2024-06-07_a41f47aec985d4d74843ab75f11a1cbf_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_a41f47aec985d4d74843ab75f11a1cbf_icedid
Size

3.3MB
MD5

a41f47aec985d4d74843ab75f11a1cbf
SHA1

a16ec91b69251bb375d94fed590bf649985406c4
SHA256

1032e784f15f45506ef9871e6679f956420f47429d37af0a14679923e6ab04f5
SHA512

022346919665d953453e209636b93a1d611220e76f7b366a7f880e49a8f17f391ea74fbb9ae25b10240f6aed9c293ee4a82f2386d08ff8b2627ea971f9123223
SSDEEP

49152:fzdAfqpaspiGhklUS87b1MiOfuig0g5xrIKOkzg2L2lzF:rGfqpaspiPlq5xrIKOkzYzF

Score

1^/10

Malware Config

Signatures

Files

2024-06-07_a41f47aec985d4d74843ab75f11a1cbf_icedid
.exe windows:4 windows x86 arch:x86

1dff3cbf02f6aeabb3f23f27c6d57892

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/12/2011, 00:00

Not After

25/12/2014, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:cc:ff:ea:d9:5a:e8:4c:37:b2:a0:aa:ad:ed:74:ba:74:91:a1:ce
Signer

Actual PE Digest

d9:cc:ff:ea:d9:5a:e8:4c:37:b2:a0:aa:ad:ed:74:ba:74:91:a1:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\yawork\DataRecoveryKingsoftPro2.0++\Release\KavDR.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetAtomNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
SetErrorMode
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetProcessHeap
GlobalHandle
ExitThread
CreateThread
ExitProcess
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
SystemTimeToFileTime
FileTimeToSystemTime
GetShortPathNameA
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
DeleteFileA
MoveFileA
GetTickCount
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
CopyFileA
GlobalSize
FormatMessageA
LocalFree
SetEndOfFile
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryA
WriteFile
CreateDirectoryA
SetFilePointer
InterlockedDecrement
lstrcmpA
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
WaitForSingleObject
GetCurrentProcessId
OpenProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
FreeLibrary
IsBadReadPtr
GetLogicalDrives
GetVolumeInformationA
SetLastError
GetProcAddress
GetModuleHandleA
DeviceIoControl
GetCommandLineW
GetPrivateProfileStringA
GetCommandLineA
WinExec
CreateMutexA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
LoadLibraryA
GetVersionExA
GetVersion
MultiByteToWideChar
InterlockedExchange
Sleep
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetWindowsDirectoryA
GetLocalTime
GetLastError
lstrcatA
lstrlenA
lstrcpyA
MulDiv
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetStartupInfoA

user32

GetMessageA
ValidateRect
MapVirtualKeyA
GetKeyNameTextA
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
MessageBoxA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
PostQuitMessage
PtInRect
SetWindowPlacement
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetForegroundWindow
SetForegroundWindow
SetWindowPos
CreateWindowExA
ShowOwnedPopups
RegisterClassA
DefWindowProcA
LockWindowUpdate
GetNextDlgGroupItem
ClientToScreen
ReleaseCapture
DispatchMessageA
TranslateMessage
GetWindowLongA
FillRect
IntersectRect
GetMessagePos
DestroyIcon
SetRect
CopyRect
DrawStateA
RedrawWindow
UpdateWindow
InflateRect
IsRectEmpty
PeekMessageA
KillTimer
RegisterClipboardFormatA
WaitMessage
MessageBeep
SetCapture
InvalidateRgn
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
SetTimer
GetWindowDC
IsIconic
GetSystemMenu
PostMessageA
DeleteMenu
DrawIcon
CharUpperW
CharUpperA
UnregisterClassA
GetDialogBaseUnits
GetSysColorBrush
MsgWaitForMultipleObjects
DestroyMenu
GetMenuItemInfoA
SetWindowContextHelpId
SetScrollInfo
CharLowerW
CharLowerA
GetDlgItemTextA
GetSystemMetrics
GetParent
FindWindowA
SetActiveWindow
IsWindowVisible
InvalidateRect
ScreenToClient
SetWindowRgn
GetWindowRect
GetWindow
IsWindow
DestroyWindow
OffsetRect
DrawIconEx
GetSysColor
DrawFocusRect
GetCapture
GetCursorPos
WindowFromPoint
SetCursor
LoadImageA
DrawEdge
GetDesktopWindow
GetDC
ReleaseDC
LoadCursorA
EnableWindow
LoadIconA
SendMessageA
GetClientRect
LoadBitmapA
DestroyCursor
MapDialogRect
CreateDialogIndirectParamA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
OffsetClipRgn
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
OffsetWindowOrgEx
ExtCreatePen
CreateHatchBrush
GetDCOrgEx
SetRectRgn
GetMapMode
PatBlt
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
StretchBlt
CreateCompatibleDC
GetObjectA
PlayMetaFile
CreateSolidBrush
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetTextExtentPoint32A
CreateFontA
ExtTextOutA
GetTextMetricsA
SelectClipRgn
CreateRectRgn
DeleteDC
GetPixel
PtInRegion
CreatePolygonRgn
Rectangle
GetCurrentObject
CreatePen
BitBlt
CombineRgn
CreateRoundRectRgn
CreateRectRgnIndirect
CreateCompatibleBitmap
SetBkMode
CreateFontIndirectA
SelectObject
DeleteObject
GetStockObject
GetDeviceCaps
LineTo

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueA
RegCreateKeyA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
ExtractIconA

comctl32

FlatSB_SetScrollProp
FlatSB_EnableScrollBar
InitializeFlatSB
FlatSB_SetScrollInfo
ImageList_LoadImageA
ImageList_GetIconSize
UninitializeFlatSB
_TrackMouseEvent

shlwapi

PathFileExistsA
StrToIntW
PathFindFileNameA
PathFindExtensionA
PathRemoveExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CoSetProxyBlanket
CoInitializeEx
OleRun
CoCreateInstance
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize
StgOpenStorageOnILockBytes
CoInitializeSecurity
CreateILockBytesOnHGlobal

oleaut32

SysFreeString
LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantClear
SysAllocString
OleLoadPicture
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons
inet_addr
WSAStartup
WSAGetLastError
getsockname
getpeername
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
inet_ntoa
ntohs
bind

psapi

GetModuleFileNameExA

Sections

.text
Size: 884KB - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dff3cbf02f6aeabb3f23f27c6d57892

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d9:cc:ff:ea:d9:5a:e8:4c:37:b2:a0:aa:ad:ed:74:ba:74:91:a1:ceSigner

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

psapi

Sections

.text Size: 884KB - Virtual size: 882KB

.rdata Size: 196KB - Virtual size: 194KB

.data Size: 16KB - Virtual size: 37KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d9:cc:ff:ea:d9:5a:e8:4c:37:b2:a0:aa:ad:ed:74:ba:74:91:a1:ce
Signer

.text
Size: 884KB - Virtual size: 882KB

.rdata
Size: 196KB - Virtual size: 194KB

.data
Size: 16KB - Virtual size: 37KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB