2024-04-19_e82423cf65b43baff8cd75becee231fd_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_e82423cf65b43baff8cd75becee231fd_icedid
Size

1.4MB
MD5

e82423cf65b43baff8cd75becee231fd
SHA1

718238001b558bf549f7b140596ba4712e4b68a7
SHA256

d989a91c1cd8034ce9d7d5ba2ec683d12e1e79e448f8b1100aff00df498536fe
SHA512

ccb8fe56ec7f0563649c93d13aa9819e3626fa3be7b6a236ba9e390e3da4775e2015e36bd66455c33633cc5e7672ae369ebfe8666c44bb1f59e12dee68ebe00c
SSDEEP

24576:dT/lTz8QamBZNDs3bvlY0ra3nLUxH/vabQ+p46f0qqqq6euRB0HSE4KDhYYsqL4G:dTNTgQaXvlha3nWH/vap46f0qqqq6euC

Score

1^/10

Malware Config

Signatures

Files

2024-04-19_e82423cf65b43baff8cd75becee231fd_icedid
.exe windows:5 windows x86 arch:x86

d8c7d313cf7e19cd95bc470277b7a956

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:cd:cc:00:8f:9a:1a:00:b8:1b:39:80:21:11:03:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/05/2010, 00:00

Not After

09/05/2011, 23:59

Subject

CN=Arvato Digital Services Canada Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Arvato Digital Services Canada Inc,L=Vancouver,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:cf:62:fe:1f:7d:2f:0b:94:3f:b3:d0:92:f0:4e:96:b8:25:c1:e6
Signer

Actual PE Digest

ff:cf:62:fe:1f:7d:2f:0b:94:3f:b3:d0:92:f0:4e:96:b8:25:c1:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\Mercury\BRANCH_MERCURY_1_4_0\Applications\bin\Release\DownloadAssistant.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

DuplicateToken
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
GetLengthSid
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

iphlpapi

GetAdaptersInfo

kernel32

FileTimeToSystemTime
WritePrivateProfileStringW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
RaiseException
LocalReAlloc
GetDriveTypeA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetCurrentDirectoryA
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
InterlockedDecrement
ConvertDefaultLocale
lstrcmpA
CompareStringA
InterlockedExchange
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
MulDiv
GlobalUnlock
FreeResource
lstrlenA
SetFileAttributesW
CreateFileW
FindFirstFileA
FindClose
GetCurrentThreadId
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTime
ExpandEnvironmentStringsA
Sleep
GetExitCodeThread
SetLastError
CreateMutexA
CreateEventA
WaitForMultipleObjects
DuplicateHandle
SleepEx
FormatMessageA
GetLocaleInfoW
LocalAlloc
GetCurrentProcess
GetCurrentThread
GetSystemInfo
LoadLibraryExW
InterlockedCompareExchange
FlushConsoleInputBuffer
TerminateThread
WaitForSingleObject
SetThreadPriority
SetEvent
ResetEvent
WideCharToMultiByte
lstrlenW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
SetThreadLocale
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
EnumResourceLanguagesW
LocalFree
FormatMessageW
ResumeThread
SuspendThread
GetModuleHandleW
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
CreateProcessW
GetCurrentDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GlobalFree
GlobalLock
GlobalAlloc
FindResourceExW
CloseHandle
ReleaseMutex
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
InterlockedIncrement
TlsFree
ReadConsoleInputA
SetConsoleMode
HeapReAlloc

user32

UnregisterClassW
DestroyMenu
GetSysColorBrush
WindowFromPoint
GetWindowThreadProcessId
GetMessageW
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetClassLongW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
ReleaseCapture
SetCapture
PtInRect
LoadCursorW
SetCursor
SetWindowLongW
ReleaseDC
GetDC
DrawIcon
GetClientRect
GetSystemMetrics
LoadIconW
SetForegroundWindow
ShowWindow
IsIconic
BringWindowToTop
GetLastActivePopup
GetParent
SendMessageW
GetWindowLongW
EnumChildWindows
GetClassNameW
GetClassInfoW
EnumWindows
MessageBoxW
EnableWindow
GetWindowRect
ScreenToClient

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetMapMode
OffsetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateBitmap
GetTextExtentPoint32W
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
GetStockObject
CreateFontIndirectW
GetObjectW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit

ws2_32

shutdown
__WSAFDIsSet
listen
accept
recvfrom
sendto
inet_ntoa
WSASetLastError
connect
getsockopt
getsockname
ntohs
ioctlsocket
WSAIoctl
WSACleanup
closesocket
recv
WSAGetLastError
WSAStartup
socket
gethostname
gethostbyname
htons
bind
setsockopt
inet_addr
select
send

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8c7d313cf7e19cd95bc470277b7a956

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

06:cd:cc:00:8f:9a:1a:00:b8:1b:39:80:21:11:03:5cCertificate

Extended Key Usages

Key Usages

ff:cf:62:fe:1f:7d:2f:0b:94:3f:b3:d0:92:f0:4e:96:b8:25:c1:e6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

iphlpapi

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 864KB - Virtual size: 863KB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 61KB - Virtual size: 85KB

.rsrc Size: 255KB - Virtual size: 254KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

06:cd:cc:00:8f:9a:1a:00:b8:1b:39:80:21:11:03:5c
Certificate

ff:cf:62:fe:1f:7d:2f:0b:94:3f:b3:d0:92:f0:4e:96:b8:25:c1:e6
Signer

.text
Size: 864KB - Virtual size: 863KB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 61KB - Virtual size: 85KB

.rsrc
Size: 255KB - Virtual size: 254KB