2024-05-17_77326efcb552f37e237f92e9f8ff3ac3_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_77326efcb552f37e237f92e9f8ff3ac3_icedid
Size

1.1MB
MD5

77326efcb552f37e237f92e9f8ff3ac3
SHA1

34ed5449548e557134bbd4a06fbc3857f8323e30
SHA256

18e12f8b2b61df4a7421191dfdd95f5cf3d60d32b35d7c7ab5a4909244a7c28d
SHA512

6670e5d3e2714bebb4d0351c138c28f91e8f8941c08e1b934844312c125445069bc2086861332756f67baf978ae882e6bd8a8a16f0e3c70680bdde506f6e7348
SSDEEP

6144:VEu5EIm/t8n9Bc+RQy7fuFLCuP53jLLQpUV:r9Bc+77fuFeuP53jfQg

Score

1^/10

Malware Config

Signatures

Files

2024-05-17_77326efcb552f37e237f92e9f8ff3ac3_icedid
.exe windows:5 windows x86 arch:x86

3cc2d232899c681a839dee7f1e5952b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/10/2014, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Fuji Xerox Co.\, Ltd.,OU=Controller Platform Development III,O=Fuji Xerox Co.\, Ltd.,L=6-1 Minatomirai\, Nishi-ku\, Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:cb:fb:28:e8:8e:77:74:0b:d2:a4:e4:fe:f5:86:66:43:62:83:8b
Signer

Actual PE Digest

d7:cb:fb:28:e8:8e:77:74:0b:d2:a4:e4:fe:f5:86:66:43:62:83:8b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetModuleHandleA
GlobalFindAtomW
CompareStringW
GetVersionExA
InterlockedDecrement
MulDiv
GlobalUnlock
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GlobalLock
LoadLibraryA
GetLocalTime
WritePrivateProfileSectionW
GetModuleFileNameW
IsDBCSLeadByteEx
FormatMessageW
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetPrivateProfileSectionW
MoveFileExW
GetProcAddress
GetVersionExW
SetFileAttributesW
GetTickCount
Sleep
DeleteFileW
LoadLibraryW
GetUserDefaultUILanguage
WriteProfileStringW
GetPrivateProfileStringW
GetWindowsDirectoryW
WritePrivateProfileStringW
lstrcatW
LocalAlloc
LocalFree
lstrcpynW
GlobalAlloc
GlobalFree
GetProfileStringW
GetSystemDirectoryW
SetLastError
FreeLibrary
lstrlenW
GetLastError
lstrcmpiW
FindFirstFileW
FindClose
MultiByteToWideChar
lstrlenA
lstrcpyW
lstrcmpW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
SetHandleCount

user32

UnregisterClassW
GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
PeekMessageW
SendMessageTimeoutW
wsprintfW
GetActiveWindow
MessageBoxW
LoadBitmapW
OffsetRect
ScreenToClient
GetClientRect
LoadIconW
GetSystemMenu
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
SendMessageW
EnableWindow
GetWindowRect
PtInRect
FindWindowW
SetForegroundWindow
GetWindowTextW

gdi32

DPtoLP
PtVisible
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
GetObjectW
GetStockObject
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
CreateFontIndirectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
SelectObject
DeleteDC
DeleteObject
RectVisible

winspool.drv

DeleteMonitorW
DeletePrinter
EnumPrinterDriversW
EnumPrintersW
ClosePrinter
GetPrinterW
OpenPrinterW
DocumentPropertiesW
DeletePrinterDriverW
DeletePrinterConnectionW
GetPrinterDriverDirectoryW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
StartServiceW
ControlService
QueryServiceStatus
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenServiceW
EnumDependentServicesW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cc2d232899c681a839dee7f1e5952b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d7:cb:fb:28:e8:8e:77:74:0b:d2:a4:e4:fe:f5:86:66:43:62:83:8bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

version

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 11KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d7:cb:fb:28:e8:8e:77:74:0b:d2:a4:e4:fe:f5:86:66:43:62:83:8b
Signer

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB