2024-04-05_59c427bdac8d9000e479e11930bf9b53_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-05_59c427bdac8d9000e479e11930bf9b53_icedid
Size

2.4MB
MD5

59c427bdac8d9000e479e11930bf9b53
SHA1

7a2af942c36398e35051c8f09ad5088501e1da18
SHA256

569bf7f1e5401a6bc5fcf3473e88f01822ffb2454c42b5df7cfc33eaa88576fd
SHA512

e5c683709a696e0a08715dbdd012cb9de8ea0f1db3988f1bbb3a72cecf381f1a10be7f9f62d7c2ba67360b5adcb572d8011310638606ca9dd4e873fe05ac5078
SSDEEP

49152:n/iPfVvlbbWSfNff/eEL3dCjyjkbuUzfa:/qfVdPWc/rtSnfa

Score

1^/10

Malware Config

Signatures

Files

2024-04-05_59c427bdac8d9000e479e11930bf9b53_icedid
.exe windows:4 windows x86 arch:x86

4c21f1863d82b479788442ce31bd6ffe

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:bb:32:a2:42:b1:43:ca:8c:97:dc:2f:58:e9:df:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/04/2014, 00:00

Not After

07/04/2017, 23:59

Subject

CN=SHANGHAI SONGHENG NETWORK TECHNOLOGY CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=SHANGHAI SONGHENG NETWORK TECHNOLOGY CO.\,LTD,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:dc:69:09:91:8f:03:14:f0:6b:92:b0:2b:a1:5f:ca:80:0d:59:32
Signer

Actual PE Digest

2f:dc:69:09:91:8f:03:14:f0:6b:92:b0:2b:a1:5f:ca:80:0d:59:32

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Company\PCProject\ShurRuFa\GuangSu\Trunk\2.8.1.2415\Temp\pdb\UserPage.pdb

Imports

gdiplus

GdipLoadImageFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateFromHDC
GdiplusStartup
GdipDrawImageRectRect
GdipDeleteGraphics
GdipLoadImageFromFileICM

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathIsUNCW

kernel32

GetFileTime
GetFullPathNameW
lstrlenA
MoveFileW
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FileTimeToLocalFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapReAlloc
ExitThread
HeapSize
GetFileAttributesW
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
SleepEx
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsW
GetDriveTypeA
FindFirstFileA
GetFileInformationByHandle
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetVersion
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
InterlockedDecrement
InterlockedIncrement
MulDiv
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetModuleHandleW
GetVersionExA
FreeResource
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateMutexW
LCMapStringW
FindFirstFileW
FindNextFileW
FindClose
lstrcpyW
FormatMessageW
LocalFree
GetTempPathW
DeleteFileW
CopyFileW
OpenProcess
GetLastError
GetExitCodeProcess
GetTickCount
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSection
CreateDirectoryW
GetSystemDirectoryW
GetVolumeInformationW
DeviceIoControl
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
GetFileSize
ReadFile
MultiByteToWideChar
lstrlenW
SetUnhandledExceptionFilter
VirtualProtect
WriteProcessMemory
LoadLibraryW
GetProcAddress
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
MoveFileExW
CreateProcessW
WaitForSingleObject
CloseHandle
CreateThread
Sleep
WritePrivateProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
WideCharToMultiByte
GetPrivateProfileStringW
GetPrivateProfileIntW
VirtualAlloc

user32

CharUpperW
PostThreadMessageW
ReuseDDElParam
DestroyMenu
GetWindowThreadProcessId
LoadAcceleratorsW
InsertMenuItemW
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
SetWindowContextHelpId
MapDialogRect
InvalidateRgn
CopyAcceleratorTableW
GetMenuStringW
ReleaseCapture
SetCapture
IsRectEmpty
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
SetWindowTextW
IsDialogMessageW
GetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
GetScrollInfo
SetScrollInfo
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
CharLowerBuffW
GetDesktopWindow
SetMenuInfo
LoadMenuW
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
DeleteMenu
CreatePopupMenu
CreateMenu
DrawIconEx
CharNextW
FindWindowW
SetActiveWindow
LoadBitmapW
BeginPaint
EndPaint
SystemParametersInfoW
MoveWindow
ShowWindow
CreateWindowExW
DestroyWindow
UnregisterClassW
DefWindowProcW
RegisterClassExW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadIconW
SetForegroundWindow
KillTimer
IsIconic
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatW
GetSysColorBrush
GetMenuItemInfoW
DrawIcon
SetWindowLongW
LoadImageW
IsWindow
AdjustWindowRectEx
UnregisterClassA
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetWindowLongW
GetParent
ScreenToClient
FrameRect
InflateRect
GetCursorPos
GetSystemMetrics
SetTimer
IsWindowVisible
SetWindowPos
ShowOwnedPopups
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
SetWindowRgn
GetDC
ReleaseDC
FillRect
GetWindowRect
DrawTextW
EnableWindow
ClientToScreen
GetClientRect
SendMessageW
CopyRect
PtInRect
SetRect
LoadCursorW
SetCursor
PostMessageW
InvalidateRect
EqualRect
UnpackDDElParam
GetDlgCtrlID
SetDlgItemTextW

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetDeviceCaps
CreateEllipticRgn
LPtoDP
Ellipse
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
SetMapMode
GetObjectW
CreateDIBSection
ExtCreateRegion
CombineRgn
DeleteDC
MoveToEx
LineTo
CreateCompatibleDC
SelectObject
BitBlt
StretchBlt
CreateFontW
GetTextExtentPoint32W
SetBkMode
TextOutW
DeleteObject
CreateSolidBrush
CreateRoundRectRgn
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
Rectangle
CreateFontIndirectW
CreatePen
SetPixel
FillRgn
CreatePolygonRgn
GetStockObject
CreateRectRgnIndirect
CreateICW
CreateCompatibleBitmap
CreateRectRgn
GetPixel
SetTextColor

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

OpenProcessToken
RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DuplicateTokenEx
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
DragFinish
DragQueryFileW
ShellExecuteW

comctl32

_TrackMouseEvent
ord17

oledlg

OleUIBusyW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoRegisterMessageFilter
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

VariantClear
SysStringLen
VariantInit
VariantChangeType
SafeArrayCreateVector
VariantTimeToSystemTime
SysFreeString
SysAllocString
SysAllocStringLen
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

ws2_32

socket
getsockname
send
recv
closesocket
WSAGetLastError
WSAStartup
WSACleanup
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
inet_addr
gethostbyname
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
ntohs

wldap32

ord41
ord27
ord301
ord167
ord147
ord46
ord142
ord127
ord133
ord26
ord208
ord216
ord145
ord14
ord118
ord79

Sections

.text
Size: 892KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c21f1863d82b479788442ce31bd6ffe

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

7c:bb:32:a2:42:b1:43:ca:8c:97:dc:2f:58:e9:df:ebCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2f:dc:69:09:91:8f:03:14:f0:6b:92:b0:2b:a1:5f:ca:80:0d:59:32Signer

Headers

File Characteristics

PDB Paths

Imports

gdiplus

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

urlmon

iphlpapi

ws2_32

wldap32

Sections

.text Size: 892KB - Virtual size: 889KB

.rdata Size: 172KB - Virtual size: 169KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

7c:bb:32:a2:42:b1:43:ca:8c:97:dc:2f:58:e9:df:eb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2f:dc:69:09:91:8f:03:14:f0:6b:92:b0:2b:a1:5f:ca:80:0d:59:32
Signer

.text
Size: 892KB - Virtual size: 889KB

.rdata
Size: 172KB - Virtual size: 169KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB