2024-04-18_f8bc769ada5d59338db0734decb746e3_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_f8bc769ada5d59338db0734decb746e3_icedid
Size

335KB
MD5

f8bc769ada5d59338db0734decb746e3
SHA1

59add295ec6344e88224e114807b62debe967f06
SHA256

272c43430a0ac5351cf214e8dbba210f83ed3242469dd6afe5468d6d2662d80f
SHA512

4e1b972f80f6510353d87869a716a0d391a3e2ab718e2925d2a1f45a6f0af99c6798f7d8d86aa27c3bbdbec3f27f99ccb1d77e8d93a4cdc930c309e9fbfe0a7c
SSDEEP

6144:RAd28s66tKAz0ZRnBwGAgaw6e9ZwwgzBo:RAd/s66tvwRnBwGJ9ZwzC

Score

1^/10

Malware Config

Signatures

Files

2024-04-18_f8bc769ada5d59338db0734decb746e3_icedid
.exe windows:4 windows x86 arch:x86

1bee39838b4fd20eb6502b63edacb7d7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/07/2012, 00:00

Not After

05/07/2013, 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\EPSON_VSS\Quick Wireless\1.32\QWRecovery\Release\QWRecovery.pdb

Imports

kernel32

GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapSize
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
TerminateProcess
HeapReAlloc
ExitProcess
RtlUnwind
GetStartupInfoW
GetTickCount
GetCurrentDirectoryW
GetFileTime
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFullPathNameW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
WideCharToMultiByte
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
GetModuleHandleA
InterlockedDecrement
SetLastError
MulDiv
lstrlenW
GlobalAlloc
FormatMessageW
lstrcpynW
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
LoadResource
LockResource
SizeofResource
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVolumeInformationW
CreateThread
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
lstrcatW
lstrcpyW
CreateDirectoryW
GetModuleFileNameW
GetVersionExW
GetUserDefaultUILanguage
CreateMutexW
WaitForSingleObject
LoadLibraryW
GetProcAddress
GetLastError
FreeLibrary
GetFileAttributesW
GetLogicalDrives
GetDriveTypeW
GetProcessHeap
HeapAlloc
HeapFree
CreateFileW
DeviceIoControl
CloseHandle
IsBadWritePtr
MultiByteToWideChar

user32

ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
DestroyMenu
LoadCursorW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
CharUpperW
wsprintfW
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
GetNextDlgGroupItem
IsChild
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuState
SetFocus
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
LoadStringW
KillTimer
SetTimer
PostMessageW
GetSystemMetrics
LoadIconW
IsIconic
MessageBoxW
GetClassInfoW
RegisterClassW
FindWindowW
SetForegroundWindow
SetActiveWindow
GetWindowLongW
SetWindowLongW
EnableWindow
GetClientRect
SendMessageW
LoadBitmapW
RemovePropW

gdi32

GetTextColor
GetRgnBox
GetBkColor
Escape
ExtTextOutW
TextOutW
RectVisible
GetMapMode
SelectObject
CreateRectRgnIndirect
GetStockObject
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateFontW
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteKeyW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
EqualSid
GetAce
AddAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
FreeSid
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
AllocateAndInitializeSid

shell32

ShellExecuteExW
ord680

comctl32

ImageList_AddMasked
ImageList_DrawEx
ord17
ImageList_Destroy
ImageList_Create

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

setupapi

CM_Get_Child
SetupIterateCabinetW
CM_Get_Parent
CM_Get_Sibling
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bee39838b4fd20eb6502b63edacb7d7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

setupapi

Sections

.text Size: 188KB - Virtual size: 184KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 56KB - Virtual size: 53KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

01:50:b1:d8:03:f9:f7:02:94:a5:01:58:1d:b6:32:64
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 188KB - Virtual size: 184KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 56KB - Virtual size: 53KB