2024-04-24_bc77589d27d7f267a0db02b54dda9e0c_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-24_bc77589d27d7f267a0db02b54dda9e0c_icedid
Size

5.0MB
MD5

bc77589d27d7f267a0db02b54dda9e0c
SHA1

ce35ecefa57cb965f57e07ce11f478447a0b1fde
SHA256

0ed20fba6e6ce0065f31dfbb2f11acd4a0655138f0d2203d167a26c5a7eac2c1
SHA512

10b1d779279bfba4eb07630ffbd7368162f1d311402cf50c404d5208a9f634f8052aa6b5d2a2359f37672a67bb37ba7bc83dfd8917cdbb9c656c278337c8e451
SSDEEP

98304:xrJqw7jFe3h7+1V9mYiHGMmFwRDyKHgBQ:xrd7jkJm+Yi5Re3q

Score

1^/10

Malware Config

Signatures

Files

2024-04-24_bc77589d27d7f267a0db02b54dda9e0c_icedid
.exe windows:5 windows x86 arch:x86

6c826addd069a14fdf46b1616ae8be3d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-12-2022 00:00

Not After

09-12-2025 23:59

Subject

CN=盛趣信息技术（上海）有限公司,O=盛趣信息技术（上海）有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:60:fc:84:b3:e7:24:66:38:8d:35:e4:68:5b:9e:8e:5d:d3:bf:b1:8c:3f:6b:b3:f6:da:c9:15:4c:cd:09:b1
Signer

Actual PE Digest

ad:60:fc:84:b3:e7:24:66:38:8d:35:e4:68:5b:9e:8e:5d:d3:bf:b1:8c:3f:6b:b3:f6:da:c9:15:4c:cd:09:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Jenkins\workspace\10102\ffxiv\downloaderLegacy\workcopy\bin\FFXIV_20240221_downloader_djss_unsigned.pdb

Imports

ws2_32

sendto
getaddrinfo
freeaddrinfo
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
shutdown
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
listen
accept
inet_addr
WSAStartup
gethostname
WSACleanup
gethostbyname
inet_ntoa
ntohl
WSAJoinLeaf
WSASocketA
htonl
recvfrom

wldap32

ord50
ord60
ord143
ord22
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord211

kernel32

ConvertDefaultLocale
GetCurrentThread
DeleteFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetFullPathNameA
CreateFileA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetModuleHandleW
SetErrorMode
SetFileAttributesA
GetFileAttributesA
GetFileSizeEx
GetFileTime
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
OutputDebugStringA
GetDiskFreeSpaceA
GetCompressedFileSizeA
TryEnterCriticalSection
GetSystemDirectoryA
CreateDirectoryA
SetFileValidData
GetDiskFreeSpaceExA
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
GetTimeFormatA
GetDateFormatA
HeapSize
EnumResourceLanguagesA
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetFileInformationByHandle
SetConsoleCtrlHandler
VirtualFree
HeapCreate
GetACP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
CreateFileW
GetFileAttributesW
SetConsoleMode
ReadConsoleInputA
GetLocalTime
GetNativeSystemInfo
GetVolumeInformationW
FindResourceW
FormatMessageW
GetPrivateProfileStringW
InterlockedCompareExchange
GetLocaleInfoA
UnhandledExceptionFilter
InterlockedExchange
lstrcmpA
CreateEventA
Sleep
WinExec
SetEvent
FormatMessageA
LocalFree
MulDiv
InterlockedDecrement
GetModuleFileNameW
FileTimeToSystemTime
FindNextFileA
GetCurrentProcessId
SuspendThread
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
FreeLibrary
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalUnlock
CloseHandle
GetLastError
GetCurrentProcess
SetLastError
GlobalFree
FreeResource
lstrcpyA
CreateMutexA
GetVersion
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
OpenEventA
UnmapViewOfFile
ReleaseMutex
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RaiseException
lstrlenW
WaitForSingleObject
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
ResumeThread
MoveFileA
GetModuleFileNameA
GlobalAlloc
GlobalLock
FindFirstFileA
FileTimeToLocalFileTime
FindClose
GetTickCount
WritePrivateProfileStringA
GetSystemTime
SystemTimeToFileTime
GetDriveTypeA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpynA
GetVolumeInformationA

user32

MessageBeep
RegisterClipboardFormatA
GetUserObjectInformationW
GetProcessWindowStation
SetCursor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetWindowThreadProcessId
GetMessageA
TranslateMessage
ValidateRect
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetNextDlgGroupItem
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
GetScrollRange
SetWindowContextHelpId
IsWindowVisible
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetScrollInfo
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetParent
IsChild
GetFocus
UpdateWindow
FillRect
OffsetRect
SystemParametersInfoA
SetCapture
KillTimer
SetTimer
ReleaseCapture
LoadIconA
ReleaseDC
GetDC
GetClientRect
SetWindowRgn
IsIconic
AppendMenuA
CreatePopupMenu
GrayStringA
DrawTextExA
InvalidateRgn
SetRect
CopyAcceleratorTableA
CharNextA
UnregisterClassA
TabbedTextOutA
DrawIcon
PtInRect
LoadCursorA
GetSysColorBrush
CharUpperA
GetMessageTime
GetCursorPos
LoadImageA
IsRectEmpty
DrawTextA
GetSystemMetrics
PostQuitMessage
SetForegroundWindow
PostThreadMessageA
RegisterWindowMessageA
IsWindow
InvalidateRect
LoadBitmapA
CopyRect
GetClassLongA
SetClassLongA
SendMessageA
PostMessageA
DestroyWindow
MessageBoxA
EnableWindow
GetWindowRect
GetScrollPos
MapDialogRect
EnumDisplaySettingsExW
GetActiveWindow

gdi32

GetClipBox
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
SaveDC
RestoreDC
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
DeleteObject
CreateSolidBrush
SelectObject
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateRectRgnIndirect
GetTextColor
GetRgnBox
GetBitmapBits
SetViewportOrgEx
CreateFontIndirectA
CreatePen
Escape
ExtTextOutA
TextOutA
StretchBlt
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CombineRgn
CreateRectRgn
CreateFontA
SetBkMode
GetPixel
BitBlt
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyExW
LookupPrivilegeValueA
OpenProcessToken
RegisterEventSourceA
ReportEventA
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitiateSystemShutdownA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
Shell_NotifyIconA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA

oledlg

ord8

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

oleaut32

VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear

gdiplus

GdiplusStartup
GdiplusShutdown

winmm

timeSetEvent
timeKillEvent

rpcrt4

UuidCreate

iphlpapi

GetNetworkParams
GetAdaptersInfo
GetIfTable

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

Netbios

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c826addd069a14fdf46b1616ae8be3d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:dbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ad:60:fc:84:b3:e7:24:66:38:8d:35:e4:68:5b:9e:8e:5d:d3:bf:b1:8c:3f:6b:b3:f6:da:c9:15:4c:cd:09:b1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

winmm

rpcrt4

iphlpapi

version

netapi32

dbghelp

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 908KB - Virtual size: 907KB

.data Size: 75KB - Virtual size: 111KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ad:60:fc:84:b3:e7:24:66:38:8d:35:e4:68:5b:9e:8e:5d:d3:bf:b1:8c:3f:6b:b3:f6:da:c9:15:4c:cd:09:b1
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 908KB - Virtual size: 907KB

.data
Size: 75KB - Virtual size: 111KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB