2024-03-19_087434fbb5a376fc1ed1ada0ac9908fc_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-19_087434fbb5a376fc1ed1ada0ac9908fc_icedid
Size

5.6MB
MD5

087434fbb5a376fc1ed1ada0ac9908fc
SHA1

a430d0b8a01d365edd9229c67a2eb045b8f2631c
SHA256

a8bfcab31c02674e1fb56c725f292cb6ab5edc7332f8c520591408ba11f8abdd
SHA512

7caabd29b154685ca1f9aa7d7087fbf3354a43b1b3ecf28191a537a4e5f4ce053234e5e874501cb86a2b2e8f8eeece37fade15e3099444145bc580fa7dc1fe10
SSDEEP

98304:PHpe/2EAc75XUroCbDDYwzZllR8VpZE7U1:PJe/2Ya84owFR8VLEg1

Score

1^/10

Malware Config

Signatures

Files

2024-03-19_087434fbb5a376fc1ed1ada0ac9908fc_icedid
.exe windows:4 windows x86 arch:x86

bd41fb23930c56828349953f03f7894b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2009, 00:00

Not After

27/04/2012, 23:59

Subject

CN=Beijing AmazGame Age Internet Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing AmazGame Age Internet Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

db:5c:d6:35:16:d4:f5:1a:31:0f:bb:ba:25:94:ec:7d:3a:f7:32:c9
Signer

Actual PE Digest

db:5c:d6:35:16:d4:f5:1a:31:0f:bb:ba:25:94:ec:7d:3a:f7:32:c9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TLBB_Vietnam-200\Prj\ClientLib\Launch\bin\Release-VN\Launch.pdb

Imports

kernel32

SuspendThread
GlobalFlags
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
MoveFileA
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
RtlUnwind
ExitProcess
ExitThread
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetTimeZoneInformation
HeapReAlloc
GetCurrentThread
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
LocalAlloc
FileTimeToLocalFileTime
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
TerminateThread
IsBadReadPtr
IsBadWritePtr
SystemTimeToFileTime
DuplicateHandle
GetFileType
GetFileInformationByHandle
FileTimeToSystemTime
GetCurrentThreadId
MoveFileExA
FlushFileBuffers
SetFilePointer
ReleaseSemaphore
CreateSemaphoreA
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
GetFullPathNameW
InterlockedDecrement
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetWindowsDirectoryA
GetSystemTime
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
FreeLibrary
ReadFile
AllocConsole
InterlockedExchangeAdd
OutputDebugStringA
FreeConsole
DeviceIoControl
GetSystemDirectoryA
PeekNamedPipe
FreeResource
WinExec
GetLocalTime
GetFileSize
LoadLibraryA
GetProcAddress
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetDiskFreeSpaceExA
GetFileAttributesA
lstrcpyA
lstrlenA
lstrcatA
CreateEventA
ResetEvent
ResumeThread
CreateDirectoryA
WriteFile
FindFirstFileA
CreateFileA
GetFileTime
FindNextFileA
FindClose
GetTickCount
MultiByteToWideChar
WaitForSingleObject
SetEvent
GetLastError
CloseHandle
GetPrivateProfileIntA
Sleep
SetFileAttributesA
CopyFileA
SetEnvironmentVariableA
GetCommandLineA
GetShortPathNameA
GetTempPathA
GetTempFileNameA
GetModuleHandleA
DeleteFileA
WideCharToMultiByte
GetCurrentDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WritePrivateProfileStringA
GetModuleFileNameA
HeapSize
CreateProcessA

user32

InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
ValidateRect
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
CharNextA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsChild
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
SetCapture
AdjustWindowRectEx
EqualRect
GetScrollInfo
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CallWindowProcA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
GetWindow
SetFocus
GetMenuState
GetMenuItemID
IsCharAlphaNumericA
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetNextDlgTabItem
EndDialog
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
TranslateMessage
OffsetRect
GetNextDlgGroupItem
ClientToScreen
WindowFromPoint
DrawEdge
GetCapture
ReleaseCapture
ShowWindow
GetDesktopWindow
GetCursorPos
DrawFocusRect
FrameRect
FillRect
InflateRect
DrawStateA
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
CharUpperA
CopyIcon
LoadCursorA
IsWindowEnabled
BeginPaint
GetMessagePos
GetSysColor
EndPaint
GetDlgItem
GetMenu
MessageBoxA
GetClassNameA
SetCursor
GetParent
SetWindowTextA
DestroyWindow
GetWindowLongA
ReleaseDC
GetDC
SetWindowRgn
LoadBitmapA
SetRect
PtInRect
RegisterClassExA
CreateWindowExA
UpdateWindow
DefWindowProcA
FindWindowA
InvalidateRect
SetWindowLongA
PostQuitMessage
GetSystemMetrics
KillTimer
SetTimer
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
PostMessageA
AppendMenuA
DrawIcon
SetWindowPos
wsprintfA
LoadIconA
SendMessageA
EnableWindow
ScreenToClient

gdi32

CreatePen
CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetRgnBox
MoveToEx
LineTo
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontA
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
CreateBitmap
GetClipBox
SelectClipRgn
StretchBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
GetObjectA
CreateFontIndirectA
SelectObject
SetBkMode
SetTextColor
SetBkColor
GetStockObject
CreateDIBitmap
GetPixel
BitBlt
CreateCompatibleDC
CombineRgn
CreateRectRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHFileOperationA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA
SHSetValueA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
PathRemoveBackslashA
PathRemoveBlanksA
UrlUnescapeA
PathStripToRootA
SHGetValueA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemFree
CoUninitialize
CoInitialize
OleCreate
OleSetContainedObject
OleDraw
CLSIDFromString
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

GetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear

ws2_32

WSAGetLastError
inet_addr
htons
gethostbyname
select
closesocket
WSACleanup
WSAStartup
recv
connect
socket
send
__WSAFDIsSet
shutdown

wininet

HttpOpenRequestA
InternetSetStatusCallback
HttpSendRequestA
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
HttpAddRequestHeadersA
InternetConnectA
InternetOpenUrlA
InternetGetCookieA
InternetSetOptionA
InternetReadFile
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle

winmm

timeGetTime

Exports

Exports

CreateSoDATask
DestroySoDATask
SoDACancelDownload
SoDACancelDownloadUrllist
SoDACommitFile
SoDADownloadUrl
SoDADownloadUrllist
SoDAGetPort
SoDAGetStatusInfo
SoDAInitLibrary
SoDAPauseDownload
SoDAPauseDownloadUrllist
SoDAResumeFile
SoDASetBlockMessage
SoDASetCallback
SoDASetCaller
SoDASetDownloadMode
SoDASetFileName
SoDASetIPCPort
SoDASetPingback
SoDASetUserID
SoDAWaitDownload

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd41fb23930c56828349953f03f7894b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49Certificate

Extended Key Usages

Key Usages

db:5c:d6:35:16:d4:f5:1a:31:0f:bb:ba:25:94:ec:7d:3a:f7:32:c9Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

winmm

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 521KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 16KB - Virtual size: 45KB

.rsrc Size: 4.9MB - Virtual size: 4.9MB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

db:5c:d6:35:16:d4:f5:1a:31:0f:bb:ba:25:94:ec:7d:3a:f7:32:c9
Signer

.text
Size: 524KB - Virtual size: 521KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 16KB - Virtual size: 45KB

.rsrc
Size: 4.9MB - Virtual size: 4.9MB