2024-04-09_914ef32386876950f5012ffd2d86d12d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_914ef32386876950f5012ffd2d86d12d_icedid
Size

615KB
MD5

914ef32386876950f5012ffd2d86d12d
SHA1

e4f2b01bda723007c10a4ef4429392d68eaab8da
SHA256

f9371b8408e3363140355cff70e81ce0d771d202a3d78f2a5ad044099c314f5c
SHA512

b79582a3cc665584d4f2a0db7d841b7497ba24a270b90ad85a8e32119f65270c6e77b9dde9587b4e5d86f938949a99cc727e73224f1e940051870a280b2b1e88
SSDEEP

6144:ctNrT6U1nejGVX1lhEMaJWecR3TnvScjbWPXr5GPAGEPbBytIcy7aZuNuPY9Dl16:ctFT31ejG2cR3TnjjqPXr5Zy2CuptK

Score

1^/10

Malware Config

Signatures

Files

2024-04-09_914ef32386876950f5012ffd2d86d12d_icedid
.exe windows:4 windows x86 arch:x86

d9b02c77b69f0a9b3035b0f5b4f15a89

Code Sign

56:ed:30:2c:fa:ee:15:66:72:c8:71:8a:1f:ac:d5:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

28/02/2015, 23:59

Subject

CN=Meridian Tech Pte Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Meridian Tech Pte Limited,L=SINGAPORE,ST=SINGAPORE,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:fd:01:14:d9:e8:c7:67:dc:0b:56:26:c2:25:73:b4:49:45:0d:6f
Signer

Actual PE Digest

0b:fd:01:14:d9:e8:c7:67:dc:0b:56:26:c2:25:73:b4:49:45:0d:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Disconnect_Machine
CM_Get_Child_Ex
CM_Get_DevNode_Registry_Property_ExA
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Get_Sibling_Ex

rpcrt4

UuidFromStringA
UuidCreateSequential

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
SetErrorMode
WritePrivateProfileStringA
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
GetTimeFormatA
GetDateFormatA
LocalAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
SetHandleCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
SuspendThread
WaitForSingleObject
ResumeThread
SetThreadPriority
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
lstrcmpA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetVersionExA
GetModuleFileNameA
GetSystemInfo
FindClose
FindFirstFileA
GlobalMemoryStatus
lstrcpynA
DuplicateHandle
CreatePipe
ReadFile
CreateProcessA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32Next
TerminateProcess
GetExitCodeProcess
Sleep
OpenProcess
Process32First
GetComputerNameA
LoadLibraryA
GlobalFree
GetProcAddress
SetLastError
GlobalAlloc
GetTickCount
FreeLibrary
lstrcpyA
WinExec
lstrcatA
OpenFileMappingA
CloseHandle
CreateFileMappingA
GetCommandLineA
SetEvent
UnmapViewOfFile
MapViewOfFile
PulseEvent
LocalFree
FormatMessageA
DeleteFileA
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
lstrlenA
GetSystemTimeAsFileTime

user32

PostThreadMessageA
SetRect
IsRectEmpty
CopyAcceleratorTableA
ReleaseCapture
SetCapture
UnregisterClassA
GetSysColorBrush
CharNextA
DestroyMenu
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
WindowFromPoint
GetMessageA
TranslateMessage
ValidateRect
MsgWaitForMultipleObjects
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
GetWindow
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetSystemMenu
IsIconic
RegisterClipboardFormatA
GetSubMenu
DeleteMenu
GetNextDlgGroupItem
InvalidateRgn
LoadMenuA
wsprintfA
DrawIcon
RegisterWindowMessageA
MessageBoxA
BringWindowToTop
GetCursorPos
AppendMenuA
SystemParametersInfoA
GetSystemMetrics
SetCursor
GetWindowRect
GetParent
MessageBeep
GetDC
InflateRect
SetWindowLongA
ReleaseDC
LoadCursorA
SetForegroundWindow
SetTimer
KillTimer
InvalidateRect
GetSysColor
PostMessageA
LoadIconA
SendMessageA
LoadBitmapA
CharUpperA
GetClientRect
EnableWindow

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
SetViewportExtEx
GetMapMode
GetRgnBox
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
GetDeviceCaps
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SaveDC
CreateBitmap
GetTextExtentPoint32A
CreateFontIndirectA
GetStockObject
CreateSolidBrush
BitBlt
StretchBlt
CreateCompatibleDC
GetObjectA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetTokenInformation
RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
GetUserNameA
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
CryptDeriveKey
OpenProcessToken
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CLSIDFromProgID
CoTaskMemAlloc
OleFlushClipboard
CLSIDFromString
CoTaskMemFree
CoRegisterMessageFilter
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VarDateFromStr

ws2_32

gethostbyname
socket
WSAStartup
WSACleanup
recv
htons
send
closesocket
connect

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9b02c77b69f0a9b3035b0f5b4f15a89

Code Sign

56:ed:30:2c:fa:ee:15:66:72:c8:71:8a:1f:ac:d5:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:fd:01:14:d9:e8:c7:67:dc:0b:56:26:c2:25:73:b4:49:45:0d:6fSigner

Headers

File Characteristics

Imports

setupapi

rpcrt4

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 336KB - Virtual size: 332KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 180KB - Virtual size: 176KB

56:ed:30:2c:fa:ee:15:66:72:c8:71:8a:1f:ac:d5:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:fd:01:14:d9:e8:c7:67:dc:0b:56:26:c2:25:73:b4:49:45:0d:6f
Signer

.text
Size: 336KB - Virtual size: 332KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 180KB - Virtual size: 176KB