2024-04-16_ecd21d8765a9e022b16a04889d4c99c2_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-16_ecd21d8765a9e022b16a04889d4c99c2_icedid
Size

746KB
MD5

ecd21d8765a9e022b16a04889d4c99c2
SHA1

572252f1947579c857451ec6b6727e97b10b7bf0
SHA256

7a3bb0b9015d5ebf71c6ff7a3d84216bdc7d9cd061999e2facebe09504d8371d
SHA512

6c49439c2d983496617c93553a26d7b883126c4e00cfcd874c801bee8ca7d23dac431e3caf1265c593570e70b6c87d16d9346fb8e0bca7d5973654fd49afa37b
SSDEEP

12288:IAaplda4omZ7u+BWe/yL4tnyXCoabL7K0MG7iIOTY:0hZC+gIdl7K0P

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_ecd21d8765a9e022b16a04889d4c99c2_icedid
.exe windows:4 windows x86 arch:x86

4c23c4f0b1e179d7ed50086327e8c068

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/08/2007, 00:00

Not After

01/09/2009, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:6e:b3:82:0f:f7:9a:db:1e:d3:a4:af:79:c8:d9:1b:94:0a:96:00
Signer

Actual PE Digest

52:6e:b3:82:0f:f7:9a:db:1e:d3:a4:af:79:c8:d9:1b:94:0a:96:00

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bld\rel\gpu_drv\r173\r174_70\drivers\ui\Sedona\Sedona\Release\bin\nvCplUI.pdb

Imports

rpcrt4

UuidFromStringW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdiplusShutdown
GdipCloneBrush
GdipAlloc
GdipCreateFont
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipFree
GdiplusStartup
GdipDeleteBrush

nvexpbar

ord7
g_sEBI
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeText
GetThemeBackgroundContentRect
DrawThemeBackground
IsThemeActive
ord2
ord1
ord8

kernel32

GlobalFlags
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetErrorMode
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
GetStartupInfoW
RtlUnwind
TlsFree
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetTempPathW
GetProfileIntW
SearchPathW
GetTickCount
GetCurrentThread
lstrcmpA
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
GetVersion
GlobalGetAtomNameW
GetShortPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExW
DeleteFileW
MoveFileW
GlobalAlloc
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
GlobalFree
WideCharToMultiByte
GlobalLock
GlobalUnlock
SetLastError
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
GetVersionExA
LoadLibraryA
FindResourceExW
GetModuleHandleExA
OpenMutexW
GetProcAddress
CreateMutexW
SetThreadLocale
GetSystemDirectoryW
ReleaseMutex
GetUserDefaultUILanguage
GetSystemDefaultLCID
FormatMessageW
LocalFree
GetLocalTime
CreateFileW
GetComputerNameW
CloseHandle
GetFileAttributesW
GetLocaleInfoW
lstrcmpW
FindFirstFileW
FindClose
lstrcatW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
GetModuleFileNameW
SizeofResource
LoadLibraryW
FreeLibrary
MulDiv
FindResourceW
LoadResource
LockResource
InterlockedDecrement
InterlockedIncrement
lstrcpynW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrlenW
GetVersionExW
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentThreadId
GetThreadLocale
DeleteCriticalSection
InitializeCriticalSection
RaiseException
ExitProcess

user32

SetWindowContextHelpId
RegisterClipboardFormatW
DestroyCursor
LockWindowUpdate
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
CreateMenu
GetTabbedTextExtentA
GetMessageW
TranslateMessage
ValidateRect
GetActiveWindow
CreateDialogIndirectParamW
EndDialog
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetDlgItemTextW
GetCapture
GetClassInfoExW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
SetWindowPlacement
SystemParametersInfoA
GetWindowPlacement
DrawFocusRect
CallWindowProcW
BeginDeferWindowPos
EndDeferWindowPos
GetClassLongW
ReleaseCapture
SetCapture
GetDCEx
GetSystemMenu
SystemParametersInfoW
FillRect
LoadImageW
DrawIcon
SetFocus
MapDialogRect
SetParent
FindWindowW
IsIconic
SetForegroundWindow
SetWindowTextW
GetCursorPos
GetKeyState
OffsetRect
IsChild
InflateRect
DestroyMenu
LoadMenuIndirectW
GetMenuItemInfoW
DeleteMenu
WindowFromPoint
ScreenToClient
RegisterWindowMessageW
CharLowerW
IsWindowEnabled
GetClassNameW
CloseWindow
GetNextDlgTabItem
GetFocus
SetMenu
LoadMenuW
RemoveMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AppendMenuW
CreatePopupMenu
EnumDisplaySettingsW
GetWindow
GetDesktopWindow
wsprintfW
CopyRect
GetWindowTextLengthW
GetWindowTextW
DrawTextW
RegisterClassW
DefWindowProcW
BeginPaint
EndPaint
IsRectEmpty
GetDlgCtrlID
LoadBitmapW
SendMessageW
GetWindowRect
InvalidateRect
EnableWindow
UnregisterClassW
PostMessageW
PtInRect
DrawFrameControl
SetWindowRgn
GetClientRect
IsWindowVisible
RedrawWindow
SetTimer
GetDlgItem
SetWindowPos
GetWindowLongW
IntersectRect
CreateWindowExW
GetParent
UpdateWindow
TrackMouseEvent
SetCursor
GetSystemMetrics
DestroyIcon
CreateDialogParamW
WinHelpW
GetDC
ReleaseDC
GetDialogBaseUnits
IsDialogMessageW
MoveWindow
ShowWindow
SetWindowLongW
ShowOwnedPopups
PostQuitMessage
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
CharNextW
DestroyWindow
LoadIconW
DrawIconEx
UnhookWindowsHookEx
LoadCursorW
GetSysColorBrush
RegisterClassExW
GetSysColor
SetWindowsHookExW
IsWindow
CallNextHookEx
ClientToScreen
KillTimer
TranslateAcceleratorW
SetRectEmpty
CharUpperW
GetMenuStringW
SetRect
InsertMenuW

gdi32

SetDIBitsToDevice
CreateDIBSection
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
SetViewportOrgEx
CreatePen
CreateDCW
CreateRectRgnIndirect
SetRectRgn
CreateEllipticRgn
LPtoDP
Ellipse
StretchDIBits
GetCharWidthW
CreateFontW
SetAbortProc
AbortDoc
GetViewportOrgEx
Rectangle
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextExtentPoint32A
GetWindowOrgEx
IntersectClipRect
ExcludeClipRect
GetTextColor
EnumFontFamiliesW
ExtTextOutW
StartDocW
StartPage
EndPage
EndDoc
CreateCompatibleBitmap
OffsetWindowOrgEx
DeleteDC
GetClipBox
BitBlt
CreateCompatibleDC
SetBkMode
SetTextColor
GetTextFaceW
GetTextMetricsW
GetTextExtentPointW
DeleteObject
GetCurrentObject
GetDeviceCaps
FrameRgn
GetRgnBox
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
GetObjectW
CreateFontIndirectW
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
GetStockObject
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetBkColor
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
PatBlt

msimg32

AlphaBlend

comdlg32

PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetJobW

advapi32

RegEnumKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
SetFileSecurityW
RegCreateKeyW
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueW
GetFileSecurityW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
DragFinish
DragQueryFileW
ExtractIconW
ExtractAssociatedIconW

comctl32

ImageList_ReplaceIcon
ImageList_Draw
ImageList_Add
ImageList_Create
ord17
ImageList_Destroy
ImageList_GetImageInfo

shlwapi

PathFindFileNameW
SHGetValueW
SHSetValueW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemRealloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
StringFromCLSID
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect

Sections

.text
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c23c4f0b1e179d7ed50086327e8c068

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:dfCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

52:6e:b3:82:0f:f7:9a:db:1e:d3:a4:af:79:c8:d9:1b:94:0a:96:00Signer

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

version

gdiplus

nvexpbar

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 400KB - Virtual size: 397KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 212KB - Virtual size: 212KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:df
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

52:6e:b3:82:0f:f7:9a:db:1e:d3:a4:af:79:c8:d9:1b:94:0a:96:00
Signer

.text
Size: 400KB - Virtual size: 397KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 212KB - Virtual size: 212KB