2024-04-10_63992485cc65d68c1729a18829ce3471_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_63992485cc65d68c1729a18829ce3471_icedid
Size

1.1MB
MD5

63992485cc65d68c1729a18829ce3471
SHA1

73537e7d050018a08bbce0f83476f7b0ab7066dd
SHA256

4fa73e7a589ef1931e9508752188c2b46d0693e6c7d47b693e0aba838882440e
SHA512

396ce1ddd08b6eb2bc628525d7e294ad268948b9c4a8d46525e0fa105155e4ece5fe270de29477f04f2546316fc2fce00e08944939d27d770499d8a3efc82b1b
SSDEEP

24576:0TMAm55LXigPiwtROA79SM+85bc8MIPeXMshFXq2s2+6QTXW:6MXLXigPiz85bcJCFMFXqfFTm

Score

1^/10

Malware Config

Signatures

Files

2024-04-10_63992485cc65d68c1729a18829ce3471_icedid
.exe windows:4 windows x86 arch:x86

eede072ef569cd3c34ba48d19db5e43e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:ec:9d:51:41:ec:2a:9d:9d:3d:6e:db:2f:30:1c:9b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

12/04/2012, 00:00

Not After

12/04/2013, 23:59

Subject

CN=Softnyx Co.\, Ltd.,OU=Server Development Team,O=Softnyx Co.\, Ltd.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:07:5e:1a:05:48:6a:21:83:7a:ef:53:91:21:14:cb:c9:7e:81:f3
Signer

Actual PE Digest

10:07:5e:1a:05:48:6a:21:83:7a:ef:53:91:21:14:cb:c9:7e:81:f3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Project_Launcher\Source\Launcher\NyxLauncher\OutPut\Release\NyxLauncher\NyxLauncher.pdb

Imports

kernel32

LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
GetStartupInfoA
GetCommandLineA
ExitThread
CreateThread
SetEnvironmentVariableA
HeapReAlloc
HeapSize
TlsSetValue
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
GetProcessHeap
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetUserDefaultLCID
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcpyA
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
InterlockedDecrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
InterlockedIncrement
FreeResource
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
SetVolumeLabelA
GetDiskFreeSpaceA
GetDriveTypeA
MoveFileA
SetEndOfFile
SetFileAttributesA
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetFullPathNameA
WaitForMultipleObjects
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateEventA
SetEvent
FindResourceExA
CreateProcessA
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetFileSize
CopyFileA
CreateMutexA
SetCurrentDirectoryA
ReadFile
ReleaseMutex
ExitProcess
GetCurrentProcessId
Sleep
OutputDebugStringA
GetSystemInfo
GlobalMemoryStatusEx
GlobalMemoryStatus
GetLocalTime
CreateFileA
WriteFile
CloseHandle
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetProcAddress
MulDiv
GetTickCount
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTime

user32

RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
GetKeyState
UpdateWindow
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowPlacement
GetWindow
CharNextA
GetActiveWindow
CreateDialogIndirectParamA
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
CharToOemBuffA
OemToCharBuffA
LoadImageA
PostThreadMessageA
SetRectEmpty
wvsprintfA
MoveWindow
SetWindowTextA
LoadCursorA
FrameRect
InflateRect
IsRectEmpty
SetWindowRgn
GetSysColor
SetCapture
ReleaseCapture
SystemParametersInfoA
SetTimer
KillTimer
SetCursor
GetCursorPos
ScreenToClient
PtInRect
OffsetRect
EqualRect
SetActiveWindow
SetWindowPos
OpenIcon
GetDlgItem
ShowWindow
SetFocus
GetDC
GetDesktopWindow
ReleaseDC
ClientToScreen
CharUpperA
MessageBeep
DestroyMenu
InvalidateRgn
CopyAcceleratorTableA
SetRect
GetWindowRect
GetParent
CreateWindowExA
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
SetForegroundWindow
LoadAcceleratorsA
GetSystemMetrics
GetWindowLongA
SetWindowLongA
LoadIconA
EnableWindow
RedrawWindow
IsWindowVisible
InvalidateRect
GetUpdateRect
GetClientRect
IsIconic
PostMessageA
SendMessageA
DrawIcon
CopyRect
UnregisterClassA
RegisterClipboardFormatA
GetNextDlgGroupItem
wsprintfA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
CheckDlgButton
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsDialogMessageA
GetSubMenu
DrawTextExA

gdi32

SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetTextColor
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetClipBox
GetTextColor
GetBkColor
GetDIBits
CreateBrushIndirect
FrameRgn
CreateRoundRectRgn
CreatePolygonRgn
GetStockObject
GetObjectA
RectVisible
SetDIBitsToDevice
StretchDIBits
SelectClipRgn
CreateRectRgn
GetTextExtentPoint32A
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
BitBlt
CreateSolidBrush
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegDeleteValueA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoCreateInstance
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
VariantInit
OleCreateFontIndirect
VariantClear
VariantChangeType
SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
DispCallFunc
LoadRegTypeLi
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
LoadTypeLi
SysAllocStringLen

ws2_32

WSASocketA
WSAEventSelect
WSACloseEvent
ntohl
sendto
WSAEnumNetworkEvents
gethostname
ntohs
getservbyport
gethostbyaddr
getservbyname
accept
recv
shutdown
inet_addr
gethostbyname
WSACreateEvent
inet_ntoa
connect
ioctlsocket
WSAAsyncSelect
setsockopt
send
WSACleanup
closesocket
recvfrom
bind
htons
htonl
socket
WSAStartup
WSAGetLastError

ddraw

DirectDrawCreate

iphlpapi

GetAdaptersInfo

wininet

InternetSetStatusCallback
HttpQueryInfoA
InternetSetOptionA
InternetOpenUrlA
InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetSetCookieA

Sections

.text
Size: 724KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eede072ef569cd3c34ba48d19db5e43e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

67:ec:9d:51:41:ec:2a:9d:9d:3d:6e:db:2f:30:1c:9bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

10:07:5e:1a:05:48:6a:21:83:7a:ef:53:91:21:14:cb:c9:7e:81:f3Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

ddraw

iphlpapi

wininet

Sections

.text Size: 724KB - Virtual size: 722KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 24KB - Virtual size: 44KB

.rsrc Size: 240KB - Virtual size: 236KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

67:ec:9d:51:41:ec:2a:9d:9d:3d:6e:db:2f:30:1c:9b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

10:07:5e:1a:05:48:6a:21:83:7a:ef:53:91:21:14:cb:c9:7e:81:f3
Signer

.text
Size: 724KB - Virtual size: 722KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 24KB - Virtual size: 44KB

.rsrc
Size: 240KB - Virtual size: 236KB