2024-04-10_eab179bdefb8ba856a0173cb0ac0d7ea_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_eab179bdefb8ba856a0173cb0ac0d7ea_icedid
Size

2.6MB
MD5

eab179bdefb8ba856a0173cb0ac0d7ea
SHA1

22567b4081872c7a65560a3cb2e3a36127856125
SHA256

41331c3df5daaf6c23205e4e52c75b51edbe6fc3e259397d6905e92bf0df617a
SHA512

c090e7fe7eed208a8c2f4306ae276fba375c319a9f8a331156c066481dbd4ca996eab9a226e52d9918aea2e93954050d3fb841bb486052a9449b78f07c07b537
SSDEEP

49152:U8BWDgy+bK3BXMD7VxtYR8awCy2kOHgDv+3RWt5FDpMU3iN+ukQMXDjF8:m4yB6BLYR8aw52kbC3Ro5FeU3P8

Score

1^/10

Malware Config

Signatures

Files

2024-04-10_eab179bdefb8ba856a0173cb0ac0d7ea_icedid
.exe windows:5 windows x86 arch:x86

cc22819ada4666b83893904dcc4ebc3b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\360wangguanban\trunk\360SME\Bin\360EntAdmin.pdb

Imports

kernel32

SetEnvironmentVariableA
LockResource
LoadResource
GetProcessHeap
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleMode
ReadConsoleInputA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetVersion
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
FindResourceW
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
lstrlenW
InterlockedDecrement
DeleteFileW
GetTempFileNameW
GetTempPathW
FindClose
FindFirstFileW
FindNextFileW
GetLastError
CreateMutexW
GetCommandLineW
GetCurrentProcessId
CloseHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStringW
GetFileAttributesW
WaitForSingleObject
InitializeCriticalSection
ReadFile
GetTickCount
GetFileSizeEx
CreateFileW
Sleep
GetModuleHandleW
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
CreateFileA
WideCharToMultiByte
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapReAlloc
ExitProcess
GetSystemTimeAsFileTime
DeleteFileA
GetConsoleMode
GetConsoleCP
CreateThread
ExitThread
HeapAlloc
RtlUnwind
WriteFile
SetEvent
GetSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
HeapFree
GetStartupInfoW
VirtualProtect
GetProfileIntW
SearchPathW
GetFileTime
SetErrorMode
FileTimeToSystemTime
GlobalGetAtomNameW
GlobalFlags
GetCurrentDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrcpyW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
GlobalSize
FormatMessageW
LocalFree
MulDiv
GlobalAddAtomW
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
SetLastError
FindResourceExW
SetUnhandledExceptionFilter
GetCurrentThreadId
GetEnvironmentVariableW
CopyFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
OutputDebugStringW
GetLocalTime
WritePrivateProfileStringW
GetPrivateProfileIntW
SetEndOfFile
FlushFileBuffers
CreateEventW
CreateDirectoryW
MoveFileW
lstrlenA
GetFileSize
SetFilePointer
MultiByteToWideChar
SizeofResource

user32

TranslateAcceleratorW
SetCursorPos
SetRect
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
UnregisterClassW
LoadImageW
DestroyIcon
CopyImage
DrawStateW
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
IsMenu
SetClassLongW
SetParent
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
PostThreadMessageW
WaitMessage
WindowFromPoint
DeleteMenu
GetSysColorBrush
LoadCursorW
SetRectEmpty
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DestroyMenu
GetMenuItemInfoW
InflateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
InsertMenuItemW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
SetForegroundWindow
IsIconic
ShowWindow
GetPropW
IsWindow
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowLongW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuStringW
GetMenuItemID
ReuseDDElParam
UnpackDDElParam
UnionRect
EnableScrollBar
UpdateLayeredWindow
GetMenuDefaultItem
IsCharLowerW
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
InsertMenuW
RemoveMenu
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
PeekMessageW
ValidateRect
SetMenuItemBitmaps
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffW
CopyIcon
SubtractRect
CreateMenu
GetDoubleClickTime
GetIconInfo
GetWindowRgn
DestroyCursor
GetNextDlgGroupItem
GetWindow
GetDesktopWindow
MessageBoxW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
DestroyWindow
RemovePropW
PostMessageW
SendMessageW
GetWindowThreadProcessId
GetWindowLongW
IsWindowVisible
DrawIcon
AppendMenuW
SetMenuDefaultItem
GetSubMenu
LoadMenuW
GetSystemMenu
GetTopWindow
GetWindowRect
GetClientRect
InvalidateRect
SetTimer
KillTimer
GetLastActivePopup
GetParent
EnableWindow
LoadIconW
SetWindowPos
GetSystemMetrics
SetPropW
GetCursorPos
PostQuitMessage
EnumWindows
DefWindowProcW
GetDlgItem
CreateWindowExW
RegisterClassExW
FindWindowExW
RegisterWindowMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetKeyState
CreatePopupMenu
GetMenuItemCount
DispatchMessageW
TranslateMessage
CopyRect
GetDC
ReleaseDC
ClientToScreen
SetCapture
ReleaseCapture
PtInRect
IsZoomed
RedrawWindow
MessageBeep
OffsetRect
SystemParametersInfoW
WinHelpW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
MapDialogRect

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
DPtoLP
OffsetRgn
GetRgnBox
SelectClipRgn
GetTextColor
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
CreatePolygonRgn
GetBkColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateBitmap
GetDeviceCaps
CopyMetaFileW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateRoundRectRgn
ExtTextOutW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegisterEventSourceA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
DeregisterEventSource
ReportEventA
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyW

shell32

ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
SHGetFileInfoW
SHAppBarMessage
DragFinish
DragQueryFileW
Shell_NotifyIconW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathIsRelativeW
PathFileExistsW
SHGetValueW
PathIsDirectoryW
PathRenameExtensionW
PathFileExistsA
wvnsprintfW
SHSetValueW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathCombineW

ole32

DoDragDrop
OleGetClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
OleLockRunning
CoLockObjectExternal
RevokeDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
SysAllocString

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

iphlpapi

GetAdaptersInfo
GetTcpTable

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

cabinet

ord11
ord10
ord13
ord14

wininet

InternetConnectW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetOpenW
InternetSetOptionW

psapi

GetModuleFileNameExW

ws2_32

inet_addr
htons

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc22819ada4666b83893904dcc4ebc3b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

iphlpapi

version

cabinet

wininet

psapi

ws2_32

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 485KB - Virtual size: 484KB

.data Size: 36KB - Virtual size: 79KB

.rsrc Size: 103KB - Virtual size: 103KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 485KB - Virtual size: 484KB

.data
Size: 36KB - Virtual size: 79KB

.rsrc
Size: 103KB - Virtual size: 103KB