2024-05-31_263682368bab12086bed73449e83ed99_bkransomware_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_263682368bab12086bed73449e83ed99_bkransomware_icedid
Size

6.1MB
MD5

263682368bab12086bed73449e83ed99
SHA1

9d4eac81ee4864655fdfa13d19c7c0dc36b3690c
SHA256

e4469e60d03b9e72a0e6e7b728c9a657dda1dc59079c3ae19c8be34f38f2dd49
SHA512

9ebe1b21de9b005be17ccf08ad5f3077262fddac552cafbd0a04545ff75d88d8e14dbaf3c6d19f35b441d8cb363a5498e30213ec883d7b78793185a5653345ea
SSDEEP

98304:FoO5iP36Q7v4ULaCTlkTUIq+3EDWFBFFBBZgUyc/QX1kmoNl2UNWWDKxfQZ7AhXP:FD5iPKmKTvvpgUyc/QXONXcCG

Score

1^/10

Malware Config

Signatures

Files

2024-05-31_263682368bab12086bed73449e83ed99_bkransomware_icedid
.exe windows:6 windows x86 arch:x86

2d4b0f10c3107d9f70d8db6c38c18191

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/12/2010, 00:00

Not After

06/12/2015, 23:59

Subject

CN=Dillobits Software\, Inc.,O=Dillobits Software\, Inc.,POSTALCODE=30041,STREET=2150 Arbor Chase,L=Cumming,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:a1:44:b3:18:1f:6e:32:2a:ea:89:5b:5f:31:d6:d9:52:bc:07:34
Signer

Actual PE Digest

b2:a1:44:b3:18:1f:6e:32:2a:ea:89:5b:5f:31:d6:d9:52:bc:07:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\jcyr\data\dillobits\Projects\dev\InSync\exe\InSync.pdb

Imports

kernel32

LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
ReadConsoleW
SetFilePointerEx
GetTimeFormatW
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetDateFormatW
GetTimeZoneInformation
OutputDebugStringW
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
HeapQueryInformation
IsProcessorFeaturePresent
GetModuleHandleExW
SizeofResource
ExitProcess
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
GetTickCount
SearchPathW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
lstrcmpiW
DuplicateHandle
UnlockFile
GetFullPathNameW
FlushFileBuffers
GetCurrentDirectoryW
lstrcpyW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GetThreadLocale
GlobalGetAtomNameW
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringA
lstrcmpA
GetVersionExW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
CopyFileW
MulDiv
GlobalFree
GlobalSize
GlobalAlloc
IsWow64Process
GetVolumeInformationW
SetErrorMode
GetErrorMode
GetLogicalDrives
GetNumberFormatW
GetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindClose
FindFirstFileW
MoveFileW
LocalAlloc
DeleteFileW
Sleep
DecodePointer
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThread
lstrlenW
GetQueuedCompletionStatus
ResetEvent
RaiseException
PostQueuedCompletionStatus
TerminateThread
GetExitCodeThread
CreateIoCompletionPort
InitializeCriticalSectionEx
VirtualFree
VirtualAlloc
GlobalUnlock
GlobalLock
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
GetLocaleInfoW
GetSystemInfo
GetEnvironmentVariableW
LocalFree
FormatMessageW
GetFileSize
GetLocalTime
WideCharToMultiByte
SetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ResumeThread
CreateThread
SystemTimeToFileTime
GetSystemTime
CreateDirectoryW
GetComputerNameW
GetModuleFileNameW
IsDebuggerPresent
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
SetLastError
SetFileTime
SetFileAttributesW
GetOverlappedResult
CancelIo
WriteFile
GetLastError
ReadFile
CreateEventW
LockFile
SetEndOfFile
SetFilePointer
CreateFileW
WaitForSingleObject
CreateMutexW
CloseHandle
ReleaseMutex
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetConsoleMode

user32

SetCursorPos
SetClassLongW
LockWindowUpdate
RegisterClipboardFormatW
EnumChildWindows
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
WaitMessage
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
CharUpperW
TrackMouseEvent
SetParent
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
DeleteMenu
MonitorFromPoint
EnableScrollBar
GetAsyncKeyState
UpdateLayeredWindow
IsMenu
UnionRect
EmptyClipboard
SetClipboardData
EnumDisplayMonitors
SetLayeredWindowAttributes
RealChildWindowFromPoint
LoadCursorW
GetMenuItemInfoW
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
GetWindowThreadProcessId
ShowOwnedPopups
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
SetWindowRgn
GetSystemMetrics
DrawFrameControl
DrawEdge
SystemParametersInfoW
MessageBeep
IsZoomed
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
PostQuitMessage
DrawStateW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetRect
GetIconInfo
DrawIconEx
CopyImage
IsRectEmpty
OffsetRect
SetRectEmpty
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
ReleaseCapture
SetCapture
GetNextDlgGroupItem
InflateRect
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
SetDlgItemTextW
MoveWindow
EnableWindow
SendMessageW
SetTimer
KillTimer
PostMessageW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetDoubleClickTime
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
GetUpdateRect
CharNextW
InvalidateRgn
HideCaret
InvertRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetScrollPos
SetScrollPos
IsCharLowerW
SubtractRect
GetComboBoxInfo
CreateMenu
DestroyCursor
DrawIcon
GetWindowRgn
SendDlgItemMessageA
DestroyIcon
MapVirtualKeyExW
GetDC
ReleaseDC
GetParent
LoadImageW
GetSysColor
DrawFocusRect
InvalidateRect
IsIconic
BringWindowToTop
GetSystemMenu
AppendMenuW
EnableMenuItem
MessageBoxW
FillRect
SetClipboardViewer
OpenClipboard
GetClipboardData
CloseClipboard
UnregisterClassW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
LoadMenuW
GetWindowRect
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
ValidateRect
RedrawWindow
ScrollWindow

gdi32

OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
SetPixelV
GetTextFaceW
RealizePalette
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
DPtoLP
SetRectRgn
GetMapMode
Polyline
Polygon
CreatePolygonRgn
PatBlt
GetTextColor
GetBkColor
Ellipse
CreateRectRgnIndirect
CreateEllipticRgn
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
GetRgnBox
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
CreateRoundRectRgn
Rectangle
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
GetStockObject
CreateSolidBrush
GetObjectType
DeleteObject
CreateCompatibleDC
CreateBitmap
SetTextColor
SetBkColor
CreateDCW
SetDIBColorTable
CreateDIBSection
StretchBlt
OffsetWindowOrgEx
SetPixel
GetTextExtentPoint32W
SelectObject
GetObjectW
CreateFontIndirectW
CopyMetaFileW
GetTextMetricsW
GetDeviceCaps
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

InitiateSystemShutdownExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
SetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
EqualSid
DeleteAce
GetAce
GetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath
DragFinish
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
DragQueryFileW
SHGetDesktopFolder
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
ord191
SHStrDupW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

CloseThemeData
GetWindowTheme
GetThemeSysColor
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
OpenThemeData
DrawThemeParentBackground
DrawThemeText
DrawThemeBackground
IsAppThemed
GetThemeColor
GetCurrentThemeName

ole32

CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
CreateStreamOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleRun
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleDuplicateData
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoRegisterMessageFilter
CoRevokeClassObject
GetHGlobalFromStream

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantCopy
VariantTimeToSystemTime
GetErrorInfo

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

dbghelp

MiniDumpWriteDump

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mpr

WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW
WNetCancelConnection2W
WNetEnumResourceW

powrprof

SetSuspendState

vssapi

CreateVssBackupComponentsInternal

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext

wintrust

WinVerifyTrust

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d4b0f10c3107d9f70d8db6c38c18191

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2fCertificate

Extended Key Usages

Key Usages

b2:a1:44:b3:18:1f:6e:32:2a:ea:89:5b:5f:31:d6:d9:52:bc:07:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

dbghelp

netapi32

version

mpr

powrprof

vssapi

crypt32

wintrust

oleacc

imm32

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 391KB - Virtual size: 390KB

.data Size: 27KB - Virtual size: 58KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

bc:27:f7:a5:95:d3:b7:b7:ef:54:1a:d6:13:7a:81:2f
Certificate

b2:a1:44:b3:18:1f:6e:32:2a:ea:89:5b:5f:31:d6:d9:52:bc:07:34
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 391KB - Virtual size: 390KB

.data
Size: 27KB - Virtual size: 58KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB