2024-03-20_1fedb524b2694f37a2c5749d18b98568_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-20_1fedb524b2694f37a2c5749d18b98568_icedid
Size

5.4MB
MD5

1fedb524b2694f37a2c5749d18b98568
SHA1

448dca60cdbb5845ba3609e3eb807dd79fc89fbc
SHA256

482fe942e90e8ece7c5cb3e311f50a69483f1381d5ac48374f8c5c8d8f7b39b1
SHA512

131c7d872c7ef33404ad5d54d9bd2ac0d873f16b7ec130db9df08f21e372ad4eff01520c32647a7cc7593f246c7c40b8c7e29cf897f464b82f1b78e5eaafa4a8
SSDEEP

49152:qD1hpeFp2/vuxTXvgAcoXwJALdPDz0ck9z7cX6zCSweQnOxeNV4ZE7B8y:qHpe/2JAcaLdDAPfcKzC+mceNeZE7Cy

Score

1^/10

Malware Config

Signatures

Files

2024-03-20_1fedb524b2694f37a2c5749d18b98568_icedid
.exe windows:4 windows x86 arch:x86

bd41fb23930c56828349953f03f7894b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2009, 00:00

Not After

27/04/2012, 23:59

Subject

CN=Beijing AmazGame Age Internet Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing AmazGame Age Internet Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:ef:7e:d5:d7:de:41:92:9d:85:48:12:74:85:fa:78:c7:c7:12:19
Signer

Actual PE Digest

25:ef:7e:d5:d7:de:41:92:9d:85:48:12:74:85:fa:78:c7:c7:12:19

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TLBB_Vietnam-200\Prj\ClientLib\Launch\bin\Release-VN\Launch.pdb

Imports

kernel32

SuspendThread
GlobalFlags
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
MoveFileA
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
RtlUnwind
ExitProcess
ExitThread
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetTimeZoneInformation
HeapReAlloc
GetCurrentThread
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
LocalAlloc
FileTimeToLocalFileTime
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
TerminateThread
IsBadReadPtr
IsBadWritePtr
SystemTimeToFileTime
DuplicateHandle
GetFileType
GetFileInformationByHandle
FileTimeToSystemTime
GetCurrentThreadId
MoveFileExA
FlushFileBuffers
SetFilePointer
ReleaseSemaphore
CreateSemaphoreA
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
GetFullPathNameW
InterlockedDecrement
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetWindowsDirectoryA
GetSystemTime
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
FreeLibrary
ReadFile
AllocConsole
InterlockedExchangeAdd
OutputDebugStringA
FreeConsole
DeviceIoControl
GetSystemDirectoryA
PeekNamedPipe
FreeResource
WinExec
GetLocalTime
GetFileSize
LoadLibraryA
GetProcAddress
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetDiskFreeSpaceExA
GetFileAttributesA
lstrcpyA
lstrlenA
lstrcatA
CreateEventA
ResetEvent
ResumeThread
CreateDirectoryA
WriteFile
FindFirstFileA
CreateFileA
GetFileTime
FindNextFileA
FindClose
GetTickCount
MultiByteToWideChar
WaitForSingleObject
SetEvent
GetLastError
CloseHandle
GetPrivateProfileIntA
Sleep
SetFileAttributesA
CopyFileA
SetEnvironmentVariableA
GetCommandLineA
GetShortPathNameA
GetTempPathA
GetTempFileNameA
GetModuleHandleA
DeleteFileA
WideCharToMultiByte
GetCurrentDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WritePrivateProfileStringA
GetModuleFileNameA
HeapSize
CreateProcessA

user32

InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
ValidateRect
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
CharNextA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsChild
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
SetCapture
AdjustWindowRectEx
EqualRect
GetScrollInfo
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CallWindowProcA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
GetWindow
SetFocus
GetMenuState
GetMenuItemID
IsCharAlphaNumericA
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetNextDlgTabItem
EndDialog
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
TranslateMessage
OffsetRect
GetNextDlgGroupItem
ClientToScreen
WindowFromPoint
DrawEdge
GetCapture
ReleaseCapture
ShowWindow
GetDesktopWindow
GetCursorPos
DrawFocusRect
FrameRect
FillRect
InflateRect
DrawStateA
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
CharUpperA
CopyIcon
LoadCursorA
IsWindowEnabled
BeginPaint
GetMessagePos
GetSysColor
EndPaint
GetDlgItem
GetMenu
MessageBoxA
GetClassNameA
SetCursor
GetParent
SetWindowTextA
DestroyWindow
GetWindowLongA
ReleaseDC
GetDC
SetWindowRgn
LoadBitmapA
SetRect
PtInRect
RegisterClassExA
CreateWindowExA
UpdateWindow
DefWindowProcA
FindWindowA
InvalidateRect
SetWindowLongA
PostQuitMessage
GetSystemMetrics
KillTimer
SetTimer
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
PostMessageA
AppendMenuA
DrawIcon
SetWindowPos
wsprintfA
LoadIconA
SendMessageA
EnableWindow
ScreenToClient

gdi32

CreatePen
CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetRgnBox
MoveToEx
LineTo
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontA
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
CreateBitmap
GetClipBox
SelectClipRgn
StretchBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
GetObjectA
CreateFontIndirectA
SelectObject
SetBkMode
SetTextColor
SetBkColor
GetStockObject
CreateDIBitmap
GetPixel
BitBlt
CreateCompatibleDC
CombineRgn
CreateRectRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHFileOperationA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA
SHSetValueA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
PathRemoveBackslashA
PathRemoveBlanksA
UrlUnescapeA
PathStripToRootA
SHGetValueA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemFree
CoUninitialize
CoInitialize
OleCreate
OleSetContainedObject
OleDraw
CLSIDFromString
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

GetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear

ws2_32

WSAGetLastError
inet_addr
htons
gethostbyname
select
closesocket
WSACleanup
WSAStartup
recv
connect
socket
send
__WSAFDIsSet
shutdown

wininet

HttpOpenRequestA
InternetSetStatusCallback
HttpSendRequestA
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
HttpAddRequestHeadersA
InternetConnectA
InternetOpenUrlA
InternetGetCookieA
InternetSetOptionA
InternetReadFile
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle

winmm

timeGetTime

Exports

Exports

CreateSoDATask
DestroySoDATask
SoDACancelDownload
SoDACancelDownloadUrllist
SoDACommitFile
SoDADownloadUrl
SoDADownloadUrllist
SoDAGetPort
SoDAGetStatusInfo
SoDAInitLibrary
SoDAPauseDownload
SoDAPauseDownloadUrllist
SoDAResumeFile
SoDASetBlockMessage
SoDASetCallback
SoDASetCaller
SoDASetDownloadMode
SoDASetFileName
SoDASetIPCPort
SoDASetPingback
SoDASetUserID
SoDAWaitDownload

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd41fb23930c56828349953f03f7894b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49Certificate

Extended Key Usages

Key Usages

25:ef:7e:d5:d7:de:41:92:9d:85:48:12:74:85:fa:78:c7:c7:12:19Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

winmm

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 521KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 16KB - Virtual size: 45KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

25:ef:7e:d5:d7:de:41:92:9d:85:48:12:74:85:fa:78:c7:c7:12:19
Signer

.text
Size: 524KB - Virtual size: 521KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 16KB - Virtual size: 45KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB