f2:f0:8e:0b:75:c0:95:97:f7:68:ac:02
Signer

Actual PE Digest

53:e4:5b:62:3d:6f:53:ac:f2:f0:8e:0b:75:c0:95:97:f7:68:ac:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\WorkDir\koal\project-xiuxiu\source\taksi\src\Release\TaksiExe.pdb

Imports

winmm

waveInGetNumDevs

comctl32

ord17

kernel32

GetLocaleInfoA
InitializeCriticalSection
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
VirtualAlloc
VirtualProtect
LCMapStringW
LCMapStringA
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
RaiseException
ExitProcess
RtlUnwind
QueryPerformanceFrequency
SetStdHandle
FlushFileBuffers
HeapFree
SetFilePointer
CreateMutexA
GetCurrentProcessId
WideCharToMultiByte
GlobalMemoryStatusEx
GetSystemInfo
CopyFileA
FreeLibrary
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
lstrcmpiA
lstrcpyA
GetLastError
DeleteFileA
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
OpenProcess
GetExitCodeProcess
GetTickCount
GetCurrentThreadId
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
lstrcpynA
CreateProcessA
QueryPerformanceCounter
CloseHandle

user32

ReleaseDC
DestroyWindow
GetDlgItem
UnhookWindowsHookEx
LoadStringA
ModifyMenuA
SetForegroundWindow
ShowWindow
DialogBoxParamA
FindWindowA
InvalidateRect
GetAsyncKeyState
GetParent
CallWindowProcA
SetActiveWindow
GetMessageA
DispatchMessageA
IsDialogMessageA
TranslateMessage
SendMessageTimeoutA
UnloadKeyboardLayout
GetKeyboardLayoutList
BroadcastSystemMessageA
SystemParametersInfoA
GetDlgCtrlID
EnableWindow
GetWindowTextA
SetFocus
LoadBitmapA
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRectEx
PostQuitMessage
DrawMenuBar
RegisterWindowMessageA
CreateWindowExA
SetWindowPos
SetTimer
KillTimer
SetWindowTextA
SetWindowsHookExA
GetClassNameA
CallNextHookEx
FillRect
DrawTextA
GetCursorPos
TrackPopupMenu
GetDC
IsWindowVisible
GetSystemMetrics
GetWindowLongA
SetWindowLongA
SendMessageA
GetClientRect
CreateDialogParamA
LoadMenuA
GetSubMenu
LoadImageA
DestroyIcon
RemoveMenu
GetMenuItemCount
GetMenuStringA
GetMenuItemID
EndDialog
SetDlgItemTextA
GetForegroundWindow
MessageBoxA
GetWindowRect
SetWindowRgn
DefWindowProcA

gdi32

MoveToEx
LineTo
BitBlt
CreateCompatibleDC
SetBkMode
SetTextColor
TextOutA
CreateRoundRectRgn
SelectObject
DeleteDC
GetObjectA
DeleteObject
CreateSolidBrush
CreateFontA
CreatePatternBrush
CreatePen

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

kgrdll

?get_DllInt@CDllFile@@QBEIXZ
??1CTaksiConfig@@QAE@XZ
??0CTaksiConfig@@QAE@XZ
?CopyTransInfo@CTaksiTransactionInfo@@QAEXABU1@@Z
?UpdateInfo@CTaksiDll@@QAEXXZ
?InitMaster@CTaksiDll@@QAE_NPAUHWND__@@K@Z
?ResetTransactionInfo@CTaksiTransactionInfo@@QAEXXZ
?sg_ProcStats@@3UCTaksiProcStats@@A
?Debug_Info@CLogBase@@QAAHPBDZZ
?g_pLog@@3PAVCLogBase@@A
?GetHotKeyName@CTaksiConfigData@@QAEHPADHW4TAKSI_HOTKEY_TYPE@@@Z
?IsInEvidence@CTaksiDll@@QAE_NXZ
?sg_Dll@@3UCTaksiDll@@A
?CHttpLink_GotoURL@@YAPAUHINSTANCE__@@PBDH@Z
?sg_Config@@3UCTaksiConfigData@@A
?IsActive@CTaksiDll@@QAE_NXZ
?GetProcAddress@CDllFile@@QBEP6GHXZPBD@Z
??1CDllFile@@QAE@XZ
?LoadDll@CDllFile@@QAEJPBD@Z
??0CDllFile@@QAE@PAUHINSTANCE__@@_N@Z
?IsWindows5@CTaksiConfigData@@QAE_NXZ
?CaptureDesktop@CTaksiDll@@QAEXXZ
?SyncProcStats@CTaksiDll@@QAEX_N@Z
?Debug_Error@CLogBase@@QAAHPBDZZ
??1CNTHandle@@QAE@XZ
?get_DataRecMeg@CTaksiProcStats@@QBEMXZ
?GetFileTitlePtr@@YAPADPAD@Z
?IsInTransaction@CTaksiTransactionInfo@@QAE_NXZ
?sg_TransInfo@@3UCTaksiTransactionInfo@@A
?UpdateMaster@CTaksiDll@@QAEXXZ
??BCNTHandle@@QBEPAXXZ
?IsValidHandle@CNTHandle@@QBE_NXZ
?IsRecordingDesktop@CTaksiDll@@QAE_NXZ
?AttachHandle@CNTHandle@@QAEXPAX@Z
?DetachHandle@CNTHandle@@QAEPAXXZ
??0CNTHandle@@QAE@PAX@Z
?AutoLogin@CTaksiDll@@QAEXXZ
?IsGuiLoginGame@CTaksiDll@@QAE_NPBD@Z
?IsHotkeyEnabled@CTaksiDll@@QAE_NW4TAKSI_HOTKEY_TYPE@@@Z
?HookCBT_Install@CTaksiDll@@QAE_NXZ
?EnableDirectInput@CTaksiDll@@QAEX_N@Z
?GetHotKey@CTaksiConfigData@@QBEGW4TAKSI_HOTKEY_TYPE@@@Z
?WriteIniFile@CTaksiConfig@@QAE_NXZ
?SetActive@CTaksiDll@@QAEX_N@Z
?CopyConfig@CTaksiConfigData@@QAEXABU1@@Z
?Instance@CWaveRecorder@@SAPAV1@XZ
?Debug_Warn@CLogBase@@QAAHPBDZZ
?UpdateConfigCustom@CTaksiDll@@QAEXXZ
?PropGet@CTaksiConfig@@UBEHHPADH@Z
?FixCaptureDir@CTaksiConfigData@@QAEJXZ
?InitRecorder@CWaveRecorder@@QAE_NK_NK0@Z
?IsHDAudioDevice@CWaveRecorder@@QAE_NK@Z
?SetHotKey@CTaksiConfigData@@QAE_NW4TAKSI_HOTKEY_TYPE@@G@Z
?InitRecorderForVista@CWaveRecorder@@QAE_NK_NK0@Z
?SetFormatBySoundQuality@CWaveFormat@@QAE_NK@Z
?IsRequireImproveSmoothGame@CTaksiDll@@QAE_NPBD@Z
?DestroyDll@CTaksiDll@@QAEXXZ
?InitConfig@CTaksiConfigData@@QAEXXZ
??0CWaveACMInt@@QAE@XZ
??1CWaveACMInt@@QAE@XZ
?GetCodecInfo@CVideoCodec@@QBE_NAAUICINFO@@@Z
?ReadIniFile@CTaksiConfig@@QAE_NXZ
?SetTransInfo@CTaksiTransactionInfo@@QAE_NPAD0@Z

shlwapi

StrTrimA
UrlUnescapeA

imm32

ImmInstallIMEA
ImmIsIME
ImmGetDescriptionA
ImmGetIMEFileNameA

crypt32

CryptMsgClose
CryptMsgOpenToEncode
CryptMsgUpdate
CryptMsgGetParam

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9684b85fefdedd703f3b27e17efac3f0

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

3f:01:b2:e5:0e:fd:4c:77:bf:cc:40:10:8b:0e:3c:ffCertificate

Extended Key Usages

Key Usages

53:e4:5b:62:3d:6f:53:ac:f2:f0:8e:0b:75:c0:95:97:f7:68:ac:02Signer

Headers

File Characteristics

PDB Paths

Imports

winmm

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

kgrdll

shlwapi

imm32

crypt32

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

3f:01:b2:e5:0e:fd:4c:77:bf:cc:40:10:8b:0e:3c:ff
Certificate

53:e4:5b:62:3d:6f:53:ac:f2:f0:8e:0b:75:c0:95:97:f7:68:ac:02
Signer

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB