2024-05-05_94fe2d54e4ed200ccb81e3e4372408a8_icedid_saber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_94fe2d54e4ed200ccb81e3e4372408a8_icedid_saber
Size

559KB
MD5

94fe2d54e4ed200ccb81e3e4372408a8
SHA1

90b04be894f63c835368d894df636c9f94c9e973
SHA256

5ad2db2c2b0e41546ae8655856f537e83e47b50b15806a416f782bfa7be1d953
SHA512

7a528ba1f70c3d0943f313ed2f308c572a7585d1d0db72c01b34bc710892c0c18b4efa7ca71d223dff73cad5924af1776c8b2a09c56fb34542fcce189804c156
SSDEEP

12288:xM/qdH22NNxnFw3voGodq1RKjVRft6X/jdXVPBJEHbCMemKeoYTF9ml4xVc:x4Qj5O/jdFPzEHuMBTs

Score

1^/10

Malware Config

Signatures

Files

2024-05-05_94fe2d54e4ed200ccb81e3e4372408a8_icedid_saber
.exe windows:4 windows x86 arch:x86

f1db9915748aebb32e5e5aac55b9f3dd

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2009, 00:00

Not After

27/04/2012, 23:59

Subject

CN=Beijing AmazGame Age Internet Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing AmazGame Age Internet Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:03:cf:c9:99:ed:1b:69:5e:78:d5:7b:79:32:13:20:eb:64:43:20
Signer

Actual PE Digest

fa:03:cf:c9:99:ed:1b:69:5e:78:d5:7b:79:32:13:20:eb:64:43:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreateSequential

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesA
SetPriorityClass
CreateThread
WaitForSingleObject
CloseHandle
TerminateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEnvironmentVariableA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
InterlockedDecrement
ReadFile
CreateFileA
GetModuleHandleA
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
GetCurrentThreadId
ResumeThread
SetThreadPriority
LocalFree
lstrcpynA
FormatMessageA
MulDiv
SetLastError
LocalAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
RaiseException
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GetCurrentThread
GlobalAddAtomA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
InterlockedIncrement
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
RtlUnwind
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
GlobalMemoryStatus
lstrcmpA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
MoveFileExA
DeleteFileA
FreeLibrary
Sleep
WinExec
LoadLibraryA
GetProcAddress
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalFree

user32

DefWindowProcA
RegisterClassA
GetClassInfoA
EqualRect
AdjustWindowRectEx
GetSysColor
GetMenu
UpdateWindow
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CreateWindowExA
WinHelpA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
wsprintfA
GetSysColorBrush
CharNextA
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
SendDlgItemMessageA
RegisterClipboardFormatA
GetWindow
SetWindowContextHelpId
ShowWindow
IsIconic
GetDlgItem
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
TranslateMessage
PeekMessageA
ValidateRect
MessageBoxA
PostQuitMessage
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CallWindowProcA
GetSystemMetrics
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetParent
SetCursorPos
WindowFromPoint
IsChild
GetForegroundWindow
GetLastActivePopup
SetParent
IsWindowVisible
RegisterWindowMessageA
IsWindowEnabled
GetActiveWindow
SetActiveWindow
SetCursor
LoadCursorA
LoadIconA
SetWindowRgn
PostMessageA
EndDialog
GetKeyState
GetCursorPos
GetWindowRect
IsWindow
GetClientRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScreenToClient
IntersectRect
CopyRect
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
SystemParametersInfoA
DrawEdge
LoadImageA
EnableWindow
SendMessageA
IsRectEmpty
SetCapture
GetMessageA
DispatchMessageA
GetCapture
ReleaseCapture
SetRectEmpty
RedrawWindow
PtInRect
SetTimer
GetDesktopWindow
KillTimer
CharUpperA
SetRect
OffsetRect
MoveWindow
GetDlgCtrlID
GetWindowPlacement
GetWindowTextA
SetWindowPos
SetFocus
SetWindowTextA
IsDialogMessageA
MapDialogRect

gdi32

GetMapMode
GetBkColor
DeleteObject
CreateFontIndirectA
Polygon
CreateRectRgnIndirect
GetObjectA
GetTextExtentPoint32A
SelectObject
SetBkColor
SetTextColor
SetBkMode
GetDeviceCaps
ExtTextOutA
DeleteDC
CombineRgn
SetWindowExtEx
CreateDIBSection
CreateCompatibleDC
GetStockObject
ScaleWindowExtEx
ExtSelectClipRgn
GetTextColor
CreateBitmap
CreatePen
CreateSolidBrush
Rectangle
SetPixel
PtVisible
RectVisible
TextOutA
Escape
GetClipBox
GetRgnBox
SaveDC
RestoreDC
SetMapMode
LineTo
MoveToEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
BitBlt
ExtCreateRegion
CreateCompatibleBitmap

shell32

ShellExecuteA

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
CoRevokeClassObject
CoDisconnectObject
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoTaskMemAlloc
OleFlushClipboard

oleaut32

VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadTypeLi

msimg32

TransparentBlt

comctl32

ord17

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

gdiplus

GdiplusStartup
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipSetSmoothingMode
GdipDrawImageRectRectI
GdipDeleteBrush
GdipCreateSolidFill
GdipFillRectangleI
GdiplusShutdown

winmm

PlaySoundA
timeGetTime

wininet

InternetOpenUrlA
InternetOpenA

ws2_32

closesocket
WSAStartup
WSACleanup
htons
setsockopt
recvfrom
sendto
bind
getsockname
inet_addr
select
gethostbyname
socket

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

Exports

Exports

WHCMN_STATIC_INFO_In
WHNET_STATIC_INFO_In

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1db9915748aebb32e5e5aac55b9f3dd

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49Certificate

Extended Key Usages

Key Usages

fa:03:cf:c9:99:ed:1b:69:5e:78:d5:7b:79:32:13:20:eb:64:43:20Signer

Headers

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

oledlg

gdiplus

winmm

wininet

ws2_32

oleacc

winspool.drv

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 398KB

.rdata Size: 104KB - Virtual size: 102KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 32KB - Virtual size: 30KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

13:1e:7e:b3:4a:7d:b6:3e:08:a2:35:71:8e:ef:68:49
Certificate

fa:03:cf:c9:99:ed:1b:69:5e:78:d5:7b:79:32:13:20:eb:64:43:20
Signer

.text
Size: 400KB - Virtual size: 398KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 32KB - Virtual size: 30KB