2024-05-16_ee03c7810196e88061e2c54d582653fb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-16_ee03c7810196e88061e2c54d582653fb_icedid
Size

183KB
MD5

ee03c7810196e88061e2c54d582653fb
SHA1

5de1c013ebe186f2cd2f794c873ac975057dd488
SHA256

0e03637be35c0e7ca20bbfba1609d8ed9df8e2fa3a658a923a7d7a211896699a
SHA512

db97b8b2b2fca96becba7cd5093267ac2730f6e34e93829aa5ae18fde0713743aaa8a5567aef77484322d075e00b8435d90f2f044484c2df748f21a0841ccd2b
SSDEEP

3072:17XpfiG+iU+/oD6H63W5oUE0PLO/nrRnK905dCXergaFPf:RBiG+iUP6bsaLO/nxLCXKHf

Score

1^/10

Malware Config

Signatures

Files

2024-05-16_ee03c7810196e88061e2c54d582653fb_icedid
.exe windows:5 windows x86 arch:x86

fa98d291ec7eb3daa19e4ddba4ad77b8

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=上海迅软信息科技有限公司,O=上海迅软信息科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=上海迅软信息科技有限公司,O=上海迅软信息科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:50:9d:da:f3:a0:bd:9c:ad:ec:df:62:e2:04:a1:33:84:bd:7e:7d:fc:5c:18:f6:16:d5:9a:ea:9f:c7:e2:93
Signer

Actual PE Digest

68:50:9d:da:f3:a0:bd:9c:ad:ec:df:62:e2:04:a1:33:84:bd:7e:7d:fc:5c:18:f6:16:d5:9a:ea:9f:c7:e2:93

Digest Algorithm

sha256

PE Digest Matches

true

ec:37:37:19:da:33:1d:2a:1c:9c:0e:81:bb:c0:22:fa:1b:f3:1b:6d
Signer

Actual PE Digest

ec:37:37:19:da:33:1d:2a:1c:9c:0e:81:bb:c0:22:fa:1b:f3:1b:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetCurrentProcess
lstrlenA
SetFilePointer
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
RaiseException
HeapSize
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
WriteFile
GlobalFindAtomW
LoadLibraryW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
InterlockedIncrement
FormatMessageW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GlobalFree
GlobalUnlock
GetModuleHandleA
InterlockedDecrement
lstrlenW
WritePrivateProfileStringW
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetProcAddress
CreateEventW
LocalFree
Sleep
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
OpenProcess
CloseHandle
GetModuleFileNameW
GetLastError

advapi32

RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueW
CloseServiceHandle
StartServiceW
OpenServiceW
CreateServiceW
OpenSCManagerW
DeleteService
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueW
OpenProcessToken
SetServiceStatus
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shlwapi

PathFindExtensionW
PathFindFileNameW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

LoadCursorW
GetSysColorBrush
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
DestroyMenu
PostQuitMessage
PostMessageW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
SendMessageW
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
GetMenuState
GetMenuItemCount
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
CopyRect

gdi32

SetBkColor
SetTextColor
SetMapMode
GetClipBox
GetStockObject
ScaleViewportExtEx
RestoreDC
GetDeviceCaps
SaveDC
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
CreateBitmap
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa98d291ec7eb3daa19e4ddba4ad77b8

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

68:50:9d:da:f3:a0:bd:9c:ad:ec:df:62:e2:04:a1:33:84:bd:7e:7d:fc:5c:18:f6:16:d5:9a:ea:9f:c7:e2:93Signer

ec:37:37:19:da:33:1d:2a:1c:9c:0e:81:bb:c0:22:fa:1b:f3:1b:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

wtsapi32

userenv

oleacc

user32

gdi32

winspool.drv

oleaut32

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 1024B - Virtual size: 572B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

68:50:9d:da:f3:a0:bd:9c:ad:ec:df:62:e2:04:a1:33:84:bd:7e:7d:fc:5c:18:f6:16:d5:9a:ea:9f:c7:e2:93
Signer

ec:37:37:19:da:33:1d:2a:1c:9c:0e:81:bb:c0:22:fa:1b:f3:1b:6d
Signer

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 572B