2024-04-21_53c59e90dffaa94b6738351d1873169a_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-21_53c59e90dffaa94b6738351d1873169a_icedid
Size

3.0MB
MD5

53c59e90dffaa94b6738351d1873169a
SHA1

a0017bdc01715d918ac422098f490c3b94d148cd
SHA256

abbfe85336b2bc9d8a6418b54f86e14af46ddc8ed36689afb4723e21d4c77bf2
SHA512

0e3a8772dfc85f48d906abb3d1582d8bb1057c067b89dfe88707c81b0aa7c69be5a4db851c84597afd9faa6571fd6df728131402be6011b987dda85e4902c1e8
SSDEEP

12288:r42CPyrTkwdNzW3HMeZqRWh2OxdjrNtLW1NXanyxLciv4k7aMdWqEv0nrS:3a3HMeZqRmdjr7W1NXbxL11xEv0nO

Score

1^/10

Malware Config

Signatures

Files

2024-04-21_53c59e90dffaa94b6738351d1873169a_icedid
.exe windows:4 windows x86 arch:x86

fbcdd65cd0d9e2f8a498ecbc6f4aa375

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:ea:64:7b:f0:cb:91:3b:99:79:f3:01:c7:93:99:56
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

13-06-2014 00:00

Not After

12-06-2016 23:59

Subject

CN=CONG TY TNHH MOT THANH VIEN TU VAN DU HOC GANG NAM,O=CONG TY TNHH MOT THANH VIEN TU VAN DU HOC GANG NAM,L=Ho Chi Minh,ST=Ho Chi Minh,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:d6:8b:e0:6e:57:81:14:70:bd:e9:d0:42:e1:8a:3f:05:b2:34:34
Signer

Actual PE Digest

2a:d6:8b:e0:6e:57:81:14:70:bd:e9:d0:42:e1:8a:3f:05:b2:34:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\project_2008\Bollaetv\Filebus\Bin\BollaeDown.pdb

Imports

urlmon

URLDownloadToFileA

user32

SendMessageA
CharUpperA
FindWindowA
GetClassInfoA
SetRect
ReleaseDC
GetDC
FillRect
GetSysColor
CopyRect
InvalidateRect
EnableWindow
LoadIconA
DrawIconEx
GetWindowLongA
PtInRect
InflateRect
LoadBitmapA
DrawFocusRect
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
SetMenu
TranslateAcceleratorA
UnregisterClassA
GetClassNameA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
GetClientRect
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
GetFocus
SetTimer
MessageBoxA
PostMessageA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RedrawWindow
KillTimer
ShowWindow
SetForegroundWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
CloseWindow
GetSystemMetrics
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen
GetCapture
SetCapture
WindowFromPoint
SetCursor
UpdateWindow
CallWindowProcA
SetWindowLongA
IsWindow
GetWindowRect
GetParent
GetActiveWindow
SetWindowRgn
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
EnumChildWindows
MapWindowPoints
SetWindowPos
ReplyMessage
ExitWindowsEx
PostThreadMessageA
GetMenuItemInfoA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
IsWindowVisible
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
EndDialog
GetNextDlgTabItem
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetDesktopWindow
MapDialogRect
SetWindowContextHelpId
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
DefWindowProcA
GetDlgCtrlID
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA
CreateWindowExA
GetMenu
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
ScrollWindow
GetMessagePos

wininet

DeleteUrlCacheEntry

kernel32

GetSystemInfo
TerminateThread
GetExitCodeThread
GetVolumeInformationA
GetCurrentThreadId
GetModuleFileNameA
InterlockedDecrement
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
GlobalReAlloc
GetVersionExA
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetDiskFreeSpaceExA
GetNumberFormatA
GetTickCount
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetCurrentProcess
GetSystemDirectoryA
GetProcessHeap
LocalFree
FormatMessageA
LoadLibraryExA
EnterCriticalSection
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetFullPathNameA
CreateFileA
GetModuleFileNameW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesA
GetFileTime
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
ExitProcess
HeapSize
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
CreateDirectoryA
GetModuleHandleA
SetLastError
lstrcpynA
SetEvent
ResetEvent
FindResourceA
LoadResource
SizeofResource
FreeResource
LockResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CloseHandle
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmpA
DeleteFileA
WaitForSingleObject
lstrcpyA
CreateMutexA
GetCommandLineA
GetLastError
Sleep
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
GetLocaleInfoA

gdi32

RectVisible
GetRgnBox
GetTextColor
GetBkColor
Ellipse
LPtoDP
CreateEllipticRgn
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateDCA
GetPixel
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
CreateFontIndirectA
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
OpenProcessToken
RegConnectRegistryA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

ord17

shlwapi

StrFormatByteSize64A
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathGetArgsA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
OleInitialize
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
VariantChangeType
SysAllocString
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysFreeString

ws2_32

WSASocketA
WSAGetLastError
select
__WSAFDIsSet
recv
WSAConnect
closesocket
inet_addr
htons
connect
WSACleanup
WSAStartup
setsockopt
WSAWaitForMultipleEvents
WSASend
WSARecv
socket

nat

ord21
ord18
ord22
ord17
ord16
ord15
ord14
ord23

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbcdd65cd0d9e2f8a498ecbc6f4aa375

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:ea:64:7b:f0:cb:91:3b:99:79:f3:01:c7:93:99:56Certificate

Extended Key Usages

Key Usages

2a:d6:8b:e0:6e:57:81:14:70:bd:e9:d0:42:e1:8a:3f:05:b2:34:34Signer

Headers

File Characteristics

PDB Paths

Imports

urlmon

user32

wininet

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

nat

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:ea:64:7b:f0:cb:91:3b:99:79:f3:01:c7:93:99:56
Certificate

2a:d6:8b:e0:6e:57:81:14:70:bd:e9:d0:42:e1:8a:3f:05:b2:34:34
Signer

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB