2024-04-23_b1a3c055f2ffc60c6d0bbd72b8f547cc_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-23_b1a3c055f2ffc60c6d0bbd72b8f547cc_icedid
Size

3.0MB
MD5

b1a3c055f2ffc60c6d0bbd72b8f547cc
SHA1

d1006bb570c324761e8aab8d6de0ebd57eb08c2d
SHA256

88b22a77e1d1f41a6e7af52e62f57d93c0d91009e8924ec1feff9e8f976fe755
SHA512

cbd065776632b7fad2428a52563cf4a2dd465718610ae4ac3f0a88d6968f36165d257e70f5c38a912be6087f20f216d6c4ad8591c22d0eb2a83fabfd0232ebea
SSDEEP

12288:fG9i5HrO7QjjZnnl8tBZO2a59zjf4s7/v2Tb6jTT1CKS/J/xdWqEv0nAU:fJO7QjjZndzjbv2TbiTT3gEv0n9

Score

1^/10

Malware Config

Signatures

Files

2024-04-23_b1a3c055f2ffc60c6d0bbd72b8f547cc_icedid
.exe windows:4 windows x86 arch:x86

40ed77bcded20c6d411d4705faeaaef4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

53:d4:39:a5:b8:7a:f5:60:94:8f:ee:e5:36:24:bc:94
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10/08/2015, 00:00

Not After

09/08/2017, 23:59

Subject

CN=oraplus,O=oraplus,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:6f:98:4c:32:40:e9:13:1a:51:97:7b:f2:52:a6:4b:49:45:1a:7d
Signer

Actual PE Digest

6c:6f:98:4c:32:40:e9:13:1a:51:97:7b:f2:52:a6:4b:49:45:1a:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\project_2008\snsstory\Oradisk_candle_kgrid_new\Filebus\Bin\OradiskDown.pdb

Imports

urlmon

URLDownloadToFileA

user32

SendMessageA
CharUpperA
FindWindowA
GetClassInfoA
SetRect
ReleaseDC
GetDC
FillRect
GetSysColor
CopyRect
InvalidateRect
EnableWindow
LoadIconA
DrawIconEx
GetWindowLongA
PtInRect
InflateRect
LoadBitmapA
DrawFocusRect
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
SetMenu
TranslateAcceleratorA
UnregisterClassA
GetMenuItemInfoA
GetClassNameA
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
GetClientRect
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
GetFocus
SetTimer
MessageBoxA
PostMessageA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RedrawWindow
KillTimer
ShowWindow
SetForegroundWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
CloseWindow
GetSystemMetrics
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen
GetCapture
SetCapture
WindowFromPoint
SetCursor
UpdateWindow
CallWindowProcA
SetWindowLongA
IsWindow
GetWindowRect
GetParent
GetActiveWindow
SetWindowRgn
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
ScrollWindow
EnumChildWindows
MapWindowPoints
ReplyMessage
ExitWindowsEx
SetWindowPos
PostThreadMessageA
MessageBeep
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
IsWindowVisible
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
EndDialog
GetNextDlgTabItem
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetDesktopWindow
MapDialogRect
SetWindowContextHelpId
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
DefWindowProcA
GetDlgCtrlID
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA
CreateWindowExA
GetMenu
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange

wininet

DeleteUrlCacheEntry

kernel32

GetSystemInfo
TerminateThread
GetExitCodeThread
GetVolumeInformationA
GetCurrentThreadId
GetModuleFileNameA
InterlockedDecrement
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
GlobalReAlloc
GetVersionExA
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetDiskFreeSpaceExA
GetNumberFormatA
GetTickCount
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetCurrentProcess
GetSystemDirectoryA
GetProcessHeap
LocalFree
FormatMessageA
LoadLibraryExA
EnterCriticalSection
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetFullPathNameA
CreateFileA
GetModuleFileNameW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesA
GetFileTime
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
ExitProcess
HeapSize
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
CreateDirectoryA
GetModuleHandleA
SetLastError
lstrcpynA
SetEvent
ResetEvent
FindResourceA
LoadResource
SizeofResource
FreeResource
LockResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CloseHandle
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmpA
DeleteFileA
WaitForSingleObject
lstrcpyA
CreateMutexA
GetCommandLineA
GetLastError
Sleep
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
GetLocaleInfoA

gdi32

TextOutA
GetRgnBox
GetTextColor
GetBkColor
Ellipse
LPtoDP
CreateEllipticRgn
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateDCA
GetPixel
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
CreateFontIndirectA
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
OpenProcessToken
RegConnectRegistryA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

ord17

shlwapi

StrFormatByteSize64A
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathGetArgsA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleInitialize
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
VariantChangeType
SysAllocString
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysFreeString

ws2_32

WSASocketA
WSAGetLastError
select
__WSAFDIsSet
recv
WSAConnect
closesocket
inet_addr
htons
connect
WSACleanup
WSAStartup
setsockopt
WSAWaitForMultipleEvents
WSASend
WSARecv
socket

nat

ord21
ord18
ord22
ord17
ord16
ord15
ord14
ord23

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40ed77bcded20c6d411d4705faeaaef4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

53:d4:39:a5:b8:7a:f5:60:94:8f:ee:e5:36:24:bc:94Certificate

Extended Key Usages

Key Usages

6c:6f:98:4c:32:40:e9:13:1a:51:97:7b:f2:52:a6:4b:49:45:1a:7dSigner

Headers

File Characteristics

PDB Paths

Imports

urlmon

user32

wininet

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

nat

Sections

.text Size: 452KB - Virtual size: 451KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

53:d4:39:a5:b8:7a:f5:60:94:8f:ee:e5:36:24:bc:94
Certificate

6c:6f:98:4c:32:40:e9:13:1a:51:97:7b:f2:52:a6:4b:49:45:1a:7d
Signer

.text
Size: 452KB - Virtual size: 451KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB