2024-03-19_c34ba937dabc94a85b7d525f179a5c3e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-19_c34ba937dabc94a85b7d525f179a5c3e_icedid
Size

2.5MB
MD5

c34ba937dabc94a85b7d525f179a5c3e
SHA1

5138349fefbc5f4f5fbaf0543f53d995f4b3f53b
SHA256

145315e9961cbf4e535bd61def2b635e4f420e4e10149ed3bf0bd8912f68f1e9
SHA512

4ee74c41e8286f2ef18bcf0c37c937a756824b1e394ce7d4edfad93092e2312917fdccfab9c408d7906c31eddc54dac39d79d1ce2fd174632c68d42e98ffa10a
SSDEEP

12288:8Bin+BvTZe9v15JpYjAa73JtAjFXm9+iO7chVHVVkApVptROfGScNVxfE/FInOf8:qzBvTZGCw9ClVVkApTKfGNVgUO0FF

Score

1^/10

Malware Config

Signatures

Files

2024-03-19_c34ba937dabc94a85b7d525f179a5c3e_icedid
.exe windows:5 windows x86 arch:x86

5bb638840a95404a9e797bd508c785fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:f0:68:fe:68:81:7e:f7:ae:b8:f8:99:bb:f8:1f:df
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

24/12/2014, 00:00

Not After

21/02/2017, 23:59

Subject

CN=비엔씨피주식회사,OU=IT Team,O=비엔씨피주식회사,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\회사\src\webhard\Projects\Ondisk\Client\Upload\Bin\Client\OnDiskUp.pdb

Imports

urlmon

URLDownloadToFileA

kernel32

LocalReAlloc
TlsFree
GlobalFlags
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
RaiseException
GetTimeFormatA
GetDateFormatA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableA
GetDriveTypeA
GetStartupInfoA
VirtualProtect
VirtualAlloc
VirtualQuery
GlobalHandle
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetTimeZoneInformation
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
TlsGetValue
InterlockedIncrement
TlsSetValue
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GetModuleFileNameW
FormatMessageA
LocalFree
GetFileSizeEx
MoveFileA
GetCurrentDirectoryA
GetCommandLineA
SetCurrentDirectoryA
GetNumberFormatA
FreeResource
ResumeThread
GetLocalTime
GetWindowsDirectoryA
GetVolumeInformationA
CopyFileA
WritePrivateProfileStringA
GetCurrentProcess
CreateThread
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
OpenMutexA
GetSystemTime
GetTempPathA
GetLongPathNameA
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32Next
MoveFileExA
CreateProcessA
DeleteFileA
lstrlenW
lstrcmpiA
GetModuleHandleW
TlsAlloc
GetProcessHeap
SetFilePointer
GetFileSize
ReadFile
WriteFile
CreateFileA
GetModuleHandleA
SetLastError
lstrcpynA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
FreeLibrary
GetVersionExA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
InterlockedDecrement
GetModuleFileNameA
lstrcpyA
lstrlenA
lstrcmpA
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
GetTickCount
CreateMutexA
Sleep
GetPrivateProfileStringA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
SetEvent
GetLastError
WaitForSingleObject
ResetEvent
CloseHandle
OutputDebugStringA
CreateEventA
HeapReAlloc

user32

CharNextA
UnregisterClassA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowTextA
IsDialogMessageA
CharUpperA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyAcceleratorTableA
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReplyMessage
FlashWindowEx
ReleaseDC
ExitWindowsEx
MoveWindow
wsprintfW
MessageBoxW
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
WaitForInputIdle
GetFocus
DrawFocusRect
FillRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetMenuItemInfoA
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
FindWindowA
SetWindowRgn
PostThreadMessageA
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
DeferWindowPos
InsertMenuItemA
GetWindowLongA
GetActiveWindow
GetDC
LoadBitmapA
SetRect
GetParent
GetWindowRect
SetWindowLongA
CallWindowProcA
RedrawWindow
UpdateWindow
SetCursor
IsWindow
EnableWindow
WindowFromPoint
SetCapture
GetCapture
ClientToScreen
GetClientRect
OffsetRect
InflateRect
PtInRect
CopyRect
DestroyIcon
LoadImageA
GetIconInfo
DrawIconEx
ReleaseCapture
GetSysColor
GetSystemMetrics
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
ShowWindow
LoadIconA
SetForegroundWindow
KillTimer
SetTimer
InvalidateRect
SendMessageA
PostMessageA
GetClassInfoA
MessageBoxA
GetWindowPlacement

gdi32

ExtSelectClipRgn
CreatePatternBrush
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetTextExtentPoint32A
Rectangle
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
GetDeviceCaps
SetRectRgn
CreateRectRgnIndirect
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateCompatibleDC
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegFlushKey
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

StrFormatByteSize64A
PathGetArgsA
PathFileExistsA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocStringLen
OleLoadPicture
SysStringLen
VariantChangeType

wsock32

setsockopt
WSASetLastError
send
WSAGetLastError
socket
closesocket
htons
connect
WSACleanup
WSAStartup
ioctlsocket

ws2_32

WSARecv
WSASend
WSAConnect
WSASocketA
WSAWaitForMultipleEvents

netapi32

Netbios

wininet

InternetConnectA
HttpOpenRequestA
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetCanonicalizeUrlA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetQueryDataAvailable
InternetCrackUrlA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
DeleteUrlCacheEntry

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bb638840a95404a9e797bd508c785fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

7e:f0:68:fe:68:81:7e:f7:ae:b8:f8:99:bb:f8:1f:dfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

ws2_32

netapi32

wininet

iphlpapi

version

Sections

.text Size: 595KB - Virtual size: 594KB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

7e:f0:68:fe:68:81:7e:f7:ae:b8:f8:99:bb:f8:1f:df
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

.text
Size: 595KB - Virtual size: 594KB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB