2024-05-05_0ffb77c618e54a4770b9059add83804e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_0ffb77c618e54a4770b9059add83804e_icedid
Size

152KB
MD5

0ffb77c618e54a4770b9059add83804e
SHA1

0a92aaf53b96e149b4c8760a67ff2cdaac146d22
SHA256

0b0a64e9c921373f989bc9f86961498978dd370c5cdd0636e06ce8bbc7ace7df
SHA512

3bec6451ffda70dc4db82c244dbf859072b94dfe6f7d30b4c6d9b41d9cfe04ed01c661ff5bb8fea43d648efd09caa4f5af909fc63ba0d4763c942a65ccb9caa6
SSDEEP

3072:ZHXTxTTt5xFIv83un1CL1ssuUNdBh6Rlw1p0f:BT1PxA1CJf3Nps

Score

1^/10

Malware Config

Signatures

Files

2024-05-05_0ffb77c618e54a4770b9059add83804e_icedid
.exe windows:4 windows x86 arch:x86

39166ee218420b052cc958837a7d6643

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:20:55:45:d1:51:29:c9:51:c7:db:91:bf:e6:57:dc
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/03/2014, 00:00

Not After

13/03/2019, 23:59

Subject

CN=Innovative Transaction Solutions,O=Innovative Transaction Solutions,POSTALCODE=10502,STREET=923 Saw Mill River RD\, #206,L=Ardsley,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetOEMCP
GetCPInfo
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
lstrcatA
WritePrivateProfileStringA
RaiseException
GetTickCount
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CloseHandle
GlobalAddAtomA
GetCurrentThread
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrcmpiA
GetVersion
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
FreeEnvironmentStringsW

user32

DefWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
SetFocus
ShowWindow
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetDesktopWindow
RegisterClassA
GetClassNameA
UpdateWindow
UnregisterClassA
GetWindowTextA
RegisterClipboardFormatA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
CallWindowProcA
PostQuitMessage
PostMessageA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetClassInfoA
GetWindowLongA
GetLastActivePopup
AdjustWindowRectEx
GetMenu
SetWindowTextA
GetClientRect
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
SetForegroundWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DestroyMenu
PostThreadMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
wsprintfA

gdi32

GetObjectA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetClipBox
SetMapMode
SetTextColor
GetStockObject
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VariantChangeType
VariantInit

atl71

ord18
ord64
ord17
ord20
ord32
ord49
ord23
ord61
ord58
ord31

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39166ee218420b052cc958837a7d6643

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

91:20:55:45:d1:51:29:c9:51:c7:db:91:bf:e6:57:dcCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

atl71

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 5KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

91:20:55:45:d1:51:29:c9:51:c7:db:91:bf:e6:57:dc
Certificate

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 5KB