2024-04-08_410785a046b226f33a30a591fc3049cb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_410785a046b226f33a30a591fc3049cb_icedid
Size

2.7MB
MD5

410785a046b226f33a30a591fc3049cb
SHA1

377e8b5764074939956da361145e3e0941725594
SHA256

b2e40726df9fff8edac2531cda4de5ba551c529dcb1d43e892061b1e69f1a275
SHA512

301d96228a212db83af1528052f698c57a5cd4fcfd5a39711dbb9b7140c6898ad4e6867cc20fc5d9f350b648f06f6abb7e63212121285042d440ce6ba9c10d71
SSDEEP

12288:xivVUHfOWhVXSFHj+/1quMtpLXLAxg1OqBM/R0Fgv1iZPUc1cif+wJgYUdWdkWWT:LS6dqbLAGOqBMJ4g0ZPBlm9SaT

Score

1^/10

Malware Config

Signatures

Files

2024-04-08_410785a046b226f33a30a591fc3049cb_icedid
.exe windows:4 windows x86 arch:x86

abad4143cb50d95d83ae286ee44a7ea2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:41:ae:3e:ce:78:12:5e:ff:db:47:fb:b7:e2:b2:95
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/11/2013, 00:00

Not After

18/11/2014, 23:59

Subject

CN=Eye of Imagination,OU=IT Team,O=Eye of Imagination,L=Jung-gu,ST=Daegu,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:0b:d4:8f:e0:f4:35:0e:a0:e9:4f:06:c5:54:5d:30:1b:57:54:8f
Signer

Actual PE Digest

12:0b:d4:8f:e0:f4:35:0e:a0:e9:4f:06:c5:54:5d:30:1b:57:54:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\project_2008\Swingmirror\Filebus\Bin\SwingmirrorUp.pdb

Imports

shell32

DragFinish
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GlobalHandle
GetStartupInfoA
ExitProcess
HeapSize
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
TlsGetValue
LocalAlloc
GlobalFlags
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
SuspendThread
ResumeThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
GetCurrentProcessId
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetProcessHeap
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameA
GetCommandLineA
lstrcmpA
GetCurrentProcess
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
OpenProcess
FreeLibrary
GetVersionExA
GetSystemDirectoryA
DeleteFileA
GetNumberFormatA
GetCurrentThreadId
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
GetTickCount
CloseHandle
CreateMutexA
Sleep
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
SetLastError
WideCharToMultiByte
CompareStringA
CompareStringW
InterlockedExchange
GetVersion
MultiByteToWideChar
lstrcpynA
MulDiv
lstrcpyA
lstrlenA
GetDriveTypeA
CreateFileW

user32

LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
GetMenuItemInfoA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
InsertMenuItemA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
ScrollWindow
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
LoadIconA
DrawIconEx
GetWindowLongA
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
MapWindowPoints
EnumChildWindows
GetClassNameA
SetWindowRgn
GetActiveWindow
GetDC
SetRect
GetParent
IsWindow
CallWindowProcA
RedrawWindow
UpdateWindow
SetCursor
WindowFromPoint
SetCapture
GetCapture
ClientToScreen
OffsetRect
SetRectEmpty
SetMenu
TranslateAcceleratorA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
EndDeferWindowPos
CharNextA
CharUpperA
CopyRect
PtInRect
InflateRect
LoadBitmapA
FillRect
DrawFocusRect
SendMessageA
GetClientRect
InvalidateRect
GetFocus
EnableWindow
GetClassInfoA
MessageBoxA
PostMessageA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetTimer
KillTimer
SetWindowPos
GetWindowRect
FindWindowA
ReplyMessage
SetWindowLongA
GetCursorPos
ExitWindowsEx
ShowWindow
SetForegroundWindow
DestroyMenu
TrackPopupMenu
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
CloseWindow
DestroyIcon
LoadImageA
GetIconInfo
ReleaseCapture
GetSysColor
GetSystemMetrics
CallNextHookEx

gdi32

ExtSelectClipRgn
CreatePatternBrush
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreateSolidBrush
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
GetPixel
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
CreateDCA
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
SelectClipRgn

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA
RegConnectRegistryA
OpenProcessToken
LookupPrivilegeValueA

comctl32

ord17

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathGetArgsA
StrFormatByteSize64A
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

ws2_32

WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
WSAConnect
WSASocketA
select
WSAGetLastError
__WSAFDIsSet
send
socket
closesocket
inet_addr
htons
connect
WSACleanup
WSAStartup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abad4143cb50d95d83ae286ee44a7ea2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

20:41:ae:3e:ce:78:12:5e:ff:db:47:fb:b7:e2:b2:95Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

12:0b:d4:8f:e0:f4:35:0e:a0:e9:4f:06:c5:54:5d:30:1b:57:54:8fSigner

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

version

Sections

.text Size: 476KB - Virtual size: 474KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

20:41:ae:3e:ce:78:12:5e:ff:db:47:fb:b7:e2:b2:95
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

12:0b:d4:8f:e0:f4:35:0e:a0:e9:4f:06:c5:54:5d:30:1b:57:54:8f
Signer

.text
Size: 476KB - Virtual size: 474KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB