2024-03-14_e8164b34b01eb8eebf67344ab5158fb5_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-14_e8164b34b01eb8eebf67344ab5158fb5_icedid
Size

1.1MB
MD5

e8164b34b01eb8eebf67344ab5158fb5
SHA1

a8240ac334caca038b3e5cf2991df67a93b7aca9
SHA256

b159fd151bc84201c86e8366bce5e3762b86ec130249be66992ab03afdac59c9
SHA512

47aa61bb5adae437123cd07a0a7a32aeb71c22ba4c3164a1151c90af52e3208539879d1d406930f9f782863b58bc7448831601f4222f1a372874116347e08ec9
SSDEEP

24576:mQVcn/l9wNSsiqTjfe4Vidp1Dzzd134GJyC7:mesl9wNBiq3fVEdpNPd1d

Score

1^/10

Malware Config

Signatures

Files

2024-03-14_e8164b34b01eb8eebf67344ab5158fb5_icedid
.exe windows:5 windows x86 arch:x86

9b44db380822c3b06f46e4ece1f2a241

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:8e:0a:6a:cf:9e:fd:c8:eb:4c:87:bc:f0:e3:8e:cc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03-10-2014 00:00

Not After

03-10-2015 23:59

Subject

CN=Topgame Software Corp.,O=Topgame Software Corp.,L=Marbella,ST=Panama,C=PA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:83:8c:22:d6:4c:e4:f7:4a:f8:7b:45:15:00:f6:fd:56:e4:f3:8e
Signer

Actual PE Digest

d9:83:8c:22:d6:4c:e4:f7:4a:f8:7b:45:15:00:f6:fd:56:e4:f3:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\clients_win\branches\bug31174\src.build\Release\Image\clientbrowser.pdb

Imports

wininet

InternetWriteFile
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetConnectW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
InternetSetFilePointer
InternetReadFile
InternetCrackUrlW

psapi

EnumProcesses

kernel32

LocalAlloc
SetThreadPriority
SuspendThread
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
lstrlenA
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
WritePrivateProfileStringW
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
FileTimeToLocalFileTime
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
GetModuleHandleA
RaiseException
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
FreeResource
FormatMessageW
LocalFree
MulDiv
lstrlenW
GetSystemTime
SetLastError
SystemTimeToFileTime
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InitializeCriticalSection
OpenSemaphoreW
ReleaseSemaphore
EnumResourceTypesW
EnumResourceNamesW
EnumSystemLocalesW
GetLocaleInfoW
OutputDebugStringW
SetFilePointer
GetTickCount
GetCommandLineW
SetUnhandledExceptionFilter
OpenProcess
CreateThread
ExitThread
GetCurrentThreadId
lstrcpyW
lstrcatW
GetCurrentProcessId
WriteFile
CreateFileW
GetFileSize
ReadFile
ExitProcess
GetLocalTime
ReleaseMutex
Sleep
GetModuleFileNameW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
CopyFileW
CreateDirectoryW
TerminateProcess
InterlockedDecrement
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetVersionExW
CreateMutexW
FreeLibrary
MultiByteToWideChar
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventW
ResumeThread
ResetEvent
GetExitCodeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedCompareExchange
RtlUnwind

user32

PostThreadMessageW
UnregisterClassW
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
MessageBeep
GetDlgCtrlID
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetMenuItemID
GetMenuItemCount
RegisterWindowMessageW
EnumWindows
GetWindowTextW
GetClassNameW
RemoveMenu
SetFocus
SetLayeredWindowAttributes
SetParent
SendMessageTimeoutW
SetWindowPos
GetDesktopWindow
SetWindowPlacement
LoadMenuW
GetCursorPos
GetWindowPlacement
LoadIconW
SetForegroundWindow
IsWindowVisible
UpdateWindow
ClientToScreen
IsIconic
GetSubMenu
GetMenuState
EnableMenuItem
CheckMenuItem
AppendMenuW
CreatePopupMenu
ChangeDisplaySettingsW
EnumDisplaySettingsW
LoadStringW
SetWindowRgn
GetKeyState
SetCursor
ReleaseCapture
TranslateMessage
DispatchMessageW
GetMessageW
GetCursor
GetSysColor
LoadBitmapW
GetClassInfoW
DefWindowProcW
LoadCursorW
SetCapture
InvalidateRect
ReleaseDC
GetDC
DrawFrameControl
DestroyCursor
GetNextDlgGroupItem
CharNextW
InvalidateRgn
CopyAcceleratorTableW
GetSysColorBrush
SetRectEmpty
SetRect
DestroyMenu
WindowFromPoint
CharUpperW
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PtInRect
IsRectEmpty
CopyRect
SetWindowsHookExW
wsprintfW
CallNextHookEx
FindWindowW
MessageBoxW
UnhookWindowsHookEx
GetForegroundWindow
GetWindowThreadProcessId
GetAsyncKeyState
PostMessageW
IntersectRect
GetSystemMetrics
GetWindowLongW
SetWindowLongW
KillTimer
SetTimer
SystemParametersInfoW
GetWindowInfo
OffsetRect
GetParent
SendMessageW
GetClientRect
GetWindowRect
FillRect
EnableWindow
ValidateRect
PostQuitMessage
IsWindowEnabled
EndPaint

gdi32

Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
ExtTextOutW
RectVisible
CreatePen
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
TextOutW
PtVisible
GetWindowExtEx
GetViewportExtEx
CreatePatternBrush
PlgBlt
DeleteObject
GetPixel
StretchBlt
BitBlt
CreateCompatibleDC
PtInRegion
CreatePolygonRgn
CreateCompatibleBitmap
CreateBitmap
GetObjectW
CreateFontIndirectW
CreateSolidBrush
SelectObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteDC
ExtCreateRegion
GetTextExtentPoint32W
CreateRectRgn
CombineRgn

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

OpenProcessToken
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
GetTokenInformation
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
DuplicateTokenEx
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindExtensionW
UrlUnescapeW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
StrToIntW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
OleRun
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
OleCreateFontIndirect
GetErrorInfo

urlmon

ObtainUserAgentString

wsock32

htonl
ntohl
htons
__WSAFDIsSet
select
recv
WSAStartup
WSACleanup
closesocket
shutdown
socket
inet_ntoa
send
gethostbyname
ioctlsocket
connect

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b44db380822c3b06f46e4ece1f2a241

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4b:8e:0a:6a:cf:9e:fd:c8:eb:4c:87:bc:f0:e3:8e:ccCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d9:83:8c:22:d6:4c:e4:f7:4a:f8:7b:45:15:00:f6:fd:56:e4:f3:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

psapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wsock32

version

Sections

.text Size: 673KB - Virtual size: 673KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 62KB - Virtual size: 90KB

.rsrc Size: 188KB - Virtual size: 188KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:8e:0a:6a:cf:9e:fd:c8:eb:4c:87:bc:f0:e3:8e:cc
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d9:83:8c:22:d6:4c:e4:f7:4a:f8:7b:45:15:00:f6:fd:56:e4:f3:8e
Signer

.text
Size: 673KB - Virtual size: 673KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 62KB - Virtual size: 90KB

.rsrc
Size: 188KB - Virtual size: 188KB