2024-05-07_ee42e4c1de690689fede95373238a778_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_ee42e4c1de690689fede95373238a778_icedid
Size

257KB
MD5

ee42e4c1de690689fede95373238a778
SHA1

ec86649d69af0941d9d28edc1a8183d31e70b6cb
SHA256

f60e00f56499e39e4be22acf1a414b0d0bef6515d1e2a95046f76ab9d03d8dc7
SHA512

9a643ef0da6907ae7599d7a08a5cabe6454abbdf9299e1bd9238585a51e09e97896cd4b87b7abc0c68481b654abfbb9dcc14b50a02c593da2c2b5e1003fd06b9
SSDEEP

6144:Ld2ixsDAM3VUVuQxBNua1sT4Q74QcnCxY:dxcVQxzB1sRcC

Score

1^/10

Malware Config

Signatures

Files

2024-05-07_ee42e4c1de690689fede95373238a778_icedid
.exe windows:4 windows x86 arch:x86

de8e6bbce227f91041f9b4dcecb9b9f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ef:62:d4:2f:ae:30:21:86:26:e6:fa:11:d9:6c:ce:25:11:b6:d7:0c
Signer

Actual PE Digest

ef:62:d4:2f:ae:30:21:86:26:e6:fa:11:d9:6c:ce:25:11:b6:d7:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

DsGetDcNameW
NetApiBufferFree
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

mpr

WNetOpenEnumW
WNetEnumResourceW

kernel32

SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetCPInfo
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
LCMapStringW
LCMapStringA
HeapSize
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GetModuleHandleA
GlobalFlags
GlobalAddAtomW
WritePrivateProfileStringW
SetErrorMode
lstrcatW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
GetCurrentThreadId
lstrcmpW
GlobalDeleteAtom
GetModuleFileNameW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
LoadLibraryW
GetLocaleInfoW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
SetLastError
GlobalFree
lstrcpyW
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynW
GetCommandLineW
GetModuleHandleW
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExW
FormatMessageW
FreeLibrary
GetCurrentProcess
CloseHandle
GetLastError
LocalAlloc
LocalFree
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadWritePtr

user32

RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongW
GetDlgItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextW
GetClassNameW
wsprintfW
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
DestroyMenu
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetWindowTextW
SendMessageW
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
PostMessageW
PostQuitMessage
UnregisterClassW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

PtVisible
RectVisible
TextOutW
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
CreateBitmap
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
ExtTextOutW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

AddAce
InitializeAcl
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
GetSecurityDescriptorControl
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
GetKernelObjectSecurity
GetNamedSecurityInfoW
MakeAbsoluteSD
IsValidSecurityDescriptor
IsValidSid
ConvertStringSidToSidW
LookupAccountNameW
MapGenericMask
LookupAccountSidW
ConvertSidToStringSidW
RegEnumKeyExW
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
CopySid
IsValidAcl
GetAce
DeleteAce
GetAclInformation
GetLengthSid
AddAccessAllowedAce

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de8e6bbce227f91041f9b4dcecb9b9f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

ef:62:d4:2f:ae:30:21:86:26:e6:fa:11:d9:6c:ce:25:11:b6:d7:0cSigner

Headers

File Characteristics

Imports

netapi32

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 13KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

ef:62:d4:2f:ae:30:21:86:26:e6:fa:11:d9:6c:ce:25:11:b6:d7:0c
Signer

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 13KB - Virtual size: 20KB