2024-05-15_34782895f45d1f3582f02305a76cff9e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-15_34782895f45d1f3582f02305a76cff9e_icedid
Size

1.7MB
MD5

34782895f45d1f3582f02305a76cff9e
SHA1

49e7c9dc27a0c218da14325fe854b83f0021c6af
SHA256

20b9c60a67330008de6ed39a67150f174ba0bb9bca337411a0d1b1859ababbe8
SHA512

26a165d08faeb5c79c09b74f4ed761f477a3528023afb72a7f4d7df2d0e2fe861bebab1dc9565f1fcb2231a808ff278ea9d8aaf7df94507ed2dc224d85cb07ed
SSDEEP

49152:fciO5hUO50+TcMjUmHHQgKwG51zuZN8MWjbrLkTy/oNqsiLrh1jWYT5Zjar:fkU4TcMgmHwbwo1zuZN8MWjbF/oNqrh4

Score

1^/10

Malware Config

Signatures

Files

2024-05-15_34782895f45d1f3582f02305a76cff9e_icedid
.exe windows:5 windows x86 arch:x86

74effac43725f55f8ecf95cc04dc6033

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0d:8e:7b:88:93:ab
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

04/04/2014, 09:08

Not After

04/04/2017, 09:08

Subject

CN=Parallels International GmbH,O=Parallels International GmbH,L=Schaffhausen,ST=Schaffhausen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:99:00:00:20:e9:4b:8c:e5:53:cc:66:81:77:41:e5:d6:82:16:ac
Signer

Actual PE Digest

6e:99:00:00:20:e9:4b:8c:e5:53:cc:66:81:77:41:e5:d6:82:16:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\2X\Bin\Release-Unicode\AppServer\Binaries\2XGuestAgent.pdb

Imports

kernel32

LocalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
GlobalAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetFileSize
GetCurrentDirectoryW
lstrcmpiW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TerminateProcess
GetThreadLocale
SetThreadLocale
GetSystemDefaultLangID
SetPriorityClass
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemInfo
WaitForMultipleObjects
MulDiv
GlobalSize
DeactivateActCtx
ActivateActCtx
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
lstrcmpA
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
ReleaseActCtx
SetThreadPriority
ResumeThread
GlobalGetAtomNameW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
GlobalFlags
InterlockedExchange
GetLocaleInfoW
GetUserDefaultUILanguage
lstrcpyW
GetNumberFormatW
InitializeCriticalSectionAndSpinCount
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
CreateEventW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetDriveTypeW
FindFirstFileExW
RtlUnwind
RaiseException
HeapReAlloc
GetTimeFormatW
GetDateFormatW
ExitThread
HeapQueryInformation
HeapSize
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
GetStdHandle
SetHandleCount
GetStartupInfoW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetStringTypeW
IsProcessorFeaturePresent
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateSemaphoreW
TerminateThread
ReleaseSemaphore
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetVersionExA
GetVersionExW
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
CreateThread
InterlockedIncrement
FreeLibrary
CopyFileW
SetFileAttributesW
FindClose
FindFirstFileW
MoveFileExW
GetTempFileNameW
GetTempPathW
ExpandEnvironmentStringsW
GetFileAttributesW
InterlockedCompareExchange
MoveFileW
DeleteFileW
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
SetEvent
OpenEventW
LocalFree
CreateMutexW
FormatMessageW
lstrlenA
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DosDateTimeToFileTime
VerSetConditionMask
VerifyVersionInfoW
GetWindowsDirectoryW
GetComputerNameExW
GetLastError
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
GetExitCodeProcess
Sleep
WideCharToMultiByte
GetTickCount
GetModuleHandleW
GetComputerNameW
InterlockedDecrement
WaitForSingleObject
DuplicateHandle
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetLocalTime
LoadLibraryA
CreateDirectoryW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
GetModuleFileNameW
GetCurrentThread
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
MapViewOfFile
SizeofResource

user32

MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
PostThreadMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
LockWindowUpdate
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
GetWindow
NotifyWinEvent
GetParent
InvalidateRect
DrawFocusRect
FillRect
LoadBitmapW
CopyRect
IsCharLowerW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
KillTimer
SetTimer
DeleteMenu
LoadIconW
LoadCursorW
SetCursor
PtInRect
GetWindowRect
GetWindowLongW
GetSysColor
DestroyIcon
SendDlgItemMessageW
GetLastActivePopup
MessageBoxW
IsWindowVisible
IsWindow
SendMessageW
PostMessageW
EnumWindows
GetClassNameW
GetWindowThreadProcessId
ReleaseDC
GetDC
EnableWindow
GetDlgItem
BringWindowToTop
SetForegroundWindow
SetWindowPos
GetSystemMetrics
DispatchMessageW
PeekMessageW
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
wsprintfW
ExitWindowsEx
SetClassLongW
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
WindowFromPoint
SetRect
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
IsIconic
DrawIconEx
GetNextDlgGroupItem
LoadImageW
CopyImage
GetIconInfo
OffsetRect
MessageBeep
EnableScrollBar
BeginDeferWindowPos
EmptyClipboard
CloseClipboard
SetClipboardData
CharUpperW
OpenClipboard
HideCaret
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
SetLayeredWindowAttributes
EnumDisplayMonitors
ShowOwnedPopups
SetRectEmpty
IntersectRect
PostQuitMessage
RealChildWindowFromPoint
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
GetSysColorBrush
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
EndDeferWindowPos
CheckDlgButton
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
SetWindowPlacement

advapi32

InitializeAcl
GetAclInformation
MakeAbsoluteSD
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W
StartServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
LookupAccountNameW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
AddAce
RegOpenKeyW
RegQueryValueExA
SetSecurityDescriptorOwner
ConvertSidToStringSidW
ConvertStringSidToSidW
RegDeleteKeyW
GetUserNameW

shell32

ShellExecuteExW
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetFileInfoW
SHAppBarMessage

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
OleRun
CoCreateInstance
CoTaskMemFree

oleaut32

GetErrorInfo
SysFreeString
SafeArrayDestroy
VariantClear
SysAllocString
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysAllocStringLen
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_GetIconSize

shlwapi

PathAppendW
SHDeleteKeyW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
StrCpyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDeleteGraphics

ws2_32

select
inet_addr
WSAGetLastError
WSAIoctl
WSAStartup
socket
gethostbyname
htonl
htons
bind
getsockname
ntohs
closesocket
listen
setsockopt
accept
getpeername
connect
getaddrinfo
freeaddrinfo
shutdown
__WSAFDIsSet
WSAStringToAddressW
getnameinfo
inet_ntoa
ioctlsocket
getsockopt
recvfrom
sendto
send
WSASetLastError
recv

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

pdh

PdhCollectQueryData
PdhLookupPerfNameByIndexW
PdhRemoveCounter
PdhCloseQuery
PdhGetFormattedCounterValue
PdhAddCounterW
PdhOpenQueryW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

gdi32

SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetTextMetricsW
BitBlt
GetObjectW
CreateDCW
CopyMetaFileW
GetDeviceCaps
SetBkColor
SetTextColor
CreateSolidBrush
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
SelectClipRgn
CreateRectRgn
CreateDIBitmap
CreateCompatibleBitmap
DPtoLP
CombineRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetRectRgn
GetTextExtentPoint32W
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectW

winspool.drv

ClosePrinter
DeletePrinter
SetPrinterW
EnumPortsW
XcvDataW
GetPrinterDataExW
EnumPrintersW
OpenPrinterW
AddPrinterW
EnumPrinterDriversW
DeletePrinterDriverW
AddPrinterDriverW
GetPrinterDriverDirectoryW
DocumentPropertiesW
GetPrinterW

comdlg32

GetFileTitleW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74effac43725f55f8ecf95cc04dc6033

Code Sign

07Certificate

Key Usages

04:0d:8e:7b:88:93:abCertificate

Extended Key Usages

Key Usages

6e:99:00:00:20:e9:4b:8c:e5:53:cc:66:81:77:41:e5:d6:82:16:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

gdiplus

ws2_32

version

pdh

setupapi

wtsapi32

iphlpapi

oleacc

imm32

winmm

gdi32

winspool.drv

comdlg32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 29KB - Virtual size: 65KB

.rsrc Size: 2KB - Virtual size: 1KB

07
Certificate

04:0d:8e:7b:88:93:ab
Certificate

6e:99:00:00:20:e9:4b:8c:e5:53:cc:66:81:77:41:e5:d6:82:16:ac
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 29KB - Virtual size: 65KB

.rsrc
Size: 2KB - Virtual size: 1KB