2024-04-23_8352a3828299420872f3d68fabc897e4_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_8352a3828299420872f3d68fabc897e4_icedid
Size

1.9MB
MD5

8352a3828299420872f3d68fabc897e4
SHA1

7952bb1cd699beeddac61f240215aa4d4d2f8e3a
SHA256

b0b1b552910352aceb4e56a70b96f9ef50a3429361e04f23705fa934d0ba7b88
SHA512

eb5c5813699868eab41bed3603d00bbd22946953d737eae44ee73ce9728e22cdf952c7ef605f967c43fc87336ae92146c1edf6ac8abeb50b1099dab29808acf1
SSDEEP

24576:JqXCKgZVQWPJ4SsiRUwfP+xPVv+49Ln5ejVY6fnoE0yx36HERtMZqSElavTB5y4g:JqXCK6r4StewOXb5NixOEWElavT3yZp

Score

1^/10

Malware Config

Signatures

Files

2024-04-23_8352a3828299420872f3d68fabc897e4_icedid
.exe windows:4 windows x86 arch:x86

a8f5c5b52e567973e46939837ea2555e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/02/2009, 00:00

Not After

12/04/2012, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:46:c0:63:78:06:87:34:60:74:27:6c:1a:61:e7:ca:b7:7d:53:2d
Signer

Actual PE Digest

ce:46:c0:63:78:06:87:34:60:74:27:6c:1a:61:e7:ca:b7:7d:53:2d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsBadWritePtr
GetCurrentProcessId
QueryPerformanceCounter
LocalSize
GetExitCodeThread
TerminateThread
OpenProcess
LoadLibraryExW
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
Sleep
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetStartupInfoW
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFileTimeToFileTime
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFileAttributesW
GetTickCount
GetCurrentThread
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
SystemTimeToFileTime
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedIncrement
WaitForSingleObject
ResumeThread
SetThreadPriority
GetVersion
GlobalGetAtomNameW
InterlockedDecrement
LoadLibraryW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetStringTypeExW
MoveFileW
lstrcpyW
SetLastError
MulDiv
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcatW
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
lstrlenA
FindFirstFileW
FindNextFileW
FindClose
DeviceIoControl
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
GetLocaleInfoW
GetNumberFormatW
GetVersionExW
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WriteFile
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpiW
GetLocalTime
GetTempFileNameW
CreateDirectoryW
GetModuleFileNameW
GetDriveTypeW
GetFileSize
lstrlenW
CreateFileW
GetLastError
FormatMessageW
LocalFree
CloseHandle
ReadFile
DeleteFileW
SetFileAttributesW
LoadResource
LockResource
SizeofResource
FindResourceW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
GetDlgItemInt
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
UnpackDDElParam
RedrawWindow
SetCapture
SetCursorPos
DestroyCursor
GetSysColor
EnableWindow
PostMessageW
GetParent
ReleaseCapture
ClientToScreen
WindowFromPoint
GetWindowRect
UpdateWindow
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
LoadCursorW
EndPaint
RemoveMenu
InsertMenuW
AppendMenuW
GetMenuStringW
EndDialog
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
TranslateAcceleratorW
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InvalidateRect
DrawIconEx
SendMessageW
IsWindow
InflateRect
InsertMenuItemW
LoadAcceleratorsW
SetCursor
DestroyMenu
GetClientRect
RegisterWindowMessageW
GetDC
ReleaseDC
DispatchMessageW
TranslateMessage
PeekMessageW
wsprintfW
GetKeyState
LoadIconW
CopyRect
IsZoomed
IsIconic
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuW
GetFocus
GetDlgCtrlID
ScreenToClient
FillRect
TranslateMDISysAccel
DrawMenuBar
GetDoubleClickTime
SetClassLongW
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
GetCursor
GetMenuDefaultItem
CreateIconIndirect
CopyIcon
GetIconInfo
LoadStringW
DrawStateW
DrawEdge
SendMessageTimeoutW
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
EnableScrollBar
EnumWindows
IsWindowUnicode
GetWindowLongA
ValidateRect
GetMessageW
GetMenuItemInfoW
SystemParametersInfoW
FindWindowW
IsRectEmpty
DrawIcon
SetWindowRgn
SetTimer
KillTimer
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
SetRect
GetSysColorBrush
DeleteMenu
DestroyIcon
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetParent
CreateMenu
GetTabbedTextExtentA
IsClipboardFormatAvailable
GetDCEx
LockWindowUpdate
GetWindowThreadProcessId
GetSystemMenu
ReuseDDElParam
SetWindowLongA
LoadImageW
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
InvertRect
HideCaret
ShowCaret
IsMenu
GetWindowRgn
DrawFrameControl
DrawFocusRect
GetWindow
PtInRect
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
UnregisterClassW
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos

gdi32

SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
DeleteDC
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateDCW
CreateCompatibleBitmap
StretchDIBits
GetCharWidthW
CreateFontW
GetTextMetricsW
CreateEllipticRgn
LPtoDP
Ellipse
GetViewportOrgEx
Rectangle
StartPage
EndPage
SetAbortProc
ScaleViewportExtEx
EndDoc
GetBkColor
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DPtoLP
CreatePatternBrush
PatBlt
GetMapMode
CombineRgn
SetRectRgn
Polygon
StretchBlt
SetPixel
GetCurrentObject
CreateDIBSection
PtInRegion
EnumFontFamiliesExW
OffsetRgn
GetTextCharsetInfo
ExtCreateRegion
GetDIBits
SetDIBits
GetBitmapBits
SetBrushOrgEx
CreatePalette
CreateDIBitmap
CreateRectRgnIndirect
CreateRectRgn
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
CreateICW
AbortDoc
GetDeviceCaps

comdlg32

GetOpenFileNameW
PrintDlgW
CommDlgExtendedError
GetFileTitleW
GetSaveFileNameW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDecrypt
RegSetValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
RegDeleteValueW
RegCreateKeyW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
DragFinish
DragQueryFileW
ExtractIconW
SHGetFileInfoW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_GetBkColor
ord17
ImageList_GetIconSize
FlatSB_GetScrollProp

shlwapi

PathRemoveExtensionW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathCompactPathW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor

oleaut32

LoadTypeLi
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipAlloc
GdipFree
GdipLoadImageFromFileICM
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageBounds
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFile

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8f5c5b52e567973e46939837ea2555e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

ce:46:c0:63:78:06:87:34:60:74:27:6c:1a:61:e7:ca:b7:7d:53:2dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

imagehlp

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 320KB - Virtual size: 317KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 400KB - Virtual size: 397KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

ce:46:c0:63:78:06:87:34:60:74:27:6c:1a:61:e7:ca:b7:7d:53:2d
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 320KB - Virtual size: 317KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 400KB - Virtual size: 397KB