2024-06-12_db135e2a0bb8e8d67a7bdf3f70e1c0cb_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-12_db135e2a0bb8e8d67a7bdf3f70e1c0cb_icedid
Size

3.1MB
MD5

db135e2a0bb8e8d67a7bdf3f70e1c0cb
SHA1

15ed608181c6d594929407fdb7d9943bc3b89d15
SHA256

461248848917830b3dbe62ee2a25171a6f3b8edc20e07189dbb4e899ca04201b
SHA512

423d664e580f0d92db3ce947f1a79082f705c25d08f10991cb2ad426f946745499196ae5fb942fe317744235735f9c967d6682a9d5038e62d27cbf08ca3fc7db
SSDEEP

24576:T7S155m6VShJQL958ip/P7/lAklgxd1r:3SxVUuL958ipL/lvlgxrr

Score

1^/10

Malware Config

Signatures

Files

2024-06-12_db135e2a0bb8e8d67a7bdf3f70e1c0cb_icedid
.exe windows:5 windows x86 arch:x86

289215bd0bbbf3eeab600a551191b30a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:31:78:7e:26:1d:d0:33:b0:12:8c:49:4a:f6:eb:9e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03-03-2015 00:00

Not After

01-04-2017 23:59

Subject

CN=Dream Hands Co.\,Ltd,OU=IT Team,O=Dream Hands Co.\,Ltd,L=Haewoondae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:ea:95:02:aa:30:d3:86:21:6b:e0:f8:c4:f8:87:86:d2:8f:c1:c5
Signer

Actual PE Digest

6e:ea:95:02:aa:30:d3:86:21:6b:e0:f8:c4:f8:87:86:d2:8f:c1:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK\MAIN\Platform\Mfile\mfile_20140324_mureka_fileham\backup\MULTI\expressClient\Bin\MfileDown.pdb

Imports

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileSizeEx
GetFileTime
SetErrorMode
WritePrivateProfileStringA
GetCurrentDirectoryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
GetModuleHandleW
VirtualQuery
SetStdHandle
GetFileType
GlobalHandle
HeapSize
GetACP
IsValidCodePage
GetStdHandle
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
TlsGetValue
ExitProcess
InterlockedIncrement
InterlockedExchange
lstrcmpA
LocalAlloc
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
ReadFile
FileTimeToSystemTime
GetThreadLocale
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
lstrcmpW
LocalFree
GetCommandLineA
CreateMutexA
IsBadReadPtr
DuplicateHandle
TerminateProcess
GetCurrentProcess
GetFullPathNameA
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
lstrcpynA
GetProcAddress
GetModuleHandleA
LoadLibraryA
SetLastError
MulDiv
GlobalReAlloc
HeapAlloc
HeapDestroy
HeapFree
HeapCreate
TerminateThread
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrlenA
FlushFileBuffers
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetModuleFileNameA
VirtualFree
GetCurrentProcessId
VirtualAlloc
GlobalFree
GlobalUnlock
GetLastError
GlobalLock
GlobalAlloc
GetTickCount
MultiByteToWideChar
GetVolumeInformationA
GetDiskFreeSpaceExA
FormatMessageA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetSystemInfo
VirtualProtect
GetVersionExA

user32

GetSysColorBrush
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
LoadCursorA
DrawIcon
IsRectEmpty
CharUpperA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckRadioButton
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMenuItemInfoA
GetMessageTime
GetMessagePos
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
LoadIconA
ShowWindow
SetTimer
CreatePopupMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReplyMessage
ExitWindowsEx
GetKeyState
GetClassInfoA
SetWindowPos
ReleaseDC
MapWindowPoints
EnumChildWindows
GetClassNameA
GrayStringA
DrawTextExA
TabbedTextOutA
UnregisterClassA
CopyAcceleratorTableA
InvalidateRgn
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
DrawFocusRect
GetFocus
PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
UnhookWindowsHookEx
GetNextDlgGroupItem
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
CharNextA
UnpackDDElParam
ReuseDDElParam
PostQuitMessage
PeekMessageA
LoadMenuA
DestroyMenu
KillTimer
EnableWindow
GetClientRect
GetSysColor
InflateRect
GetSystemMetrics
OffsetRect
GetCapture
SetCapture
InvalidateRect
ClientToScreen
WindowFromPoint
ReleaseCapture
PtInRect
CopyRect
DrawIconEx
LoadImageA
SendMessageA
GetDlgItem
IsWindow
FillRect
DrawTextA
FindWindowA
PostMessageA
SetWindowRgn
GetActiveWindow
SetRect
GetDC
LoadBitmapA
SetWindowLongA
CallWindowProcA
MessageBoxA
SetCursor
UpdateWindow
GetParent
RedrawWindow
GetWindowThreadProcessId
GetWindowLongA
RegisterWindowMessageA
GetWindowRect

gdi32

CreatePatternBrush
ExtSelectClipRgn
CreateEllipticRgn
Ellipse
GetRgnBox
GetTextColor
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
Rectangle
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateDCA
GetPixel
CreateRectRgn
CreateFontA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetRectRgn
CreateRectRgnIndirect
GetDeviceCaps
CreatePen
GetBkColor
GetViewportExtEx
GetWindowExtEx
LPtoDP
CombineRgn
ExtCreateRegion
CreateDIBSection
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateFontIndirectA
GetStockObject
GetObjectA
CreateSolidBrush
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

LookupPrivilegeValueA
RegQueryValueA
RegOpenKeyA
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegCloseKey
RegQueryValueExA

shell32

Shell_NotifyIconA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindFileNameA
PathGetArgsA
PathIsDirectoryA
PathRemoveFileSpecW
PathFindExtensionA
PathStripToRootA
PathIsUNCA
StrFormatByteSize64A

oledlg

ord8

ole32

CoUninitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocString
SysFreeString
SafeArrayDestroy
SysAllocStringLen

wsock32

WSASetLastError
inet_addr
setsockopt
closesocket
inet_ntoa
ioctlsocket
htons
WSAGetLastError
WSACleanup
WSAStartup

version

VerQueryValueA
GetFileVersionInfoA

nat

ord2
ord3

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

ws2_32

WSACreateEvent
WSAEventSelect
WSACloseEvent
WSARecv
WSASend
WSAConnect
WSAWaitForMultipleEvents
WSASocketA
WSASetEvent
WSAEnumNetworkEvents

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

289215bd0bbbf3eeab600a551191b30a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:31:78:7e:26:1d:d0:33:b0:12:8c:49:4a:f6:eb:9eCertificate

Extended Key Usages

Key Usages

6e:ea:95:02:aa:30:d3:86:21:6b:e0:f8:c4:f8:87:86:d2:8f:c1:c5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

version

nat

wininet

ws2_32

oleacc

Sections

.text Size: 424KB - Virtual size: 423KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:31:78:7e:26:1d:d0:33:b0:12:8c:49:4a:f6:eb:9e
Certificate

6e:ea:95:02:aa:30:d3:86:21:6b:e0:f8:c4:f8:87:86:d2:8f:c1:c5
Signer

.text
Size: 424KB - Virtual size: 423KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB