2024-04-17_9d8a5b5d390e52ccea2dacd703ec3bd2_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-17_9d8a5b5d390e52ccea2dacd703ec3bd2_icedid
Size

1.6MB
MD5

9d8a5b5d390e52ccea2dacd703ec3bd2
SHA1

66a88463577199ab108a2c631005ff38882fa99b
SHA256

a60542af79f2fe64a16fe2b6b646f6ecce09db897c9675fc71f836cc7c8024e3
SHA512

248858c7c4bd9089dfee7d16c8bf30c6578fdd1afc9ae45885a995eec75e1cf2e779cd5493ec5e839228dc90bc41e1f84ff99dd12266508d97f66c39e68e1135
SSDEEP

24576:dV+G/Mcsd9h1yMMCzcL71L9+fKQV7x3nFBSTpeXXAco/X:dB/Mwzj71ofK691QpeXQP

Score

1^/10

Malware Config

Signatures

Files

2024-04-17_9d8a5b5d390e52ccea2dacd703ec3bd2_icedid
.exe windows:5 windows x86 arch:x86

8c31523984c29c425d5ab246bf37841d

Code Sign

2c:b1:b9:f1:8a:38:46:9b:1e:d4:c0:e0:36:15:68:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-08-2014 00:00

Not After

27-08-2017 23:59

Subject

CN=Arvato Digital Services LLC,O=Arvato Digital Services LLC,L=Valencia,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:21:ea:17:23:21:e7:54:e0:ba:8b:ce:6a:87:17:f1:ee:e4:e2:a7
Signer

Actual PE Digest

2e:21:ea:17:23:21:e7:54:e0:ba:8b:ce:6a:87:17:f1:ee:e4:e2:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\Mercury\BRANCH_MERCURY_1_5_1\Applications\bin\Release\DownloadAssistant.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

DuplicateToken
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
GetLengthSid
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
WritePrivateProfileStringW
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindFirstFileW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitThread
CreateThread
HeapAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
InterlockedDecrement
RaiseException
HeapReAlloc
GetDriveTypeA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetLocalTime
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
SetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
GetThreadLocale
InterlockedIncrement
ConvertDefaultLocale
lstrcmpA
TlsGetValue
InterlockedExchange
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GlobalUnlock
FreeResource
QueryDosDeviceW
DefineDosDeviceW
GetVolumeInformationW
GetDiskFreeSpaceW
DeviceIoControl
lstrlenA
SetFileAttributesW
FindFirstFileA
FindClose
GetCurrentThreadId
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTime
ExpandEnvironmentStringsA
GetExitCodeThread
SetLastError
CreateMutexA
CreateEventA
WaitForMultipleObjects
DuplicateHandle
SleepEx
FormatMessageA
GetLocaleInfoW
LocalAlloc
InterlockedCompareExchange
FlushConsoleInputBuffer
GetCurrentProcess
GetCurrentThread
GetSystemInfo
LoadLibraryExW
MoveFileW
WriteFile
SetFilePointer
CreateFileW
SetThreadPriority
SetEvent
ResetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetThreadLocale
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
EnumResourceLanguagesW
TerminateThread
WaitForSingleObject
ResumeThread
SuspendThread
GetSystemDirectoryW
CreateProcessW
GetTickCount
WideCharToMultiByte
lstrlenW
GetTempPathW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GlobalFree
GlobalLock
GlobalAlloc
MulDiv
ExpandEnvironmentStringsW
FindResourceExW
CloseHandle
ReleaseMutex
CreateMutexW
LocalFree
FormatMessageW
GetModuleHandleW
GetProcAddress
DeleteFileW
GetLastError
CreateDirectoryW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
CompareStringA
GlobalFlags
ReadConsoleInputA
SetConsoleMode
RtlUnwind

user32

GetNextDlgGroupItem
UnregisterClassW
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
DestroyMenu
GetSysColorBrush
WindowFromPoint
GetMessageW
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
CharNextW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
GetMenuState
PostThreadMessageW
RegisterClipboardFormatW
CharUpperW
SendDlgItemMessageA
MessageBeep
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
ReleaseCapture
SetCapture
PtInRect
LoadCursorW
SetCursor
SetWindowLongW
ReleaseDC
GetDC
DrawIcon
GetSystemMetrics
SetForegroundWindow
ShowWindow
IsIconic
BringWindowToTop
GetLastActivePopup
GetParent
GetWindowLongW
EnumChildWindows
GetClassNameW
GetClassInfoW
EnumWindows
MessageBoxW
FillRect
GetClientRect
LoadIconW
SendMessageW
EnableWindow
GetWindowRect
RegisterClassW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
ScaleViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetViewportExtEx
GetMapMode
GetRgnBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentPoint32W
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
GetStockObject
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush
CreateFontW
GetObjectW
GetTextExtentExPointW
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

shell32

SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathIsRelativeW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
SysStringLen
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
OleLoadPicture
SysAllocString
SysFreeString

ws2_32

shutdown
__WSAFDIsSet
listen
accept
recvfrom
sendto
WSASetLastError
connect
getsockopt
getsockname
ntohs
ioctlsocket
send
select
inet_ntoa
inet_addr
setsockopt
bind
htons
gethostbyname
gethostname
socket
WSAStartup
WSAGetLastError
recv
closesocket
WSACleanup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c31523984c29c425d5ab246bf37841d

Code Sign

2c:b1:b9:f1:8a:38:46:9b:1e:d4:c0:e0:36:15:68:adCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2e:21:ea:17:23:21:e7:54:e0:ba:8b:ce:6a:87:17:f1:ee:e4:e2:a7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 239KB - Virtual size: 238KB

.data Size: 65KB - Virtual size: 91KB

.rsrc Size: 271KB - Virtual size: 271KB

2c:b1:b9:f1:8a:38:46:9b:1e:d4:c0:e0:36:15:68:ad
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2e:21:ea:17:23:21:e7:54:e0:ba:8b:ce:6a:87:17:f1:ee:e4:e2:a7
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 65KB - Virtual size: 91KB

.rsrc
Size: 271KB - Virtual size: 271KB