2024-04-08_60bc028d9c3750aa6e946e4668e71e1e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_60bc028d9c3750aa6e946e4668e71e1e_icedid
Size

1.2MB
MD5

60bc028d9c3750aa6e946e4668e71e1e
SHA1

142d4f37447e94f4a44dbc6b5d50a1e9c2e0ce8e
SHA256

581d3b5c5395bf89e18ea842f535444dd609ad4db275ee78cc10cc589a69e295
SHA512

faf18c1078a5a9624ea29f6914276b677b74b88b63fca2bc8c1344dc65e0ceef0ac280fed39df80320326d69dc6e617f7e2fc150fc35ad3dad40cd81d442b01e
SSDEEP

24576:QdcAZ4i8F/Unwijv2Ovmy+ZwgwXO3lMlMlj:wnZOew+2MVwwxO3lMlMlj

Score

1^/10

Malware Config

Signatures

Files

2024-04-08_60bc028d9c3750aa6e946e4668e71e1e_icedid
.exe windows:4 windows x86 arch:x86

38936fb853df89ae0e20b131bdc6a2fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

11/12/2011, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Control Devices,O=Logitech,L=FREMONT,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:88:39:77:41:b1:d8:d0:ca:82:b2:3f:11:cf:37:3d:d2:70:d2:1d
Signer

Actual PE Digest

b4:88:39:77:41:b1:d8:d0:ca:82:b2:3f:11:cf:37:3d:d2:70:d2:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build\LU\LU_2.17\2.17.17\Sources\LuUpdater\release\LogitechUpdate.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
ExitThread
RaiseException
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GlobalFindAtomW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
LocalAlloc
GetFileTime
GetFileAttributesW
SetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
DeleteFileW
MoveFileW
GlobalAddAtomW
GlobalDeleteAtom
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
SetThreadAffinityMask
GetDiskFreeSpaceExW
GetSystemPowerStatus
QueryPerformanceFrequency
TerminateThread
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GetModuleHandleA
InterlockedDecrement
lstrlenA
lstrcmpA
WideCharToMultiByte
MulDiv
SuspendThread
SetThreadPriority
TerminateProcess
GetCurrentProcessId
OutputDebugStringW
GlobalLock
GlobalUnlock
CopyFileW
Sleep
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
GetModuleHandleW
GetCurrentThread
SetEnvironmentVariableW
IsBadWritePtr
GlobalFree
GlobalAlloc
GetCurrentProcess
LocalFree
GetVersionExW
IsBadCodePtr
FreeLibrary
GetProcAddress
LoadLibraryW
GetTickCount
lstrlenW
CreateThread
ReadFile
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
PeekNamedPipe
FlushFileBuffers
WriteFile
WaitNamedPipeW
CreateFileW
ResumeThread
ReleaseMutex
FormatMessageW
CreateMutexW
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
GetModuleFileNameW
GetTempPathW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
ResetEvent
LoadResource
LockResource
SizeofResource
SetLastError
GetHandleInformation
GetLastError
WaitForMultipleObjectsEx
SetEvent
OpenEventW
FindResourceW
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
GetCurrentThreadId
GetExitCodeProcess
CloseHandle
GetStartupInfoA
InterlockedCompareExchange

user32

DestroyMenu
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
GetMessageTime
MapWindowPoints
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
SystemParametersInfoA
GetWindowPlacement
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
CharUpperW
GetWindowTextLengthW
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetSysColor
EndPaint
ClientToScreen
GrayStringW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
CheckMenuItem
SetWindowsHookExW
UnregisterClassA
wsprintfW
AttachThreadInput
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
SetWindowLongW
DrawIcon
IsIconic
TrackPopupMenu
SetMenuDefaultItem
AppendMenuW
CreatePopupMenu
PostQuitMessage
SetActiveWindow
CallWindowProcW
GetCursorPos
ScreenToClient
GetMessagePos
DestroyCursor
GetDC
SetCursor
LoadCursorW
ReleaseDC
DrawTextExW
GetSysColorBrush
UnregisterClassW
FrameRect
FillRect
GetDesktopWindow
IsRectEmpty
SetForegroundWindow
SetWindowPos
CopyRect
BringWindowToTop
IsWindowVisible
InvalidateRect
OffsetRect
EnableMenuItem
EnableWindow
GetSystemMenu
GetMenu
GetWindowLongW
AdjustWindowRectEx
GetParent
GetClientRect
LoadIconW
InflateRect
SystemParametersInfoW
GetSystemMetrics
MonitorFromPoint
SetRect
GetWindowRect
PtInRect
DrawTextW
GetForegroundWindow
FindWindowW
PostThreadMessageW
SendMessageW
IsWindow
KillTimer
SetTimer
PostMessageW
BeginPaint

gdi32

SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentExPointW
GetObjectW
CreateFontW
GetClipBox
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
CreateBrushIndirect
GetTextExtentPoint32W
GetStockObject
BitBlt
SetTextColor
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteObject
CombineRgn
CreateRectRgnIndirect
FillRgn
DeleteDC
GetDeviceCaps
SetViewportExtEx
SetViewportOrgEx

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptAcquireContextW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
CryptReleaseContext
CryptVerifySignatureW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptImportKey
SetFileSecurityW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegFlushKey
RegCreateKeyExW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindExtensionW
PathCanonicalizeW

ole32

CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
StringFromGUID2
CoCreateGuid
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageI
GdipAlloc

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetGetConnectedState
InternetCheckConnectionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

msi

ord72
ord232
ord8
ord96

Sections

.text
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38936fb853df89ae0e20b131bdc6a2fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

b4:88:39:77:41:b1:d8:d0:ca:82:b2:3f:11:cf:37:3d:d2:70:d2:1dSigner

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

setupapi

msi

Sections

.text Size: 706KB - Virtual size: 706KB

.rdata Size: 285KB - Virtual size: 284KB

.data Size: 15KB - Virtual size: 40KB

.rsrc Size: 169KB - Virtual size: 169KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b4:88:39:77:41:b1:d8:d0:ca:82:b2:3f:11:cf:37:3d:d2:70:d2:1d
Signer

.text
Size: 706KB - Virtual size: 706KB

.rdata
Size: 285KB - Virtual size: 284KB

.data
Size: 15KB - Virtual size: 40KB

.rsrc
Size: 169KB - Virtual size: 169KB