2024-05-26_8691ebb2bd7e8c06a0ccda592907227d_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-26_8691ebb2bd7e8c06a0ccda592907227d_icedid
Size

1.3MB
MD5

8691ebb2bd7e8c06a0ccda592907227d
SHA1

13f48f0c5ec1cfa933a3bf680410aaaa04703934
SHA256

a327a4cf1cabfdfd8dbebb0c7f5183296d17bed1e98371bc4e69db3f66bc7092
SHA512

41bf93890f62e9a25fa7d3ff6f2688562a8dbbe8a9b02e46d6295751d33a5f1599464e84d8cd87b1be3b8f860eac335cec60afad557659419b2a34124b7e1dd5
SSDEEP

12288:jW/8C9FSWDDfoUToaXdWXqIkdb/qeM6C76OFG:G8CjSW5T2qXlQ1G

Score

1^/10

Malware Config

Signatures

Files

2024-05-26_8691ebb2bd7e8c06a0ccda592907227d_icedid
.exe windows:4 windows x86 arch:x86

96c72f035ab793454d71c055e73f1775

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:98:25:16:4c:b2:09:e6:b4:46:c0:13:36:81:93:f9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-04-2011 00:00

Not After

13-05-2013 23:59

Subject

CN=Airlink101,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Airlink101,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:58:a0:13:eb:2c:7f:28:a9:30:ab:cd:d6:0e:96:5d:59:6b:00:ed
Signer

Actual PE Digest

aa:58:a0:13:eb:2c:7f:28:a9:30:ab:cd:d6:0e:96:5d:59:6b:00:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionW
PathFindFileNameW

setupapi

SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

ws2_32

bind
closesocket
setsockopt
select
recv
send
sendto
recvfrom
ioctlsocket
gethostbyname
socket
connect
htons
inet_addr
accept
WSAStartup

iphlpapi

GetNetworkParams
GetAdaptersInfo
GetInterfaceInfo
IpRenewAddress

rasapi32

RasEnumEntriesW
RasGetEntryPropertiesW
RasGetEntryDialParamsW

kernel32

TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
FindResourceExW
SetErrorMode
GetPrivateProfileIntW
GetStartupInfoW
EnterCriticalSection
HeapReAlloc
ExitThread
CreateThread
ExitProcess
TerminateProcess
HeapSize
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GlobalFlags
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
VirtualProtect
InterlockedDecrement
FormatMessageW
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
GetVersionExA
FreeResource
GetSystemDefaultLangID
WritePrivateProfileStringW
WriteFile
SetLastError
GetCurrentProcess
GetSystemInfo
GetCurrentDirectoryW
CreateMutexW
GetModuleHandleW
ReleaseMutex
GetModuleFileNameW
GetSystemDirectoryW
GetFileAttributesW
Sleep
lstrcmpW
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
GlobalLock
GlobalUnlock
GlobalFree
CreateEventW
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
ResetEvent
lstrcatW
LocalFree
LocalAlloc
GlobalAlloc
FreeLibrary
LoadLibraryW
GetProcAddress
MulDiv
lstrcpyW
WideCharToMultiByte
GetLastError
GetVersion
GetWindowsDirectoryW
GetTickCount
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCommandLineW
FindResourceW
LoadResource
LockResource
SizeofResource
RtlUnwind

user32

GetSysColorBrush
PostQuitMessage
GetMessageW
ValidateRect
MapDialogRect
GetAsyncKeyState
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
wsprintfW
SetMenuItemBitmaps
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxW
TrackPopupMenu
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
ScreenToClient
GetScrollInfo
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
IsWindowEnabled
EndDialog
LoadStringW
GetDlgItem
FindWindowW
ShowWindow
SetForegroundWindow
PeekMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
GetClassNameW
LoadBitmapW
SetRect
GetWindow
IntersectRect
LoadCursorW
GetKeyState
IsWindowVisible
UpdateWindow
keybd_event
LoadIconW
KillTimer
SetTimer
GetCursorPos
RedrawWindow
ModifyMenuW
DestroyMenu
LoadMenuW
DestroyCursor
LoadImageW
GetSubMenu
TrackPopupMenuEx
PostMessageW
SetCursor
GetWindowLongW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageW
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
GetSysColor
GetIconInfo
GetDC
CreateIconIndirect
ReleaseDC
DrawStateW
DestroyIcon
EnableWindow
IsIconic

gdi32

EnumFontFamiliesExW
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
RestoreDC
SaveDC
GetClipBox
CreatePen
CreateSolidBrush
GetTextExtentPoint32W
SetTextAlign
SetBkMode
ExtTextOutW
MoveToEx
GetDeviceCaps
CreateFontIndirectW
CreateCompatibleBitmap
GetObjectW
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
ScaleViewportExtEx
DeleteObject
LineTo
SetMapMode

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueW
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

comctl32

_TrackMouseEvent
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

ole32

CreateStreamOnHGlobal

oleaut32

VariantInit
VariantChangeType
VariantClear
OleLoadPicture

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96c72f035ab793454d71c055e73f1775

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

71:98:25:16:4c:b2:09:e6:b4:46:c0:13:36:81:93:f9Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

aa:58:a0:13:eb:2c:7f:28:a9:30:ab:cd:d6:0e:96:5d:59:6b:00:edSigner

Headers

File Characteristics

Imports

shlwapi

setupapi

ws2_32

iphlpapi

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

Sections

.text Size: 280KB - Virtual size: 278KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 41KB

.rsrc Size: 964KB - Virtual size: 963KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

71:98:25:16:4c:b2:09:e6:b4:46:c0:13:36:81:93:f9
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

aa:58:a0:13:eb:2c:7f:28:a9:30:ab:cd:d6:0e:96:5d:59:6b:00:ed
Signer

.text
Size: 280KB - Virtual size: 278KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 41KB

.rsrc
Size: 964KB - Virtual size: 963KB