2024-05-07_b576735be58a6720a63df839c297bb4a_bkransomware_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-07_b576735be58a6720a63df839c297bb4a_bkransomware_icedid
Size

5.1MB
MD5

b576735be58a6720a63df839c297bb4a
SHA1

f66cae20536d643dae82145b9ad32560e4dffc61
SHA256

7cc611930bc2dd796122c6b079b0d36e310e283491a3909f634d1070c6c4efef
SHA512

7978b8c7bffde2200f989a53c8368900dffec88f89afc42b84f6194034e336d7580669fc67c67466602b364ff452b082d45fc4adc536c656eab480b6e517efb2
SSDEEP

98304:mULiWick8tz5zjWTp56YYK8OFxus1+4qo246pOUpEsVpIw8rHlbUPHp:mULiWick2z5X8eHOn1MpOUpEsV6/LgJ

Score

1^/10

Malware Config

Signatures

Files

2024-05-07_b576735be58a6720a63df839c297bb4a_bkransomware_icedid
.exe windows:6 windows x86 arch:x86

8bcb3998ed83cc9698afdb6702e4ef59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/12/2010, 00:00

Not After

06/12/2015, 23:59

Subject

CN=Dillobits Software\, Inc.,O=Dillobits Software\, Inc.,POSTALCODE=30041,STREET=2150 Arbor Chase,L=Cumming,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:b4:7f:00:4f:76:09:96:ba:3d:69:b8:6d:d2:43:0d:ef:bc:d3:e3
Signer

Actual PE Digest

7b:b4:7f:00:4f:76:09:96:ba:3d:69:b8:6d:d2:43:0d:ef:bc:d3:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\jcyr\data\dillobits\Projects\dev\InSync\exe\InSync.pdb

Imports

kernel32

IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
LCMapStringW
SetEnvironmentVariableA
GetDriveTypeW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
GetTimeZoneInformation
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
HeapQueryInformation
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
RtlUnwind
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
SearchPathW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
lstrcmpiW
DuplicateHandle
UnlockFile
GetFullPathNameW
FlushFileBuffers
GetCurrentDirectoryW
lstrcpyW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GetThreadLocale
GlobalGetAtomNameW
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SuspendThread
SetThreadPriority
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringA
lstrcmpA
GetVersionExW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
CopyFileW
MulDiv
GlobalFree
GlobalSize
GlobalAlloc
IsWow64Process
GetVolumeInformationW
SetErrorMode
GetErrorMode
GetLogicalDrives
GetNumberFormatW
GetFileAttributesW
RemoveDirectoryW
GetOverlappedResult
FindNextFileW
FindClose
FindFirstFileW
MoveFileW
LocalAlloc
DeleteFileW
Sleep
DecodePointer
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThread
lstrlenW
GetQueuedCompletionStatus
ResetEvent
RaiseException
PostQueuedCompletionStatus
TerminateThread
GetExitCodeThread
CreateIoCompletionPort
InitializeCriticalSectionEx
GlobalUnlock
GlobalLock
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLocaleInfoW
GetSystemInfo
GetEnvironmentVariableW
LocalFree
FormatMessageW
GetFileSize
GetLocalTime
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResumeThread
VerSetConditionMask
VerifyVersionInfoW
SystemTimeToFileTime
GetSystemTime
CreateDirectoryW
GetComputerNameW
GetModuleFileNameW
IsDebuggerPresent
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
VirtualFree
SetLastError
SetFileTime
SetFileAttributesW
VirtualAlloc
WriteFile
GetLastError
ReadFile
CreateEventW
LockFile
SetEndOfFile
SetFilePointer
CreateFileW
WaitForSingleObject
CreateMutexW
CloseHandle
ReleaseMutex
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
OutputDebugStringW
SizeofResource

user32

TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
PostQuitMessage
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
GetIconInfo
CopyImage
IsRectEmpty
OffsetRect
SetRectEmpty
FillRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
ReleaseCapture
SetCapture
GetNextDlgGroupItem
InflateRect
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
DrawStateW
GetScrollPos
SetScrollPos
ScrollWindow
GetWindowDC
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
SetWindowRgn
GetSysColorBrush
GetMessageW
EnableWindow
SendMessageW
TranslateMessage
ShowOwnedPopups
GetWindowThreadProcessId
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetWindowRect
LoadMenuW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnregisterClassW
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardViewer
MessageBoxW
IsIconic
GetKeyNameTextW
MapVirtualKeyW
DestroyMenu
GetMenuItemInfoW
CreatePopupMenu
LoadCursorW
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
IntersectRect
SetClipboardData
EmptyClipboard
UnionRect
IsMenu
UpdateLayeredWindow
GetAsyncKeyState
EnableMenuItem
AppendMenuW
BeginPaint
EndPaint
SetWindowContextHelpId
MapDialogRect
IsZoomed
MessageBeep
SystemParametersInfoW
DrawEdge
DrawFrameControl
RedrawWindow
GetSystemMetrics
SetTimer
KillTimer
PostMessageW
DestroyIcon
GetDC
ReleaseDC
GetParent
GetSysColor
DrawIconEx
EnableScrollBar
MonitorFromPoint
DeleteMenu
CharNextW
LoadImageW
DrawFocusRect
InvalidateRect
BringWindowToTop
GetSystemMenu
CopyAcceleratorTableW
InvalidateRgn
SetRect
LoadAcceleratorsW
GetWindowRgn
DrawIcon
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateAcceleratorW
SubtractRect
MapVirtualKeyExW
IsCharLowerW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
IsClipboardFormatAvailable
FrameRect
CharUpperBuffW
InvertRect
HideCaret
GetUpdateRect
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetCursorPos
SetClassLongW
LockWindowUpdate
RegisterClipboardFormatW
EnumChildWindows
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
WaitMessage
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
CharUpperW
TrackMouseEvent
SetParent
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
SetScrollRange

gdi32

SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
PatBlt
CreatePolygonRgn
Polygon
Polyline
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetMapMode
SetRectRgn
DPtoLP
GetDIBits
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
Rectangle
GetRgnBox
CreateRoundRectRgn
OffsetRgn
RoundRect
CreatePalette
SelectPalette
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
SetPixelV
GetTextFaceW
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
SelectObject
GetObjectType
CreateCompatibleDC
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
DeleteDC
CreateFontIndirectW
GetObjectW
GetTextMetricsW
DeleteObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
GetPaletteEntries
PtVisible
CreateSolidBrush
GetTextCharsetInfo
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
SetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
EqualSid
DeleteAce
GetAce
GetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
OpenThreadToken
InitiateSystemShutdownExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHAppBarMessage
DragFinish
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteExW
DragQueryFileW
SHGetFileInfoW
SHBrowseForFolderW
ShellExecuteW
SHGetDesktopFolder
SHGetKnownFolderPath

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
SHStrDupW
ord191
PathIsDirectoryW
StrFormatKBSizeW

uxtheme

GetWindowTheme
GetThemeSysColor
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed
DrawThemeParentBackground
DrawThemeText

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
CoDisconnectObject
CreateStreamOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium
OleDuplicateData
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
StringFromCLSID
OleRun
CoInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayDestroy
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

dbghelp

MiniDumpWriteDump

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mpr

WNetCloseEnum
WNetCancelConnection2W
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW

powrprof

SetSuspendState

vssapi

CreateVssBackupComponentsInternal

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext

wintrust

WinVerifyTrust

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bcb3998ed83cc9698afdb6702e4ef59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2fCertificate

Extended Key Usages

Key Usages

7b:b4:7f:00:4f:76:09:96:ba:3d:69:b8:6d:d2:43:0d:ef:bc:d3:e3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

dbghelp

netapi32

version

mpr

powrprof

vssapi

crypt32

wintrust

oleacc

imm32

winmm

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 395KB - Virtual size: 394KB

.data Size: 27KB - Virtual size: 58KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2f
Certificate

7b:b4:7f:00:4f:76:09:96:ba:3d:69:b8:6d:d2:43:0d:ef:bc:d3:e3
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 395KB - Virtual size: 394KB

.data
Size: 27KB - Virtual size: 58KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB