2024-06-09_59c0f8dda89415df722fdda696150637_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-09_59c0f8dda89415df722fdda696150637_icedid
Size

1.1MB
MD5

59c0f8dda89415df722fdda696150637
SHA1

dc204cbdde44cafce0d54f6122e1a1c26965e28b
SHA256

3065fa925984de7ef2f0f914af6cffc8870c79a8bd3e880f6ad27012a0b7971f
SHA512

aa67fcadf082ce0207a277d3ab0d49a191ab9a31ffb70e9080b5a4aa23e3b15ce49f8e3798f21a8460ce6726638bae8da7d7c89fecba8627e4947f16137de61f
SSDEEP

24576:/iUTNLpDg3t+EVWW1qYJemKPl2pnwLdF78:Z5pDg39YW1qYJeVl2pwr8

Score

1^/10

Malware Config

Signatures

Files

2024-06-09_59c0f8dda89415df722fdda696150637_icedid
.exe windows:4 windows x86 arch:x86

764dd0e520e502b60cfa3bcdc50236e8

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:e3:ff:82:af:eb:ed:cb:4f:72:c6:8d:31:b3:79:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/09/2014, 00:00

Not After

28/09/2017, 23:59

Subject

CN=1905（Beijing)Network Technology Co.\,Ltd,OU=1905（Beijing)Network Technology Co.\,Ltd,O=1905（Beijing)Network Technology Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:2e:81:06:08:4a:db:08:49:f8:af:df:2c:4f:b1:7d:5d:df:92:04
Signer

Actual PE Digest

ca:2e:81:06:08:4a:db:08:49:f8:af:df:2c:4f:b1:7d:5d:df:92:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\VS 2005工程\电影网\m1905\exe\1905Player.pdb

Imports

kernel32

GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
DeleteFileA
MoveFileA
RtlUnwind
ExitProcess
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FileTimeToLocalFileTime
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
SetErrorMode
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
ReleaseMutex
CreateMutexW
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GlobalFree
FormatMessageW
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
RaiseException
LoadLibraryA
LocalAlloc
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
GetSystemInfo
FreeLibrary
FreeResource
GetVersion
GetProcAddress
SetLastError
GetVersionExW
LoadLibraryW
GetModuleHandleW
GetCPInfo
CreateSemaphoreA
GetLastError
CreateDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
CreateFileA
GetModuleFileNameA
GetTempPathA
WritePrivateProfileStringA
lstrlenA
LocalFree
GetPrivateProfileStringA
OpenMutexW
CreateProcessW
GetCommandLineW
TerminateThread
Sleep
WaitForSingleObject
WideCharToMultiByte
CreateThread
CloseHandle
GetLocalTime
OutputDebugStringW
lstrlenW
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
OutputDebugStringA
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
SetHandleCount
GetTickCount

user32

RegisterClipboardFormatW
PostThreadMessageW
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
GetMenuStringW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
UpdateWindow
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
SystemParametersInfoA
GetWindowPlacement
CallWindowProcW
IntersectRect
GetNextDlgTabItem
ClientToScreen
OffsetRect
GetActiveWindow
GetMenuItemID
DrawTextW
TabbedTextOutW
GetSubMenu
DrawTextExW
ModifyMenuW
SetRect
GetMenuState
GrayStringW
GetSysColorBrush
LoadBitmapW
GetMenuItemCount
GetLastActivePopup
GetPropA
WindowFromPoint
GetSysColor
LoadImageW
GetAsyncKeyState
DrawStateW
IsRectEmpty
GetClassNameA
GetWindow
CallNextHookEx
GetClassLongW
SetClassLongW
ShowWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMenu
IsIconic
GetKeyState
SetForegroundWindow
RemovePropA
DrawIcon
FindWindowW
LoadIconW
SetPropA
AppendMenuW
CreatePopupMenu
GetFocus
SetFocus
SystemParametersInfoW
GetDlgItem
CopyRect
GetNextDlgGroupItem
CharUpperW
InvalidateRgn
CopyAcceleratorTableW
UnregisterClassW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
MessageBeep
GetSystemMetrics
SetCursor
LoadCursorW
GetWindowThreadProcessId
CharNextW
DestroyMenu
ValidateRect
CreateDialogIndirectParamW
EndDialog
DefWindowProcW
ScreenToClient
InflateRect
PostMessageW
FillRect
SetCapture
PtInRect
InvalidateRect
GetCursorPos
ReleaseCapture
SendMessageW
EndPaint
BeginPaint
SetWindowRgn
SetTimer
GetWindowRect
GetMessageW
GetWindowDC
KillTimer
GetParent
SetParent
GetClientRect
GetDC
TranslateMessage
GetWindowLongW
ReleaseDC
SetWindowLongW
GetDesktopWindow
SetWindowPos
SetLayeredWindowAttributes
IsWindow
IsWindowVisible
PrintWindow
EnableWindow
DispatchMessageW
GetClassNameW
UnregisterClassA

gdi32

SetTextColor
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetBkColor
CreateBitmap
GetDeviceCaps
ExtTextOutW
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
GetStockObject
PtVisible
Escape
CreatePen
RectVisible
TextOutW
BeginPath
CreateEllipticRgn
CreateFontIndirectW
EndPath
PathToRegion
GetPixel
SetStretchBltMode
GetTextMetricsW
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateCompatibleBitmap
GetTextExtentPoint32W
SetDIBColorTable
CreateFontW
CreatePolygonRgn
BitBlt
DeleteDC
CreateDIBSection
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect
GetDIBColorTable
GetObjectW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsA
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen

gdiplus

GdipDrawLinesI
GdipSetStringFormatLineAlign
GdipDrawImageRectRectI
GdipRotateWorldTransform
GdipResetWorldTransform
GdipGetDC
GdipTranslateWorldTransform
GdiplusShutdown
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup
GdipDeleteBrush
GdipCloneBrush
GdipDeleteFont
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateSolidFill
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipFillRectangleI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipLoadImageFromFile
GdipReleaseDC
GdipDrawImageRectI
GdipDrawImageRect
GdipSetStringFormatTrimming
GdipDeletePen
GdipCreatePen2
GdipDrawLineI
GdipFillRectangle
GdipSetSolidFillColor
GdipFillEllipseI
GdipBitmapGetPixel
GdipCreatePen1
GdipDrawRectangleI
GdipDrawImageRectRect
GdipAddPathRectangleI
GdipGetRegionHRgn
GdipCreateRegionPath
GdipDeletePath
GdipDeleteRegion
GdipCreatePath
GdipSetClipHrgn
GdipGetPathWorldBounds
GdipGetFontStyle
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipDrawImage
GdipGetFontHeight

forcetechhttp

?GetData@CForcetechHttp@@QAEHPADH@Z
?SendData@CForcetechHttp@@QAEHPAD000000@Z
?GetState@CForcetechHttp@@QAEHXZ
?GetDownProgress@CForcetechHttp@@QAEXAAH0@Z
?Stop@CForcetechHttp@@QAEHXZ
??0CForcetechHttp@@QAE@XZ
??1CForcetechHttp@@QAE@XZ
?SendData@CForcetechHttp@@QAEHPAD000H000@Z
?GetHead@CForcetechHttp@@QAEHPADH@Z
?UpLoadFile@CForcetechHttp@@QAEHPAD0000@Z
?SaveData@CForcetechHttp@@QAEHPAD@Z
?InitHttpPath@CForcetechHttp@@SAXPAD@Z
?UrlToFileName@CForcetechHttp@@SAPADPAD0H@Z

wininet

InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

764dd0e520e502b60cfa3bcdc50236e8

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

08:e3:ff:82:af:eb:ed:cb:4f:72:c6:8d:31:b3:79:f7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ca:2e:81:06:08:4a:db:08:49:f8:af:df:2c:4f:b1:7d:5d:df:92:04Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

forcetechhttp

wininet

dbghelp

iphlpapi

Sections

.text Size: 864KB - Virtual size: 863KB

.rdata Size: 164KB - Virtual size: 160KB

.data Size: 16KB - Virtual size: 77KB

.rsrc Size: 108KB - Virtual size: 104KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

08:e3:ff:82:af:eb:ed:cb:4f:72:c6:8d:31:b3:79:f7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ca:2e:81:06:08:4a:db:08:49:f8:af:df:2c:4f:b1:7d:5d:df:92:04
Signer

.text
Size: 864KB - Virtual size: 863KB

.rdata
Size: 164KB - Virtual size: 160KB

.data
Size: 16KB - Virtual size: 77KB

.rsrc
Size: 108KB - Virtual size: 104KB