2024-04-22_617973c060c191f955abf5800ab01228_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_617973c060c191f955abf5800ab01228_icedid
Size

11.3MB
MD5

617973c060c191f955abf5800ab01228
SHA1

0f0214093b720e69b9684097a1fc7ff5cb1be62d
SHA256

a743962899f136cea858cb7e7110be5bc2ea322f89471263be7fd5339eefa2ae
SHA512

dc777a3948c153666a1028bdc5049418f551d24499ac9fb6a53b66d222c9e8caa32d508f58d81d024c593cfa11ac56241ee49b693116a2f02db78065a19ac4f0
SSDEEP

196608:om7H5p3/NCWmpCk2enY0+TQPng9sDfLgggghgggygggDXgggCgggcggggggPgggj:oKHey0n9fLgggghgggygggDXgggCgggr

Score

1^/10

Malware Config

Signatures

Files

2024-04-22_617973c060c191f955abf5800ab01228_icedid
.exe windows:6 windows x86 arch:x86

c8fffdf50d55e923fc27cdc54ffa5154

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB

Not Before

05/01/2024, 00:00

Not After

04/01/2027, 23:59

Subject

SERIALNUMBER=064194,CN=Xenarmor Global Security Solutions Private Limited,O=Xenarmor Global Security Solutions Private Limited,ST=Karnataka,C=IN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:82:55:8c:1a:4d:d9:a8:b0:6d:c2:dc:8a:be:6c:0a:26:95:86:bf:b5:68:ed:df:71:10:a6:29:38:2a:f2:8e
Signer

Actual PE Digest

20:82:55:8c:1a:4d:d9:a8:b0:6d:c2:dc:8a:be:6c:0a:26:95:86:bf:b5:68:ed:df:71:10:a6:29:38:2a:f2:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\windows\XenArmorAsteriskPasswordRecoveryPro\Release\AsteriskPasswordRecoveryPro32.pdb

Imports

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
CompareStringW
TerminateProcess
GetStringTypeW
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTempFileNameA
SearchPathA
GetProfileIntA
VerifyVersionInfoA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
SetErrorMode
FindResourceExW
lstrcpyA
GetACP
lstrcmpiA
DuplicateHandle
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentDirectoryA
GetThreadLocale
IsProcessorFeaturePresent
FileTimeToSystemTime
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetModuleFileNameA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetSystemDirectoryW
EncodePointer
SetLastError
CopyFileA
MulDiv
GlobalFree
GlobalSize
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
GetCurrentThreadId
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExA
CreateEventA
ExitProcess
CreateThread
DeleteFileA
SetEvent
GetTickCount64
Sleep
GetCommandLineA
WaitForSingleObject
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
lstrcpynA
LoadLibraryA
MultiByteToWideChar
GlobalUnlock
MapViewOfFile
CreateProcessA
VerifyVersionInfoW
GetProcessHeap
VerSetConditionMask
DeleteCriticalSection
CreateFileMappingA
GlobalLock
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
GetWindowsDirectoryA
CloseHandle
HeapReAlloc
GlobalAlloc
GetVersionExA
CreateFileA
GetFileAttributesA
GetLastError
HeapSize
OpenProcess
GetSystemWindowsDirectoryA
GetModuleHandleA
UnmapViewOfFile
InitializeCriticalSectionEx
QueryDosDeviceA
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
HeapFree
GetLogicalDrives
WriteConsoleW

user32

CopyImage
GetSysColorBrush
IntersectRect
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
ShowOwnedPopups
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
FillRect
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
RealChildWindowFromPoint
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EnableScrollBar
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetMenuDefaultItem
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
HideCaret
InvertRect
NotifyWinEvent
UnregisterClassA
SetClipboardData
GetSysColor
EmptyClipboard
CloseClipboard
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
InflateRect
PostMessageA
GetIconInfo
GetCapture
DestroyIcon
SetRectEmpty
GetNextDlgGroupItem
DrawEdge
DrawStateA
RedrawWindow
SetWindowLongA
GetWindowThreadProcessId
GetSystemMenu
UnregisterHotKey
GetAsyncKeyState
DeleteMenu
SetTimer
KillTimer
WaitMessage
LoadCursorW
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
MessageBeep
TrackMouseEvent
LoadImageW
BringWindowToTop
LoadMenuW
GetWindow
GetWindowRect
LoadCursorA
GetDC
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
CreatePopupMenu
InsertMenuItemA
UnpackDDElParam
ScrollWindow
OpenClipboard
EnableWindow
SendMessageA
LoadImageA
GetCursorPos
ReleaseDC
InvalidateRect
ReleaseCapture
UpdateWindow
PtInRect
GetParent
PostQuitMessage
GetClientRect
AppendMenuA
LoadIconA
SetCursor
GetWindowDC
SetCapture
LoadIconW
IsRectEmpty
LoadBitmapW
EnumWindows
RegisterHotKey
GetWindowLongA
ClientToScreen
RegisterWindowMessageA
OffsetRect
IsWindow
GetActiveWindow
GetSubMenu
WindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongA
SetWindowRgn
GetClassNameA
SetMenuItemBitmaps
EnumChildWindows
IsWindowVisible
ReuseDDElParam
RegisterClipboardFormatA
DrawFocusRect
SetWindowPlacement
DrawIconEx
SetParent
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
PostThreadMessageA
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
IsIconic
UpdateLayeredWindow

gdi32

GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsA
GetClipBox
GetTextColor
GetRgnBox
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetViewportExtEx
SetPixel
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
CreateRectRgnIndirect
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
BitBlt
SelectObject
SetDIBitsToDevice
SetStretchBltMode
CreateFontIndirectA
CreateCompatibleBitmap
CreateFontA
CreateCompatibleDC
PatBlt
GetPixel
GetObjectType
StretchBlt
GetStockObject
GetObjectA
GetBkColor
DeleteDC
DeleteObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueA

shell32

ord165
SHGetFolderPathA
SHGetFileInfoA
DragQueryFileA
DragFinish
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteA

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Draw
_TrackMouseEvent

shlwapi

PathRemoveExtensionA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA

uxtheme

GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
CLSIDFromProgID
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantClear
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
LoadTypeLi
SysAllocStringByteLen
VariantChangeType
SysFreeString
SysAllocStringLen
VariantInit

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage

psapi

GetProcessImageFileNameA
GetModuleBaseNameA
GetModuleFileNameExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

dbghelp

ImageNtHeader

asteriskpass32

?GetPasswordText@@YGHXZ
?UnsetPasswordHook@@YGHPAUHWND__@@0@Z
?ReadPasswordText@@YGHPADKPAK@Z
?SetPasswordHook@@YGHPAUHWND__@@0I@Z

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8fffdf50d55e923fc27cdc54ffa5154

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

20:82:55:8c:1a:4d:d9:a8:b0:6d:c2:dc:8a:be:6c:0a:26:95:86:bf:b5:68:ed:df:71:10:a6:29:38:2a:f2:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

psapi

version

dbghelp

asteriskpass32

oleacc

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 374KB - Virtual size: 373KB

.data Size: 30KB - Virtual size: 61KB

.rsrc Size: 8.9MB - Virtual size: 8.9MB

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

20:82:55:8c:1a:4d:d9:a8:b0:6d:c2:dc:8a:be:6c:0a:26:95:86:bf:b5:68:ed:df:71:10:a6:29:38:2a:f2:8e
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 374KB - Virtual size: 373KB

.data
Size: 30KB - Virtual size: 61KB

.rsrc
Size: 8.9MB - Virtual size: 8.9MB