2024-03-08_ca0b94a6dc88f688dfae0e7da309fd47_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_ca0b94a6dc88f688dfae0e7da309fd47_icedid
Size

449KB
MD5

ca0b94a6dc88f688dfae0e7da309fd47
SHA1

32543f475e13e37a70892eeba13e502206bbbe5b
SHA256

d2b87de6398c875398d3e09cde0cc3028994fcab8fc16792a96c7bb7ce624097
SHA512

f392c96f4734efc26efad117390fef96901e65380eab65d9a09afd992f812ca1357c980a6386ccb249b779fe2e5490adab8da98ebb33a6db586f98ddee226c15
SSDEEP

12288:U6RC6xTUMhLtAaQuhbT3Gefw+cTCPkHJlZ:+6xTNtAcbT3Gh5Tt

Score

1^/10

Malware Config

Signatures

Files

2024-03-08_ca0b94a6dc88f688dfae0e7da309fd47_icedid
.exe windows:4 windows x86 arch:x86

67c7758513301c7f017b04e39fb6d728

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:a9:28:3b:85:8b:5c:a7:78:71:25:f6:d1:1f:fc:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/08/2011, 00:00

Not After

18/10/2012, 23:59

Subject

CN=Cloanto Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Cloanto Corporation,O=Cloanto Corporation,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:4f:69:eb:b3:8f:d9:68:b5:69:87:cc:4c:1e:e0:39:09:af:81:f3
Signer

Actual PE Digest

dc:4f:69:eb:b3:8f:d9:68:b5:69:87:cc:4c:1e:e0:39:09:af:81:f3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\MenuBox\Release\MenuBox.pdb

Imports

kernel32

TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
Sleep
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalFlags
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetStartupInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileW
GetFileAttributesW
GetFileTime
lstrlenA
lstrcmpA
CompareStringA
GetStringTypeA
LCMapStringA
GetModuleHandleA
GetVersion
SetLastError
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
GetPrivateProfileStringA
GetCommandLineA
GetACP
GetUserDefaultLCID
CreateFileA
GetFileSize
ReadFile
GetLastError
GetLogicalDriveStringsA
SetErrorMode
GetDriveTypeA
GetVolumeInformationA
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
GetProcAddress
GetLocaleInfoA
ExpandEnvironmentStringsA
GetThreadLocale
GetShortPathNameA
GetFullPathNameA
CloseHandle
GlobalAlloc
GlobalSize
GlobalFree
FormatMessageA
FreeLibrary
LoadLibraryA
LocalAlloc
GetFileAttributesA
LocalFree
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersionExA
InterlockedIncrement
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
InterlockedDecrement
MulDiv
GlobalUnlock
GlobalLock
InterlockedExchange
GetModuleFileNameW

user32

CharLowerA
CharUpperA
FindWindowA
GetClassInfoA
LoadCursorA
RegisterClassA
FillRect
DrawEdge
DrawTextA
GetUpdateRect
BeginPaint
EndPaint
DefWindowProcA
UnregisterClassA
IsWindow
IsWindowVisible
GetMessageA
TranslateMessage
EnumWindows
GetWindowThreadProcessId
IsZoomed
GetWindowPlacement
SetWindowPlacement
GetSystemMenu
EnableMenuItem
IsIconic
DrawIcon
GetDC
ReleaseDC
CallWindowProcA
ValidateRect
ClientToScreen
WindowFromPoint
GetFocus
IsChild
PtInRect
SetCursor
GetSysColorBrush
GetClassNameA
CreateWindowExA
GetCursorPos
GetCursor
GetIconInfo
DestroyWindow
KillTimer
SetTimer
GetSysColor
SetFocus
GetParent
GetWindowTextA
SetWindowTextA
ShowWindow
OffsetRect
IntersectRect
GetDesktopWindow
EnableWindow
InvalidateRect
ScreenToClient
MessageBoxIndirectA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
GetSystemMetrics
LoadImageA
DialogBoxParamA
EndDialog
MapDialogRect
SendMessageA
GetDlgItem
GetClientRect
InflateRect
SetForegroundWindow
GetWindowRect
SetWindowPos
wsprintfA
LoadStringA
DestroyIcon
GetWindowLongA
SetWindowLongA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CopyAcceleratorTableA
CopyRect
IsRectEmpty
IsWindowEnabled
SetRect
EqualRect
InvalidateRgn
SetCapture
ReleaseCapture
UnhookWindowsHookEx
TabbedTextOutA
DrawTextExA
GrayStringA
GetWindowDC
GetWindow
SystemParametersInfoA
GetMenu
GetDlgCtrlID
AdjustWindowRectEx
GetClassInfoExA
UpdateWindow
SetMenu
GetKeyState
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
CheckMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
MoveWindow
SetWindowContextHelpId
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
GetActiveWindow
CreateDialogIndirectParamA
CharNextA
RegisterClipboardFormatA
DestroyMenu
PostThreadMessageA

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdi32

GetTextColor
GetBkColor
GetMapMode
CreateSolidBrush
SelectPalette
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetBkColor
RestoreDC
SaveDC
GetRgnBox
GetDeviceCaps
GetDIBColorTable
BitBlt
RealizePalette
CreateHalftonePalette
CreatePalette
GetStockObject
SetMapMode
SelectObject
SetBkMode
SetTextColor
GetObjectA
DeleteObject
GetTextFaceA
FillRgn
CreateCompatibleDC
CombineRgn
CreateRectRgnIndirect
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

oledlg

ord8

Exports

Exports

_CharLowerW@4
_CharUpperW@4
_CoInitializeEx@8
_CompareStringW@24
_GetFileAttributesExA@12
_GetFileAttributesExW@12
_GetFileSizeEx@8
_GetLocaleInfoW@16
_GetMenuBarInfo@16
_GetModuleHandleW@4
_GetStringTypeW@16
_InitializeCriticalSectionAndSpinCount@8
_InterlockedCompareExchange@12
_IsDebuggerPresent@0
_IsProcessorFeaturePresent@4
_LCMapStringW@24
_MultiByteToWideChar@24
_WideCharToMultiByte@32
_lstrcmpW@8
_lstrlenW@4

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67c7758513301c7f017b04e39fb6d728

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

58:a9:28:3b:85:8b:5c:a7:78:71:25:f6:d1:1f:fc:09Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

dc:4f:69:eb:b3:8f:d9:68:b5:69:87:cc:4c:1e:e0:39:09:af:81:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

version

gdi32

comdlg32

winspool.drv

advapi32

shell32

oledlg

Exports

Exports

Sections

.text Size: 285KB - Virtual size: 285KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 23KB - Virtual size: 40KB

.rsrc Size: 62KB - Virtual size: 61KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

58:a9:28:3b:85:8b:5c:a7:78:71:25:f6:d1:1f:fc:09
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

dc:4f:69:eb:b3:8f:d9:68:b5:69:87:cc:4c:1e:e0:39:09:af:81:f3
Signer

.text
Size: 285KB - Virtual size: 285KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 23KB - Virtual size: 40KB

.rsrc
Size: 62KB - Virtual size: 61KB