2024-05-15_3f4be9433499a68bd3e8c75550059943_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-15_3f4be9433499a68bd3e8c75550059943_icedid
Size

294KB
MD5

3f4be9433499a68bd3e8c75550059943
SHA1

5794185e15325f1712ef2c4c62b3ecdec534e7de
SHA256

0966dc57c76ac290d3406b335fea87976dc2459fe57ffc03ba716eafb4f66c5e
SHA512

1e1b468675e1a8ce3ce633ed06bdfaf65a541fed45ab50e3b942ee4c50ab6e315b25940163393f68d0234e10595de34eb153c35cede4439ad9565463f08be321
SSDEEP

6144:BtUUUnYgYmyDRwzG6JdDzsfXH4N2JzAfdKAp2OQi1Bct7QkEB:BtUUUYb16Jd/8XH+W6KjEBn9

Score

1^/10

Malware Config

Signatures

Files

2024-05-15_3f4be9433499a68bd3e8c75550059943_icedid
.exe windows:4 windows x86 arch:x86

4133f68d02720cd04e4396f058fc699c

Code Sign

5a:3e:ab:70:74:21:0e:b8:e6:34:0a:c4:aa:cc:7d:22
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-08-2010 00:00

Not After

02-08-2011 23:59

Subject

CN=GNWay (Beijing) Co. Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=GNWay (Beijing) Co. Ltd,O=GNWay (Beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\My Documents\代码\esoonlink\VirtualPrinter\HandlePrintJob\Release\GNPrint.pdb

Imports

kernel32

ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
ExitThread
CreateThread
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
GetFileTime
VirtualFree
IsBadWritePtr
SetHandleCount
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GlobalFlags
WritePrivateProfileStringA
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
InterlockedDecrement
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalAddAtomA
FreeResource
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
MulDiv
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
FindClose
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
GetTickCount
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
lstrcpyA
WriteFile
WaitForSingleObject
GetLastError
SetLastError
GlobalAlloc
GlobalFree
DeleteFileA
MoveFileA
LocalAlloc
LocalHandle
LocalFree
GetModuleFileNameA
GetStdHandle
CreatePipe
SetStdHandle
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
CreateProcessA
Sleep
GetExitCodeProcess
CloseHandle
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
InterlockedExchange

user32

DestroyMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ReleaseCapture
SetCapture
ClientToScreen
LoadCursorA
GetSysColorBrush
wsprintfA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
PostThreadMessageA
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
PtInRect
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetCursor
MessageBoxA
GetLastActivePopup
ReleaseDC
GetDC
GetClientRect
CopyRect
GetDesktopWindow
GetActiveWindow
RegisterClipboardFormatA
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
TranslateMessage
PeekMessageA
DispatchMessageA
CharUpperA
EnableWindow
LoadIconA
SendMessageA
KillTimer
SetTimer
UnregisterClassA
PostMessageA

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateRectRgnIndirect
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ord201
EnumPrintersA
SetPrinterA
DeleteFormA
AddFormA
GetPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA

shell32

Shell_NotifyIconA
SHInvokePrinterCommandA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
StgOpenStorageOnILockBytes

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString

autoupdate

DoAutoUpdate

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4133f68d02720cd04e4396f058fc699c

Code Sign

5a:3e:ab:70:74:21:0e:b8:e6:34:0a:c4:aa:cc:7d:22Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

autoupdate

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 24KB - Virtual size: 22KB

5a:3e:ab:70:74:21:0e:b8:e6:34:0a:c4:aa:cc:7d:22
Certificate

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 24KB - Virtual size: 22KB