2024-05-22_7a62e9e6e211bdf090b9bd8d6abf7d8c_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_7a62e9e6e211bdf090b9bd8d6abf7d8c_icedid
Size

1.7MB
MD5

7a62e9e6e211bdf090b9bd8d6abf7d8c
SHA1

e1fe712e5d38a30ec53439621a9244de2d6713e9
SHA256

7550dd2fc091d317d0765cb76415f378b120fef54999e1059ec00f882ff20c2e
SHA512

1af6209e680931d49185def5e5cf4c859c8aa453cf2e8e6c0a0c4d447237e1340bb5a1a06c3ef2e035c71d50addc003002f0610feb7d98384ed8b14be19d4235
SSDEEP

24576:rrppMMuWMTku58YYKguPysKSwwDkZGKw5629C+ciMDpPcXqOZN2Rf:rTMMmF8pq/YwDkZM/9CTpPcXqOZg

Score

1^/10

Malware Config

Signatures

Files

2024-05-22_7a62e9e6e211bdf090b9bd8d6abf7d8c_icedid
.exe windows:5 windows x86 arch:x86

acdd8720b39831915b667c39de8e5552

Code Sign

6b:f6:39:c6:33:10:03:f6:b9:d1:e5:e0:29:13:5b:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-03-2012 00:00

Not After

08-05-2014 23:59

Subject

CN=Arvato Digital Services Canada Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Arvato Digital Services Canada Inc,L=Vancouver,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:53:45:c8:c2:cb:9f:c6:1b:62:b0:82:99:1a:e2:58:3b:44:4f:68
Signer

Actual PE Digest

f8:53:45:c8:c2:cb:9f:c6:1b:62:b0:82:99:1a:e2:58:3b:44:4f:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\Mercury\BRANCH_MERCURY_1_5_0\Applications\bin\Release\DownloadAssistant.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

DuplicateToken
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
GetLengthSid
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

kernel32

TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
WritePrivateProfileStringW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindFirstFileW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitThread
CreateThread
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GlobalReAlloc
GetDriveTypeA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetLocalTime
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
TlsGetValue
GlobalFlags
InterlockedDecrement
GetThreadLocale
TlsAlloc
ConvertDefaultLocale
lstrcmpA
CompareStringA
InterlockedExchange
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GlobalUnlock
FreeResource
QueryDosDeviceW
DefineDosDeviceW
GetVolumeInformationW
GetDiskFreeSpaceW
DeviceIoControl
lstrlenA
SetFileAttributesW
CreateFileW
FindFirstFileA
FindClose
GetCurrentThreadId
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTime
ExpandEnvironmentStringsA
GetExitCodeThread
SetLastError
CreateMutexA
CreateEventA
WaitForMultipleObjects
DuplicateHandle
InterlockedCompareExchange
FlushConsoleInputBuffer
SleepEx
FormatMessageA
GetLocaleInfoW
LocalAlloc
GetCurrentProcess
GetCurrentThread
GetSystemInfo
LoadLibraryExW
SetThreadPriority
SetEvent
ResetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetThreadLocale
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
EnumResourceLanguagesW
TerminateThread
WaitForSingleObject
ResumeThread
SuspendThread
GetSystemDirectoryW
CreateProcessW
GetTickCount
WideCharToMultiByte
lstrlenW
GetTempPathW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GlobalFree
GlobalLock
GlobalAlloc
MulDiv
ExpandEnvironmentStringsW
FindResourceExW
CloseHandle
ReleaseMutex
CreateMutexW
LocalFree
FormatMessageW
GetModuleHandleW
GetProcAddress
DeleteFileW
GetLastError
CreateDirectoryW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
InterlockedIncrement
GlobalHandle
ReadConsoleInputA
SetConsoleMode
HeapReAlloc

user32

GetNextDlgGroupItem
UnregisterClassW
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
DestroyMenu
GetSysColorBrush
WindowFromPoint
GetMessageW
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
CharNextW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
GetMenuState
PostThreadMessageW
RegisterClipboardFormatW
CharUpperW
SendDlgItemMessageA
MessageBeep
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
ReleaseCapture
SetCapture
PtInRect
LoadCursorW
SetCursor
SetWindowLongW
ReleaseDC
GetDC
DrawIcon
GetSystemMetrics
SetForegroundWindow
ShowWindow
IsIconic
BringWindowToTop
GetLastActivePopup
GetParent
GetWindowLongW
EnumChildWindows
GetClassNameW
GetClassInfoW
EnumWindows
MessageBoxW
FillRect
GetClientRect
LoadIconW
SendMessageW
EnableWindow
GetWindowRect
RegisterClassW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
ScaleViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetViewportExtEx
GetMapMode
GetRgnBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentPoint32W
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
GetStockObject
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush
CreateFontW
GetObjectW
GetTextExtentExPointW
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

shell32

SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathIsRelativeW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
SysStringLen
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
OleLoadPicture
SysAllocString
SysFreeString

ws2_32

shutdown
__WSAFDIsSet
listen
accept
recvfrom
sendto
WSASetLastError
connect
getsockopt
getsockname
ntohs
ioctlsocket
send
select
inet_ntoa
inet_addr
setsockopt
bind
htons
gethostbyname
gethostname
socket
WSAStartup
WSAGetLastError
recv
closesocket
WSACleanup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acdd8720b39831915b667c39de8e5552

Code Sign

6b:f6:39:c6:33:10:03:f6:b9:d1:e5:e0:29:13:5b:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f8:53:45:c8:c2:cb:9f:c6:1b:62:b0:82:99:1a:e2:58:3b:44:4f:68Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 238KB - Virtual size: 237KB

.data Size: 65KB - Virtual size: 91KB

.rsrc Size: 344KB - Virtual size: 344KB

6b:f6:39:c6:33:10:03:f6:b9:d1:e5:e0:29:13:5b:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f8:53:45:c8:c2:cb:9f:c6:1b:62:b0:82:99:1a:e2:58:3b:44:4f:68
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 65KB - Virtual size: 91KB

.rsrc
Size: 344KB - Virtual size: 344KB