2024-03-08_fe4da0deac4cf5bdbf1c78480143467b_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_fe4da0deac4cf5bdbf1c78480143467b_icedid
Size

805KB
MD5

fe4da0deac4cf5bdbf1c78480143467b
SHA1

480f66d211cf292494aaa36e48a67507295318bd
SHA256

a0ef8e22de25f0f8a668d800dacb82438954d50f693f4e6c581316158bb7c276
SHA512

6bf3777353888dda32d2febd5e05ccdcdc19d7147a888b3ef2365e1e53e19cc00ab138658ac93a8d153318b340618f057d578fcab4593dd46c8d9e53ae18ea19
SSDEEP

6144:UkPf1wB+NddP/mYRiGpjg3LNvq2LvOLxHJhCxwhCioKUKhOLkTB+aRLud5QhGmul:UwffhRTpYNtLmXCwhCioKU2OyRROBcRU

Score

1^/10

Malware Config

Signatures

Files

2024-03-08_fe4da0deac4cf5bdbf1c78480143467b_icedid
.exe windows:5 windows x86 arch:x86

17cb6e73074a413878272009b8c9da4d

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:df:16:0a:50:58:b5:50:a5:1d:6d:87:3e:4a:d7:48
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

16/06/2008, 01:33

Not After

21/06/2009, 10:12

Subject

CN=Xinics Inc.,OU=Research Center,O=Xinics Inc.,L=Kyunggi,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

62:3b:91:6c:40:94:06:56:4e:85:7e:10:37:8e:9e:d6:80:8c:f8:e1
Signer

Actual PE Digest

62:3b:91:6c:40:94:06:56:4e:85:7e:10:37:8e:9e:d6:80:8c:f8:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
HeapCreate
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
LCMapStringW
LCMapStringA
GetModuleFileNameA
IsValidCodePage
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
ExitProcess
Sleep
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RaiseException
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
RtlUnwind
GetTickCount
SetErrorMode
GetFileSizeEx
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetStringTypeExA
DeleteFileA
MoveFileA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
SystemTimeToFileTime
FileTimeToSystemTime
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleW
GetThreadLocale
InterlockedIncrement
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FreeResource
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FreeLibrary
lstrlenA
GetProcAddress
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleHandleA

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharUpperA
DestroyIcon
UnregisterClassA
WindowFromPoint
DeleteMenu
GetMenuItemInfoA
InflateRect
GetSysColorBrush
CharNextA
SetCapture
SetWindowRgn
DrawIcon
IsRectEmpty
LoadCursorA
DestroyCursor
SetRect
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetDC
ReleaseDC
IsZoomed
GetSystemMetrics
GetClassNameA
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadImageA
GetWindowRect
UpdateWindow
SetTimer
KillTimer
LoadMenuA
DestroyMenu
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetKeyState
LoadIconA
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
CreateMenu
PostThreadMessageA
GetTabbedTextExtentA
RegisterClipboardFormatA
RemovePropA
EnableWindow
PostQuitMessage
AdjustWindowRectEx
GetClientRect
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
TranslateAcceleratorA
IsWindow
GetWindowLongA
ShowWindow
GetWindow
GetDesktopWindow
SetMenu
PostMessageA
BringWindowToTop
GetLastActivePopup
GetMenu
CopyRect
SetRectEmpty
OffsetRect
IntersectRect
GetClassInfoA
CreatePopupMenu
InsertMenuItemA
SendMessageA
IsIconic
InvalidateRect
IsWindowVisible
SetActiveWindow
GetParent
LoadAcceleratorsA
CreateDialogIndirectParamA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SelectPalette
CreatePen
CreateSolidBrush
DPtoLP
StartPage
EndPage
SetAbortProc
AbortDoc
SetWindowOrgEx
GetViewportOrgEx
Rectangle
PatBlt
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
EndDoc
GetDIBColorTable
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
StretchDIBits
DeleteDC
CreateFontA
GetCharWidthA
DeleteObject
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
CreateCompatibleBitmap
CreateDCA
BitBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
CreateHalftonePalette
CreatePalette
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

GetJobA
DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyA

shell32

DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
VariantTimeToSystemTime

Sections

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17cb6e73074a413878272009b8c9da4d

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0b:df:16:0a:50:58:b5:50:a5:1d:6d:87:3e:4a:d7:48Certificate

Extended Key Usages

62:3b:91:6c:40:94:06:56:4e:85:7e:10:37:8e:9e:d6:80:8c:f8:e1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 321KB - Virtual size: 320KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 384KB - Virtual size: 383KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0b:df:16:0a:50:58:b5:50:a5:1d:6d:87:3e:4a:d7:48
Certificate

62:3b:91:6c:40:94:06:56:4e:85:7e:10:37:8e:9e:d6:80:8c:f8:e1
Signer

.text
Size: 321KB - Virtual size: 320KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 384KB - Virtual size: 383KB