Static task
static1
Behavioral task
behavioral1
Sample
2024-04-15_9bd0bc66128f0fd846ae6b884ecaeb0e_icedid.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-15_9bd0bc66128f0fd846ae6b884ecaeb0e_icedid.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-15_9bd0bc66128f0fd846ae6b884ecaeb0e_icedid
-
Size
3.1MB
-
MD5
9bd0bc66128f0fd846ae6b884ecaeb0e
-
SHA1
bc89ab20b3774fc1224e7ee0fae6863089097e38
-
SHA256
a40186425e92b2803bd1e04adade925a2e2f4979cb53213dd62321be0ccf1eea
-
SHA512
4f047e42ef9793b90d263f4f345bed521c16864cd7f524175f7b1f5a4b15e5c6b48c6c3f6978cc60b942b885780d4bfb0ebe9dca518e16ea87d934e310c9a777
-
SSDEEP
12288:Sdah3NBpy1xAojhzEz06BL8JI5K1uB9J7rc8KwKOwNn7ww6:yahmygzEz06T5K1u7Rrc8KwpLw6
Malware Config
Signatures
Files
-
2024-04-15_9bd0bc66128f0fd846ae6b884ecaeb0e_icedid.exe windows:4 windows x86 arch:x86
4c06cbfd6273486c4a91e13326ddf324
Code Sign
70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29/01/1996, 00:00Not After01/08/2028, 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
07:4f:05:02:39:04:84:4a:5e:47:74:47:87:d2:47:95Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before22/07/2009, 00:00Not After22/07/2010, 23:59SubjectCN=Sony Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sec.3 Dept.No.6 PC Biz Div. VAIO Biz Gp,O=Sony Corporation,L=Minato-ku,ST=Tokyo,C=JPExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
45:0f:fa:43:15:00:60:c7:8b:8a:84:10:e6:68:a4:bb:e6:f5:fb:a9Signer
Actual PE Digest45:0f:fa:43:15:00:60:c7:8b:8a:84:10:e6:68:a4:bb:e6:f5:fb:a9Digest Algorithmsha1PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\vss_101q\4.developlibrary\09.tools\vts\03.sourcecode(cod)\vaio transfer support\release\VAIOTransfer.pdb
Imports
gdiplus
GdipAlloc
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdipFree
GdipCreateBitmapFromStream
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
iphlpapi
GetAdaptersInfo
GetIpAddrTable
kernel32
GetFileAttributesW
InterlockedExchange
CompareStringA
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
WritePrivateProfileStringW
GetTickCount
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
RaiseException
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
MoveFileW
FileTimeToLocalFileTime
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleA
FreeResource
GetModuleHandleW
FormatMessageW
LoadLibraryA
ExpandEnvironmentStringsA
SearchPathW
GetLocaleInfoW
FindResourceExW
SetLastError
lstrlenA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineW
LoadLibraryExW
CreateMutexW
OpenMutexW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetExitCodeThread
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetFileTime
GetDiskFreeSpaceExW
GetFileSize
GetFileSizeEx
WriteFile
DeviceIoControl
SetEndOfFile
CreateFileW
GetTempFileNameW
GetTempPathW
ReadFile
SetFilePointerEx
OpenEventW
GetSystemDefaultUILanguage
TerminateThread
WaitForMultipleObjects
OpenProcess
Sleep
ResetEvent
ExpandEnvironmentStringsW
CreateEventW
WaitForSingleObject
SetEvent
CreateThread
LeaveCriticalSection
EnterCriticalSection
GlobalLock
GlobalUnlock
InterlockedIncrement
HeapFree
GetProcessHeap
HeapAlloc
GetSystemInfo
GetCurrentThread
GetLogicalDriveStringsW
GlobalFree
GlobalAlloc
WideCharToMultiByte
lstrcpyW
CreateDirectoryW
SetThreadExecutionState
GetSystemPowerStatus
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetProcessId
CreateProcessW
GetCurrentProcess
LocalFree
LocalAlloc
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
CloseHandle
MulDiv
lstrlenW
InterlockedDecrement
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LockResource
SizeofResource
LoadResource
FindResourceW
GetVersionExA
RtlUnwind
user32
MapDialogRect
PostQuitMessage
CharUpperW
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
UnregisterClassA
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
OffsetRect
SystemParametersInfoA
GetWindowPlacement
IntersectRect
CopyRect
GetWindowTextLengthW
GetWindowTextW
SetFocus
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetWindowContextHelpId
SendDlgItemMessageW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
GetNextDlgGroupItem
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsIconic
GetDlgItem
PeekMessageW
ShowWindow
GetPropW
GetWindow
wsprintfW
RegisterWindowMessageW
GetKeyState
wsprintfA
ValidateRect
SetWindowPos
SystemParametersInfoW
KillTimer
IsWindowVisible
EnumWindows
SetTimer
InsertMenuW
EnableMenuItem
GetSystemMenu
TranslateMessage
DispatchMessageW
GetMessageW
PostMessageW
GetFocus
GetDesktopWindow
SetPropW
RemovePropW
MsgWaitForMultipleObjects
CopyImage
LoadImageW
ExitWindowsEx
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetSysColorBrush
UnregisterClassW
CharNextW
CopyAcceleratorTableW
GetWindowThreadProcessId
GetWindowLongW
IsRectEmpty
SetRect
PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
TrackMouseEvent
InvalidateRect
DrawFocusRect
InflateRect
GetWindowRect
IsWindow
SetWindowLongW
SetCursor
WindowFromPoint
GetCursorPos
GetParent
ScreenToClient
ClientToScreen
SetCapture
ReleaseCapture
PtInRect
LoadCursorW
ReleaseDC
GetDC
EnableWindow
DrawIcon
SendMessageW
GetClientRect
GetSystemMetrics
LoadIconW
TabbedTextOutW
InvalidateRgn
gdi32
GetTextColor
GetBkColor
GetMapMode
GetWindowExtEx
GetViewportExtEx
CreateRectRgnIndirect
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SaveDC
GetStockObject
SelectObject
GetObjectW
CreateFontIndirectW
GetTextAlign
Rectangle
CreatePen
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
GetRgnBox
CreateSolidBrush
SetTextAlign
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
comdlg32
GetFileTitleW
winspool.drv
OpenPrinterW
DocumentPropertiesW
ClosePrinter
advapi32
SetSecurityDescriptorGroup
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExA
RegQueryValueExA
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
ControlService
StartServiceW
EqualSid
GetTokenInformation
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
RegCloseKey
DuplicateToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
GetSecurityDescriptorDacl
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
shell32
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
comctl32
InitCommonControlsEx
shlwapi
PathIsDirectoryW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW
oledlg
OleUIBusyW
ole32
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromProgID
OleRun
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CreateILockBytesOnHGlobal
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
oleaut32
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
SysAllocString
VariantInit
ws2_32
WSACleanup
setsockopt
WSASocketW
WSAStartup
inet_addr
htonl
sendto
recvfrom
recv
send
select
connect
WSAGetLastError
accept
listen
bind
socket
closesocket
htons
inet_ntoa
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
rpcrt4
UuidFromStringW
Sections
.text Size: 552KB - Virtual size: 550KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 120KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 412KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ