2024-03-26_a7591082d2009ec3c5618234761bfe0c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-26_a7591082d2009ec3c5618234761bfe0c_icedid
Size

1.6MB
MD5

a7591082d2009ec3c5618234761bfe0c
SHA1

11c2c4bea59dae4bcf5e8b7743a1ea7d07055b36
SHA256

e88f70067b864d6f44b6cf72c4c51196d1a47d686630123b7893b59d11bcc93d
SHA512

12b77cd2ef8d4125a3da267647cfcbeab432ab8d392847a3d32ad72ee2b63853fce617ff21c0457dde42a6ccc17a94d838ece0996e3d3a3c54eae3dab6a45308
SSDEEP

24576:Ujl2nPjTPxVeZOeiVVCmBgt93g/Chm5xSMhbMXVERl1r8Vn9T+L89n:oKbTPxVe5cCm40kkAfTs89n

Score

1^/10

Malware Config

Signatures

Files

2024-03-26_a7591082d2009ec3c5618234761bfe0c_icedid
.exe windows:5 windows x86 arch:x86

7a179452fc4fc270b7d4be24da88848a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:02:ef:84:01:ba:b4:a5:d6:35:5d:76:11:0c:0e:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/05/2016, 00:00

Not After

14/06/2019, 23:59

Subject

CN=People's Daily Digital Communication (Shanghai) Co.\, LTD,OU=IT,O=People's Daily Digital Communication (Shanghai) Co.\, LTD,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:3b:01:15:83:ba:8e:eb:b3:a0:8d:01:0a:7e:f0:c7:f4:f5:82:0b
Signer

Actual PE Digest

1b:3b:01:15:83:ba:8e:eb:b3:a0:8d:01:0a:7e:f0:c7:f4:f5:82:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\PCRiLi\RenMin\1.0.2.5\Temp\Release\UserLogin.pdb

Imports

kernel32

IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetCPInfo
GetOEMCP
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
VirtualFree
HeapCreate
GetStartupInfoA
GetCurrentDirectoryA
GetFullPathNameA
GetFileInformationByHandle
FindFirstFileA
GetDriveTypeA
ExpandEnvironmentStringsW
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
SleepEx
WriteConsoleW
GetACP
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
VirtualQuery
VirtualAlloc
ExitThread
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
SetErrorMode
GetFileSizeEx
FileTimeToLocalFileTime
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
MoveFileW
lstrlenA
GetFullPathNameW
GetFileTime
GetFileAttributesW
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalGetAtomNameW
GetModuleHandleA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
MulDiv
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
AreFileApisANSI
GetModuleHandleW
CreateThread
GetSystemDirectoryW
GetVolumeInformationW
DeviceIoControl
ReleaseMutex
CreateMutexW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemInfo
lstrcpyW
GetFileSize
ReadFile
FormatMessageW
LocalFree
GetTempPathW
MoveFileExW
DeleteFileW
CopyFileW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLastError
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
GetTimeZoneInformation
GetTickCount
WideCharToMultiByte
CreateDirectoryW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetEnvironmentVariableW
GetVersionExW
QueryPerformanceCounter
GetPrivateProfileStringW
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
lstrlenW
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetPrivateProfileIntW
SetUnhandledExceptionFilter
VirtualProtect
WriteProcessMemory
GetProcAddress
GetModuleFileNameW
CreateFileW
WritePrivateProfileStringW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
LoadLibraryW
FreeLibrary
Sleep
GetPrivateProfileStringA
GetConsoleOutputCP

user32

GetCursorPos
ReleaseCapture
SetCursor
SetCapture
KillTimer
SetTimer
InvalidateRect
ClientToScreen
SetWindowRgn
DrawIcon
FillRect
IsRectEmpty
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
SetWindowContextHelpId
TabbedTextOutW
GetTopWindow
UnhookWindowsHookEx
ShowWindow
EnableWindow
PostMessageW
SetFocus
GetMessageTime
GetMessagePos
PeekMessageW
DrawTextW
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
GetClassInfoExW
IsDialogMessageW
SetWindowTextW
MapDialogRect
IsWindowEnabled
GetClassInfoW
RegisterClassW
SetRect
CopyAcceleratorTableW
GetDC
ReleaseDC
InvalidateRgn
CharNextW
GetWindowTextW
DrawTextExW
GrayStringW
GetWindowDC
FindWindowW
AdjustWindowRectEx
IsWindow
GetClientRect
PostQuitMessage
IsZoomed
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassExW
DefWindowProcW
LoadCursorW
LoadIconW
GetWindowRect
GetDesktopWindow
SystemParametersInfoW
CharLowerBuffW
CloseClipboard
GetSysColorBrush
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetSystemMetrics
GetParent
GetMonitorInfoW
EnumDisplayMonitors
PtInRect
SetWindowLongW
BeginPaint
EndPaint
TranslateAcceleratorW
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetActiveWindow
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
ValidateRect
ShowOwnedPopups
InflateRect
GetMenuItemInfoW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
UnregisterClassW
RegisterClipboardFormatW
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
CharUpperW
MapWindowPoints
GetWindowLongW
CreateWindowExW
DestroyWindow
SetWindowPos
MoveWindow
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
GetMenu
CopyRect
CallWindowProcW
SendMessageW
GetDlgCtrlID
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetSysColor

gdi32

ExtSelectClipRgn
CreatePatternBrush
CreateCompatibleBitmap
CreateFontIndirectW
GetMapMode
StretchDIBits
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetRgnBox
CreateRectRgnIndirect
Ellipse
LPtoDP
CreateEllipticRgn
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
TextOutW
CreateSolidBrush
SetDIBitsToDevice
GetTextExtentPoint32W

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateProcessAsUserW
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW

shell32

ShellExecuteW
ShellExecuteExW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SafeArrayCreateVector
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SafeArrayDestroy
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SafeArrayRedim

wsock32

send
recvfrom
sendto
connect
WSASetLastError
getpeername
getsockname
WSAGetLastError
bind
select
socket
accept
ioctlsocket
htons
htonl
closesocket
gethostbyname
WSACleanup
WSAStartup
inet_addr
ntohs
recv

duilib32

?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
??0WindowImplBase@DuiLib@@QAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?Term@CPaintManagerUI@DuiLib@@SAXXZ
?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
??1CDuiString@DuiLib@@QAE@XZ
??BCDuiString@DuiLib@@QBEPB_WXZ
??0CDuiString@DuiLib@@QAE@PB_WH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z
?TranslateMessage@CPaintManagerUI@DuiLib@@SA_NQAUtagMSG@@@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?PostMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z

iphlpapi

GetAdaptersInfo

ws2_32

setsockopt
gethostbyaddr
getservbyport
listen
__WSAFDIsSet
ioctlsocket
getservbyname
gethostname
getsockopt

wldap32

ord14
ord145
ord216
ord208
ord46
ord41
ord27
ord301
ord167
ord147
ord79
ord142
ord127
ord133
ord26
ord118

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a179452fc4fc270b7d4be24da88848a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

34:02:ef:84:01:ba:b4:a5:d6:35:5d:76:11:0c:0e:e4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1b:3b:01:15:83:ba:8e:eb:b3:a0:8d:01:0a:7e:f0:c7:f4:f5:82:0bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

duilib32

iphlpapi

ws2_32

wldap32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 22KB - Virtual size: 54KB

.rsrc Size: 298KB - Virtual size: 298KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

34:02:ef:84:01:ba:b4:a5:d6:35:5d:76:11:0c:0e:e4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1b:3b:01:15:83:ba:8e:eb:b3:a0:8d:01:0a:7e:f0:c7:f4:f5:82:0b
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 22KB - Virtual size: 54KB

.rsrc
Size: 298KB - Virtual size: 298KB