2024-03-19_f3cc8624e01bb4d6037de6426f2014be_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-19_f3cc8624e01bb4d6037de6426f2014be_icedid
Size

3.0MB
MD5

f3cc8624e01bb4d6037de6426f2014be
SHA1

fcd80d15303b91adfc0a7b6a37836a96f1014fb9
SHA256

76170ac294240a3776bc589a346a0364ec4dce6aef71262b1d322d7269fe3b39
SHA512

e502d0380e14131be4b1f5ff74f6e42bf37c8197aaf4609e7a714d8aa5cf4d7656836947be8497537370026f8075d96b0bee65c2485880ce1ccd627dc174f1b6
SSDEEP

49152:EAMQ2Gjg2/w5bQWlIwj7bvV+lsKPTlUVZXE:EexBwRtf7b9+lRPTlmZXE

Score

1^/10

Malware Config

Signatures

Files

2024-03-19_f3cc8624e01bb4d6037de6426f2014be_icedid
.exe windows:5 windows x86 arch:x86

137dda3811e70762f2d318b3ea313be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:5b:1a:4c:67:b7:3d:58:fc:ae:25:cc:ba:37:d0:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/07/2015, 00:00

Not After

17/08/2016, 23:59

Subject

CN=ZENRIN CO.\, LTD.,OU=Product Development Department 2,O=ZENRIN CO.\, LTD.,L=Tobata-ku\,Kitakyushu,ST=Fukuoka,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:ec:f8:64:44:e6:75:79:46:32:de:1e:6e:0b:dd:8b:34:aa:56:5e
Signer

Actual PE Digest

04:ec:f8:64:44:e6:75:79:46:32:de:1e:6e:0b:dd:8b:34:aa:56:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
GetShortPathNameA
LocalAlloc
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
GetCurrentDirectoryA
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
SetErrorMode
GetCPInfo
GetOEMCP
GlobalSize
CopyFileA
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetStringTypeExA
GetCommandLineA
ExitThread
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeFormatA
GetDateFormatA
FatalAppExitA
HeapDestroy
HeapCreate
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadCodePtr
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
FindFirstFileA
FindClose
lstrcpyA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DuplicateHandle
lstrcpynA
lstrlenW
InterlockedDecrement
InterlockedIncrement
lstrlenA
SuspendThread
SetThreadPriority
ResumeThread
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
ReadProcessMemory
VirtualFree
WriteProcessMemory
SetFilePointer
WriteFile
DeleteFileA
CreateThread
CreateDirectoryA
GetLogicalDrives
GetSystemTime
Module32First
DeviceIoControl
QueryDosDeviceA
FindNextFileA
lstrcmpiA
VirtualProtect
GetUserDefaultLangID
OutputDebugStringA
IsBadReadPtr
DeleteCriticalSection
GetSystemInfo
InitializeCriticalSection
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersion
WaitForSingleObject
_lclose
_lcreat
CreateFileW
CreateFileA
TerminateProcess
SleepEx
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetVersionExA
QueryPerformanceFrequency
GetModuleFileNameA
GetFileAttributesA
CreateEventA
CreateProcessA
CloseHandle
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
Process32Next
_lopen
CreateRemoteThread
GetDriveTypeA
GetVolumeInformationA
GetLastError
FormatMessageA
LocalFree
VirtualQuery
SetEvent
GetModuleHandleA
GetStartupInfoA
GetCurrentProcess

user32

LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
wvsprintfA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
GetMenuItemCount
UnhookWindowsHookEx
GetDesktopWindow
GetWindowTextA
RemoveMenu
AppendMenuA
RemovePropA
DestroyMenu
SetWindowTextA
ClientToScreen
GetWindow
UnregisterClassA
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetSystemMetrics
CharUpperA
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostQuitMessage
wsprintfA
SendMessageTimeoutA
MessageBoxA
PostMessageA
FindWindowA
GetWindowThreadProcessId
InsertMenuA

gdi32

CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
CreateHatchBrush
GetDCOrgEx
GetObjectA
CopyMetaFileA
CreateDCA
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
SetArcDirection
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
Escape
CreateBitmap
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
DeleteObject
PolyDraw

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

FreeSid
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegEnumKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
DragAcceptFiles

comctl32

ord17

ole32

OleRegGetUserType
WriteClassStg
ReadFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoCreateInstance
CoTaskMemAlloc
CoDisconnectObject
CoTaskMemFree
CoInitialize
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
WriteFmtUserTypeStg
CLSIDFromString

oleaut32

LoadTypeLi
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayPutElement
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
VariantCopy
VariantClear
VariantChangeType
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

imagehlp

MapFileAndCheckSumA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.settec
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

137dda3811e70762f2d318b3ea313be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4b:5b:1a:4c:67:b7:3d:58:fc:ae:25:cc:ba:37:d0:50Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

04:ec:f8:64:44:e6:75:79:46:32:de:1e:6e:0b:dd:8b:34:aa:56:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

imagehlp

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 24KB - Virtual size: 53KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 163KB - Virtual size: 162KB

.settec Size: 1.4MB - Virtual size: 1.4MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:5b:1a:4c:67:b7:3d:58:fc:ae:25:cc:ba:37:d0:50
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

04:ec:f8:64:44:e6:75:79:46:32:de:1e:6e:0b:dd:8b:34:aa:56:5e
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 24KB - Virtual size: 53KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 163KB - Virtual size: 162KB

.settec
Size: 1.4MB - Virtual size: 1.4MB