2024-04-18_df59dcfacb663e2c374684292153f373_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_df59dcfacb663e2c374684292153f373_icedid
Size

359KB
MD5

df59dcfacb663e2c374684292153f373
SHA1

41e0e36906612930de391fc69739e847152b5240
SHA256

afcd8a0bb9d93144cb1bfa60faead3dd3a4a2bcdb577be3f3cdf64fd959e2a50
SHA512

54599b1f42e1738b503c47a143f5aadffdc7bba69c26f1b4f6729e844f66c3cf217930f519af8b96a28403bd4c0353eeead30e050c894de217ee41c8a3db958f
SSDEEP

6144:hvISLNAf/88+HLptwfNCoJTHFlyyPI4rlyPuB3YhvmptTHjCCa:hg2NA3krptsC2Y4DBa

Score

1^/10

Malware Config

Signatures

Files

2024-04-18_df59dcfacb663e2c374684292153f373_icedid
.exe windows:4 windows x86 arch:x86

305d4ded4b4a5d413416fdf56940fba3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/07/2012, 00:00

Not After

05/07/2013, 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\EPSON_VSS\USB Display\1.62\USB Display\UD\UD_Installer\Release\UD_Installer.pdb

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc
LCMapStringA
LCMapStringW
GetTimeZoneInformation
IsBadWritePtr
GetTimeFormatA
GetDateFormatA
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
HeapFree
ExitProcess
RtlUnwind
GetStartupInfoW
WritePrivateProfileStringW
GetFileTime
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
FreeResource
SetLastError
GlobalFree
MulDiv
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
lstrcpyW
lstrcatW
RemoveDirectoryW
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
CopyFileW
CreateProcessW
WideCharToMultiByte
SetFileAttributesW
DeleteFileW
GetTickCount
WaitForSingleObject
GetExitCodeProcess
Sleep
CreateThread
GetUserDefaultUILanguage
SetCurrentDirectoryW
OpenMutexW
CreateMutexW
GetSystemTime
LoadLibraryW
GetProcAddress
OpenProcess
FreeLibrary
GetCurrentDirectoryW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateFileW
CloseHandle
GetCurrentProcess
GetLastError
GetFileAttributesW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
MultiByteToWideChar
GetLocalTime
GetSystemTimeAsFileTime

user32

MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
DestroyMenu
LoadCursorW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CharUpperW
wsprintfW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
SendDlgItemMessageW
SendDlgItemMessageA
RegisterClipboardFormatW
SetFocus
IsChild
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
PostThreadMessageW
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowRect
ChangeDisplaySettingsExW
MapVirtualKeyW
FindWindowW
FindWindowExW
BlockInput
GetFocus
GetForegroundWindow
SystemParametersInfoW
ShowWindow
SetForegroundWindow
SetActiveWindow
SendInput
KillTimer
SetTimer
PostMessageW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
MessageBoxW
GetShellWindow
GetWindowThreadProcessId
UnregisterClassW
ExitWindowsEx
GetWindowLongW
SetWindowLongW
EnableWindow
SendMessageW
GetMessageTime
RemovePropW
SetMenuItemBitmaps

gdi32

PtVisible
GetRgnBox
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetTextColor
GetBkColor
RectVisible
GetMapMode
CreateRectRgnIndirect
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
GetDeviceCaps
CreateSolidBrush
CreateFontW
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

ControlService
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
QueryServiceConfigW
RegQueryInfoKeyW
StartServiceW
RegOpenKeyExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegSetKeySecurity
DuplicateTokenEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
AllocateAndInitializeSid

shell32

ord680
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

comctl32

ord17

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

SysStringLen
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

setupapi

SetupIterateCabinetW

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

305d4ded4b4a5d413416fdf56940fba3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

setupapi

Sections

.text Size: 216KB - Virtual size: 212KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 36KB - Virtual size: 48KB

.rsrc Size: 28KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 216KB - Virtual size: 212KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 36KB - Virtual size: 48KB

.rsrc
Size: 28KB - Virtual size: 26KB