2024-03-09_22454ee6cb3d5510269f367505ae3cca_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-09_22454ee6cb3d5510269f367505ae3cca_icedid
Size

261KB
MD5

22454ee6cb3d5510269f367505ae3cca
SHA1

8c4d82d811ba6749cee9696eb26d64b81db4b573
SHA256

2eb4b8c4d92b618dc06b9a3d18ebd95c8385b6ecec5750fcf425b6fd58593be0
SHA512

7286af2da354e8dc2859a89281df8eed2e0aa732f74657c906513b38ccb6dc64afafdbd4c10e7d668ee8c5260b7b4df2979dff83de22245ebadc679f90adb81a
SSDEEP

6144:VEu5EIm/t8n9Bc+RQy7fuFLCuP53jLLQpUV:r9Bc+77fuFeuP53jfQg

Score

1^/10

Malware Config

Signatures

Files

2024-03-09_22454ee6cb3d5510269f367505ae3cca_icedid
.exe windows:5 windows x86 arch:x86

3cc2d232899c681a839dee7f1e5952b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/10/2014, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Fuji Xerox Co.\, Ltd.,OU=Controller Platform Development III,O=Fuji Xerox Co.\, Ltd.,L=6-1 Minatomirai\, Nishi-ku\, Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:40:0e:7c:b0:9d:ee:5a:e6:fc:6e:56:f3:73:06:df:05:e5:09:0e
Signer

Actual PE Digest

b6:40:0e:7c:b0:9d:ee:5a:e6:fc:6e:56:f3:73:06:df:05:e5:09:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetModuleHandleA
GlobalFindAtomW
CompareStringW
GetVersionExA
InterlockedDecrement
MulDiv
GlobalUnlock
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GlobalLock
LoadLibraryA
GetLocalTime
WritePrivateProfileSectionW
GetModuleFileNameW
IsDBCSLeadByteEx
FormatMessageW
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetPrivateProfileSectionW
MoveFileExW
GetProcAddress
GetVersionExW
SetFileAttributesW
GetTickCount
Sleep
DeleteFileW
LoadLibraryW
GetUserDefaultUILanguage
WriteProfileStringW
GetPrivateProfileStringW
GetWindowsDirectoryW
WritePrivateProfileStringW
lstrcatW
LocalAlloc
LocalFree
lstrcpynW
GlobalAlloc
GlobalFree
GetProfileStringW
GetSystemDirectoryW
SetLastError
FreeLibrary
lstrlenW
GetLastError
lstrcmpiW
FindFirstFileW
FindClose
MultiByteToWideChar
lstrlenA
lstrcpyW
lstrcmpW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
SetHandleCount

user32

UnregisterClassW
GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
PeekMessageW
SendMessageTimeoutW
wsprintfW
GetActiveWindow
MessageBoxW
LoadBitmapW
OffsetRect
ScreenToClient
GetClientRect
LoadIconW
GetSystemMenu
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
SendMessageW
EnableWindow
GetWindowRect
PtInRect
FindWindowW
SetForegroundWindow
GetWindowTextW

gdi32

DPtoLP
PtVisible
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
GetObjectW
GetStockObject
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
CreateFontIndirectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
SelectObject
DeleteDC
DeleteObject
RectVisible

winspool.drv

DeleteMonitorW
DeletePrinter
EnumPrinterDriversW
EnumPrintersW
ClosePrinter
GetPrinterW
OpenPrinterW
DocumentPropertiesW
DeletePrinterDriverW
DeletePrinterConnectionW
GetPrinterDriverDirectoryW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
StartServiceW
ControlService
QueryServiceStatus
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenServiceW
EnumDependentServicesW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cc2d232899c681a839dee7f1e5952b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b6:40:0e:7c:b0:9d:ee:5a:e6:fc:6e:56:f3:73:06:df:05:e5:09:0eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

version

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 11KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b6:40:0e:7c:b0:9d:ee:5a:e6:fc:6e:56:f3:73:06:df:05:e5:09:0e
Signer

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB