2024-05-09_7110646c345312dd4a14281029a49551_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_7110646c345312dd4a14281029a49551_icedid
Size

552KB
MD5

7110646c345312dd4a14281029a49551
SHA1

56ec1d775707d90bae0ed2542bcc9ea878e9c060
SHA256

bddee5075bf5db87e35efc9e8945a7f20416f71ab7bd58a435c376a968dbcd47
SHA512

50a14cfefaaac8271be91330f506a319675fb1011710e894061f847340aad3d1a30f47e18f375fe3ec0fa98391bef7d286f2d998dc088ddb716279b8942c0201
SSDEEP

6144:wOap0EEHpMqvQfBM6hP+uHegfHOmaDOT/AWkyYr57po4fNcA713iM9UMV3toMREN:wOZEEJpYHeg/OKrkyYrg4FDRZ7VE

Score

1^/10

Malware Config

Signatures

Files

2024-05-09_7110646c345312dd4a14281029a49551_icedid
.exe windows:5 windows x86 arch:x86

9f5196cd39943c92a0ad1cf1d6700db6

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:df:66:b4:ad:70:01:ad:d4:79:d9:9b:f9:ca:8c:f7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

18/11/2015, 00:00

Not After

27/12/2016, 23:59

Subject

CN=ExpertRating Solutions,O=ExpertRating Solutions,L=Chandigarh,ST=Chandigarh,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

83:c3:f6:83:1a:f6:ca:dc:bc:f9:0a:12:52:5d:74:aa:3e:34:33:92
Signer

Actual PE Digest

83:c3:f6:83:1a:f6:ca:dc:bc:f9:0a:12:52:5d:74:aa:3e:34:33:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetAttemptConnect
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCanonicalizeUrlA

kernel32

RtlUnwind
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetTimeZoneInformation
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GetTickCount
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
ReleaseMutex
CreateMutexA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LocalAlloc
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetThreadLocale
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
GetModuleFileNameW
GetCurrentProcessId
GetModuleFileNameA
SuspendThread
ResumeThread
SetThreadPriority
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
lstrcmpA
MulDiv
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetExitCodeThread
Sleep
WaitForSingleObject
lstrlenA
CreateEventA
MultiByteToWideChar
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetTempPathA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
FormatMessageA
LocalFree
InterlockedDecrement
CreateFileMappingA
CloseHandle
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeW

user32

RegisterClipboardFormatA
CopyAcceleratorTableA
ReleaseCapture
SetCapture
UnregisterClassA
DestroyMenu
LoadCursorA
GetSysColorBrush
CharUpperA
CharNextA
SetWindowContextHelpId
MapDialogRect
SetCursor
PostQuitMessage
GetWindowThreadProcessId
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetActiveWindow
GetCursorPos
ValidateRect
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetLastActivePopup
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
SetWindowPlacement
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
DrawTextA
GetDC
ReleaseDC
OpenClipboard
GetClipboardData
PostThreadMessageA
GetMessageA
TranslateMessage
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
GetClassLongA
IsRectEmpty
DispatchMessageA
PeekMessageA
SetWindowsHookExA
GetAsyncKeyState
PostMessageA
CallNextHookEx
UnhookWindowsHookEx
GetForegroundWindow
GetSystemMetrics
LoadIconA
SetActiveWindow
KillTimer
SetTimer
ShowOwnedPopups
GetClientRect
BringWindowToTop
IsIconic
DrawIcon
SetParent
CopyRect
GetWindowLongA
SetWindowLongA
SetWindowPos
LoadBitmapA
SetRect
MessageBoxA
InvalidateRect
UpdateWindow
GetWindowRect
SendMessageA
EmptyClipboard
CloseClipboard
IsWindowEnabled
IsWindowVisible
GetWindowTextA
ShowWindow
DestroyWindow
GetDesktopWindow
EnumWindows
EnableWindow
IsWindow
IsChild
GetParent

gdi32

GetWindowExtEx
PtVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
GetBkColor
GetTextColor
GetMapMode
GetRgnBox
SetMapMode
CreateFontA
DeleteObject
RestoreDC
SaveDC
ExtTextOutA
GetDeviceCaps
GetStockObject
SetTextColor
RectVisible
CreateBitmap
SetBkColor
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
GetObjectA
SelectObject
RealizePalette
GetDIBits
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

shlwapi

PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantChangeType
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysAllocString
SysStringLen
SysFreeString
VariantClear

urlmon

UrlMkSetSessionOption

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f5196cd39943c92a0ad1cf1d6700db6

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:df:66:b4:ad:70:01:ad:d4:79:d9:9b:f9:ca:8c:f7Certificate

Extended Key Usages

Key Usages

83:c3:f6:83:1a:f6:ca:dc:bc:f9:0a:12:52:5d:74:aa:3e:34:33:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

urlmon

avicap32

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 13KB - Virtual size: 32KB

.rsrc Size: 42KB - Virtual size: 42KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:df:66:b4:ad:70:01:ad:d4:79:d9:9b:f9:ca:8c:f7
Certificate

83:c3:f6:83:1a:f6:ca:dc:bc:f9:0a:12:52:5d:74:aa:3e:34:33:92
Signer

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 13KB - Virtual size: 32KB

.rsrc
Size: 42KB - Virtual size: 42KB