2024-03-09_82bdb8db8d6b999286ebf79d4610172a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-09_82bdb8db8d6b999286ebf79d4610172a_icedid
Size

2.4MB
MD5

82bdb8db8d6b999286ebf79d4610172a
SHA1

3522748b43dcd2943b2a8e0f5526420fcb50a932
SHA256

5425918538cb71ca7975a68f051b41d090a3376813dfc678715167264af048aa
SHA512

7b9ed463dd1f387187ae54ab49f81109448e77d091a485e1dff5471fee6bb7f1cf547797d202e13869bc8ec4ba235971d34d1a560146ce68ac8c4d1520359167
SSDEEP

24576:qV739SzuWu7bRFQDHT3CjYkrBZwX85qZxagPQCRzdi+3X473/vYK1oE2foXRSZOG:KRFQzTaToyK

Score

1^/10

Malware Config

Signatures

Files

2024-03-09_82bdb8db8d6b999286ebf79d4610172a_icedid
.exe windows:4 windows x86 arch:x86

e2e115e8d4f11224dad3cc7143e7804b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:98:96:9e:00:87:a3:02:0f:7a:a2:ca:1b:4b:b4:d3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

08/08/2006, 00:00

Not After

28/09/2007, 23:59

Subject

CN=SoftThinks,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=SoftThinks,L=Lille,ST=Nord,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Dev\NorthTeam\App\BackUp&Restore\Vista\HP - cPC New\RestoreWiz\Release cNB HP\RestoreWiz.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetStartupInfoW
RtlUnwind
HeapReAlloc
DeleteFileA
ExitThread
TerminateProcess
HeapSize
VirtualAlloc
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
ResumeThread
SuspendThread
GetDiskFreeSpaceExW
GetWindowsDirectoryW
CloseHandle
GetFileSizeEx
CreateFileW
RemoveDirectoryW
GetLastError
DeleteFileW
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceW
GetTempPathW
GetPrivateProfileStringW
GetModuleFileNameW
DeviceIoControl
WritePrivateProfileStringW
CompareFileTime
FindFirstFileW
GetCurrentProcess
SetFileAttributesW
ReadFile
FlushFileBuffers
SetFilePointer
FindNextFileW
Sleep
GetDriveTypeW
WideCharToMultiByte
SetLastError
MultiByteToWideChar
GetModuleHandleW
IsBadWritePtr
GetLogicalDriveStringsW
LocalFree
SetFileTime
BackupWrite
SetFilePointerEx
FormatMessageW
IsBadReadPtr
GetVersion
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement
DeleteCriticalSection
SetErrorMode
SetEndOfFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
RaiseException
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
SetThreadPriority
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
lstrcatW
GetVersionExA
GlobalFree
FreeResource
FlushInstructionCache
VirtualProtect
GetSystemInfo
GetModuleHandleA
WaitForSingleObject
GetCurrentProcessId
ExitProcess
GetModuleFileNameA
lstrcmpiA
WriteProcessMemory
VirtualQuery
LoadLibraryW
GetTickCount
MulDiv
CreateThread
SetEvent
CreateEventW
GetSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetTempFileNameW
lstrlenW
GetProcAddress
lstrcmpW
lstrcpynW
GetCurrentThreadId
lstrcmpiW
lstrcpyW

user32

CreateIconIndirect
DrawTextExW
GetCapture
MessageBoxA
CopyRect
GetMenuItemID
GetSubMenu
SetCursor
DestroyCursor
CopyIcon
CharUpperW
CharLowerW
LoadImageW
ValidateRect
DrawIcon
IntersectRect
GetWindowWord
SetRect
GetFocus
SetFocus
DrawFrameControl
DrawStateW
DestroyIcon
IsMenu
DrawMenuBar
EqualRect
FindWindowW
SubtractRect
GetWindowPlacement
IsWindowEnabled
SetScrollRange
SetScrollInfo
EndDialog
SetScrollPos
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
DrawEdge
SetForegroundWindow
IsWindowVisible
UpdateWindow
SetCapture
ReleaseCapture
LoadCursorW
RegisterClassExW
PtInRect
GetIconInfo
GetDC
EndPaint
CreateWindowExW
GetNextDlgTabItem
SetActiveWindow
SetMenuItemBitmaps
SystemParametersInfoA
GetDlgCtrlID
RegisterClassW
UnregisterClassW
SetPropW
SetWindowRgn
RemovePropW
GetMenu
SetMenu
GetWindow
GetWindowInfo
CallWindowProcW
PostMessageW
ReleaseDC
GetWindowDC
GetClassInfoW
AdjustWindowRectEx
PeekMessageW
GetMessageTime
GetTopWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthW
SendDlgItemMessageA
SendDlgItemMessageW
GetClassInfoExW
WinHelpW
RegisterWindowMessageW
SetDlgItemTextW
LoadBitmapW
GetMenuCheckMarkDimensions
CheckMenuItem
ModifyMenuW
ShowScrollBar
DefWindowProcW
CharUpperBuffA
LockWindowUpdate
GetSystemMenu
IsZoomed
IsIconic
EnableMenuItem
GetCursorPos
DestroyMenu
InflateRect
OffsetRect
DrawTextW
GetClassLongW
DrawIconEx
ClientToScreen
ScreenToClient
IsRectEmpty
GetMenuItemCount
CreatePopupMenu
InsertMenuItemW
GetMenuItemInfoW
FillRect
GetSystemMetrics
GetKeyState
UnhookWindowsHookEx
GetSysColorBrush
GetSysColor
SetWindowsHookExW
GetParent
GetActiveWindow
GetClassNameW
GetPropW
GetMenuState
CallNextHookEx
LoadStringW
wsprintfW
TabbedTextOutW
GrayStringW
BeginPaint
DestroyWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
GetDesktopWindow
GetWindowTextW
ShowWindow
GetDlgItem
SetWindowPos
IsWindow
SetParent
CreateDialogIndirectParamW
SetWindowTextW
EnumChildWindows
GetWindowLongW
SetWindowLongW
GetClientRect
GetWindowRect
MapWindowPoints
MoveWindow
InvalidateRect
RedrawWindow
MessageBoxW
KillTimer
SetTimer
EnableWindow
LoadIconW
SendMessageW
GetMessagePos

gdi32

PtInRegion
GetTextMetricsW
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
ExtTextOutW
SetMapMode
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
TextOutW
GetTextExtentPoint32W
GetPixel
GetClipRgn
ExcludeClipRect
CreatePen
MoveToEx
LineTo
IntersectClipRect
GetRgnBox
SelectClipRgn
DeleteObject
CreateSolidBrush
OffsetRgn
ExtCreateRegion
GetRegionData
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
DeleteDC
GetDIBits
CreateICW
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
BitBlt
RealizePalette
SelectPalette
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
Polygon
RestoreDC
SetBkMode
SaveDC
CreateFontIndirectW
GetStockObject
GetTextExtentPointW
CreateDIBitmap
CreateDIBSection
RectVisible
StretchDIBits
SetStretchBltMode
SetDIBitsToDevice
PtVisible
GetClipBox
ExtSelectClipRgn

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
GetUserNameW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseEncryptedFileRaw
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueW
AdjustTokenPrivileges
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
IsTextUnicode
WriteEncryptedFileRaw
EncryptFileW
OpenEncryptedFileRawW

shell32

SHCreateDirectoryExW
ExtractIconExW
SHGetSpecialFolderPathW

comctl32

ord17
_TrackMouseEvent
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Draw
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount

shlwapi

PathCompactPathW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindExtensionW
PathFileExistsW
StrFormatByteSizeW
PathStripToRootW
PathFindFileNameW

msvcr71

free
iswspace
_wcslwr
wcsstr
wcscmp
_wcsicmp
wcslen
malloc
realloc
wcscpy
wcsncpy
vswprintf
_vscwprintf
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_wtoi
wcstoul
wcstol
strstr
time
localtime
wcsftime
wcscat
swprintf

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

imagehlp

ImageDirectoryEntryToData

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 576KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2e115e8d4f11224dad3cc7143e7804b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5e:98:96:9e:00:87:a3:02:0f:7a:a2:ca:1b:4b:b4:d3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

msvcr71

msvcp71

imagehlp

ole32

oleaut32

Sections

.text Size: 576KB - Virtual size: 572KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5e:98:96:9e:00:87:a3:02:0f:7a:a2:ca:1b:4b:b4:d3
Certificate

.text
Size: 576KB - Virtual size: 572KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB