2024-04-11_f0d4a6d37001877dc88ed05bf08864df_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_f0d4a6d37001877dc88ed05bf08864df_icedid
Size

1.1MB
MD5

f0d4a6d37001877dc88ed05bf08864df
SHA1

3dadaebc17efdf0fe18594e7b2c28ae0b0e5f507
SHA256

f0dc56fc336b2ed19c6acb116054e141fc4b20557e0754a5d019aacf46288e0c
SHA512

519898d91d8f310c39d2ab1ad1b822cbc6a0811017a72306f1b1afa817523d012cdf64ae828d17e5a5a22248636128c87a71ec9f3a13f6bdcc771f995d161820
SSDEEP

12288:1WEvB0hUSlPIT+j5ibg9RfX05mQVFgqscsvqh+54FxM5:1WEv6auug9RPimIFuOq

Score

1^/10

Malware Config

Signatures

Files

2024-04-11_f0d4a6d37001877dc88ed05bf08864df_icedid
.exe windows:4 windows x86 arch:x86

21082c794942185676c13f39d3450509

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cf:1a:1f:3f:e3:07:32:15:a7:ff:48:cc:a0:c3:ec:a5
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

12/01/2010, 00:00

Not After

11/01/2013, 23:59

Subject

CN=ZOHO Corporation,OU=SysAdmin,O=ZOHO Corporation,POSTALCODE=94588,STREET=Suite 310+STREET=4900 Hopyard Road,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dll_setup\desktop_lib\sa_src\native\agent\dcmsghandler\exe\dcmsghandler.pdb

Imports

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipCloneImage
GdipCreateFromHDC
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipFree

dclibxml2

xmlTextReaderValue
xmlParseMemory
xmlTextReaderName
xmlTextReaderRead
xmlFreeTextReader
xmlTextReaderAttributeCount
xmlNewTextReaderFilename
xmlParseFile
xmlDocGetRootElement
xmlFreeDoc
xmlCleanupParser
xmlStrcmp
xmlTextReaderGetAttribute
xmlNodeListGetString
xmlFree
xmlTextReaderDepth

advapi32

RegOpenKeyA
CryptGenKey
RegEnumKeyA
GetTokenInformation
LookupAccountSidA
LookupAccountNameA
GetLengthSid
RegisterEventSourceA
ReportEventA
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
DeregisterEventSource
StartServiceW
QueryServiceStatus
CryptDecrypt
CryptDeriveKey
CryptEncrypt
CryptGetUserKey
CryptDestroyKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserA
InitiateSystemShutdownA
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA

netapi32

DsGetDcNameA
NetWkstaGetInfo
NetGetJoinInformation
NetServerGetInfo
NetApiBufferFree
NetWkstaUserGetInfo

wsock32

WSACleanup
WSAGetLastError
gethostname
WSAStartup

mpr

WNetCancelConnection2W
WNetAddConnection2W

activeds

ord3
ord9

wtsapi32

WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory

iphlpapi

GetAdaptersInfo

winhttp

WinHttpSendRequest
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpOpenRequest

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyA
PathStripToRootW

shell32

CommandLineToArgvW
SHCreateDirectoryExA

odbc32

ord4
ord13
ord26
ord72
ord48
ord49
ord3
ord8
ord16
ord20
ord2
ord1
ord31
ord41
ord9
ord18
ord11
ord43
ord39
ord29
ord19
ord36
ord12

kernel32

MulDiv
SetLastError
GetProcAddress
LoadLibraryW
OpenProcess
GetCurrentProcessId
InterlockedDecrement
Process32Next
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
SetCurrentDirectoryA
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentDirectoryA
CreateProcessA
GetCurrentProcess
CreateFileA
GetSystemDirectoryA
FindNextFileA
GetFileSize
DeleteFileA
ExpandEnvironmentStringsA
GetLocalTime
SystemTimeToFileTime
GetEnvironmentVariableA
GetSystemTime
FindClose
GetModuleHandleA
LoadLibraryA
GetLocaleInfoA
FreeLibrary
GetVersionExA
GetVersionExW
InterlockedExchange
GetACP
GetThreadLocale
GetTickCount
RaiseException
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcmpiA
GetSystemInfo
LocalFree
FormatMessageA
WideCharToMultiByte
GlobalAlloc
FlushFileBuffers
GetVersion
lstrlenA
lstrlenW
GetCurrentThreadId
CreateMutexA
SuspendThread
ResumeThread
ReleaseMutex
LocalUnlock
LocalLock
LocalAlloc
GetModuleFileNameA
MoveFileExA
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleW
GetModuleFileNameW
FormatMessageW
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
SetThreadPriority
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GlobalFlags
FileTimeToSystemTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
MoveFileA
GetFileType
GetTimeZoneInformation
GetSystemTimeAsFileTime
RtlUnwind
ExitThread
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
CloseHandle
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
SetProcessShutdownParameters
GetCommandLineW
CreateThread
Sleep
TerminateThread
LockResource
GetLastError
SizeofResource
LoadResource
FindResourceW
CreateDirectoryA
GetDriveTypeA
GetFullPathNameA
FindFirstFileA
GetConsoleCP

user32

GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
IsDialogMessageW
SetWindowTextW
MoveWindow
GetWindowThreadProcessId
SetCursor
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
DestroyMenu
CharUpperW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
SetForegroundWindow
IsWindowVisible
GetMenu
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
PeekMessageW
GetLastActivePopup
GetDlgCtrlID
CallWindowProcW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
IntersectRect
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindowTextW
GetWindow
SetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
wsprintfA
UnregisterClassW
GetDC
DrawFocusRect
ReleaseDC
SetWindowLongW
UpdateWindow
LoadCursorW
GetClassInfoW
GetSysColorBrush
DefWindowProcW
GetSysColor
DestroyWindow
SetTimer
MessageBoxA
GetWindowRect
PostQuitMessage
IsIconic
LoadImageW
SetCapture
DrawIcon
LoadIconW
OffsetRect
InvalidateRect
GetDesktopWindow
ReleaseCapture
GetSystemMetrics
CopyRect
GetParent
CloseWindow
FillRect
GetClientRect
ExitWindowsEx
wsprintfW
ShowWindow
SendMessageW
EnableWindow
MapWindowPoints
DispatchMessageW
GetTopWindow
GetMessageTime
PtInRect
GetMessagePos
GetKeyState
GetWindowLongW

gdi32

SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetMapMode
GetDeviceCaps
CreateFontIndirectW
GetStockObject
CreateSolidBrush
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
SetTextColor
SetMapMode
GetClipBox
GetObjectW
GetRgnBox
GetTextColor
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
DPtoLP
GetBkColor
TextOutW

comdlg32

GetFileTitleW

comctl32

_TrackMouseEvent
InitCommonControlsEx

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SysAllocStringLen
OleCreateFontIndirect
SysFreeString
VariantChangeType
SysAllocString
VariantInit
VariantClear
SysStringLen
SysAllocStringByteLen

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21082c794942185676c13f39d3450509

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

cf:1a:1f:3f:e3:07:32:15:a7:ff:48:cc:a0:c3:ec:a5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

gdiplus

dclibxml2

advapi32

netapi32

wsock32

mpr

activeds

wtsapi32

iphlpapi

winhttp

shlwapi

shell32

odbc32

kernel32

user32

gdi32

comdlg32

comctl32

oledlg

ole32

oleaut32

oleacc

winspool.drv

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 72KB - Virtual size: 87KB

.rsrc Size: 408KB - Virtual size: 408KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

cf:1a:1f:3f:e3:07:32:15:a7:ff:48:cc:a0:c3:ec:a5
Certificate

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 72KB - Virtual size: 87KB

.rsrc
Size: 408KB - Virtual size: 408KB