2024-06-14_735a04c6cbbaf20df1df07a7a689cad5_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-14_735a04c6cbbaf20df1df07a7a689cad5_icedid
Size

1.2MB
MD5

735a04c6cbbaf20df1df07a7a689cad5
SHA1

657c583555b3580f91e74c30494b63322ae8f428
SHA256

1a636437c8b0c70367c27aa484a2de54bbc3ad538bd53eb0a38f507a3342e1e4
SHA512

0bca79dcb133f541385ad8e140adf02860918907f91094fe538967454ef61c789926146f62c9e37b4e6b0ee551a15172aec44c8dd88538222f8e768b25f626fe
SSDEEP

12288:Grb0ub+BqRRCsZQ4yV9B7W5K28MHt/tekngfDcdf73rbRw74+qnu9V2O32fB:Grb6j7WwMHt/0kgfWDb68++u9ju

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_735a04c6cbbaf20df1df07a7a689cad5_icedid
.exe windows:4 windows x86 arch:x86

034a69c1b542812ef8351a279272e949

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:1c:e3:12:05:7f:03:f2:06:15:3b:67:9e:c0:6c:b9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/01/2006, 00:00

Not After

14/02/2007, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:6b:32:3b:ac:45:79:32:80:aa:08:a4:d3:43:13:79:2d:25:78:8f
Signer

Actual PE Digest

3f:6b:32:3b:ac:45:79:32:80:aa:08:a4:d3:43:13:79:2d:25:78:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PCC15.30\src\UI\PccUpdUI\Release\PccUpdUI.pdb

Imports

secur32

GetUserNameExW

rpcrt4

RpcRaiseException
NdrConvert
NdrServerInitializeNew
NdrSimpleTypeUnmarshall
NdrConformantStringUnmarshall
RpcServerRegisterIf2
RpcServerUseProtseqEpA
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
I_RpcGetBuffer

kernel32

EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
ResumeThread
SuspendThread
GlobalFlags
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
GlobalReAlloc
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetAtomNameA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentDirectoryA
MoveFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetFullPathNameA
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileTime
TerminateProcess
UnhandledExceptionFilter
GetLocaleInfoA
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
HeapAlloc
HeapFree
ExitThread
CreateThread
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
GetACP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedDecrement
CopyFileA
GlobalSize
FormatMessageA
MulDiv
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetTickCount
GetLongPathNameW
GetLongPathNameA
FindFirstFileA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
GetTempFileNameA
DeleteFileA
GetModuleFileNameW
GetShortPathNameW
IsDBCSLeadByte
GetShortPathNameA
MoveFileExA
LocalAlloc
LocalFree
GetFileAttributesA
CreateDirectoryA
GetCurrentProcessId
GetExitCodeProcess
OpenFile
WriteFile
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcatA
GetPrivateProfileIntA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
InterlockedExchange
SetLastError
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
GetLocalTime
WritePrivateProfileStringA
lstrcmpA
GetSystemTime
GetVersionExA
GetPrivateProfileStringA
lstrlenA
MultiByteToWideChar
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateProcessA
OpenMutexA
CreateMutexA
OpenEventA
WaitForMultipleObjects
CreateEventA
SetThreadPriority
ResetEvent
PulseEvent
SetEvent
WaitForSingleObject
Sleep
GetLastError
CreateFileA
GetFileSize
SetFilePointer
ReadFile
CloseHandle
lstrcpynW
lstrcpynA
GetWindowsDirectoryA
GetVolumeInformationA
lstrcpyA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
FreeLibrary
SetUnhandledExceptionFilter

user32

GetDialogBaseUnits
UnregisterClassA
IsRectEmpty
DeleteMenu
SetParent
UnionRect
CharNextA
CopyAcceleratorTableA
SetRect
InvalidateRgn
SetCapture
GetNextDlgGroupItem
MessageBeep
SetTimer
KillTimer
WindowFromPoint
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
GetMenuItemInfoA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
GetCursorPos
ValidateRect
PostQuitMessage
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
SetMenu
TranslateAcceleratorA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuStringA
AppendMenuA
InsertMenuA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ScrollWindowEx
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
EnableWindow
SendMessageA
DestroyCursor
GetIconInfo
GetMessageTime
DrawStateA
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
GetMenuState
CheckMenuItem
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
IsWindow
IsWindowVisible
MessageBoxA
FindWindowA
GetSystemMenu
RemoveMenu
EnableMenuItem
MoveWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoA
BringWindowToTop
FillRect
FrameRect
DrawFocusRect
PostMessageA
GetWindowRect
GetClientRect
GetDC
UpdateWindow
InvalidateRect
RedrawWindow
GetParent
SetCursor
LoadImageA
GetSysColor
DestroyIcon
InflateRect
OffsetRect
LoadBitmapA
WaitForInputIdle
LoadCursorA
LoadIconA
DefWindowProcA
CopyRect
GetWindowLongA
wsprintfA
CharLowerA
CharLowerW
CharUpperA
CharUpperW
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageTimeoutA
SetFocus
SetForegroundWindow

gdi32

CreateSolidBrush
CreateHatchBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
StretchDIBits
ExtCreatePen
GetTextColor
GetRgnBox
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateDIBPatternBrushPt
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
PatBlt
CreateRectRgnIndirect
StretchBlt
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetObjectA
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
GetBkColor
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetBkColor
CreatePatternBrush

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
LookupAccountNameA
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteValueA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
OleSetClipboard
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
ReleaseStgMedium
CreateStreamOnHGlobal

oleaut32

SafeArrayGetDim
LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SysAllocString
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCopy
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayUnlock

Sections

.text
Size: 612KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

034a69c1b542812ef8351a279272e949

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

68:1c:e3:12:05:7f:03:f2:06:15:3b:67:9e:c0:6c:b9Certificate

Extended Key Usages

Key Usages

3f:6b:32:3b:ac:45:79:32:80:aa:08:a4:d3:43:13:79:2d:25:78:8fSigner

Headers

File Characteristics

PDB Paths

Imports

secur32

rpcrt4

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 612KB - Virtual size: 610KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 28KB - Virtual size: 41KB

.rsrc Size: 420KB - Virtual size: 416KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

68:1c:e3:12:05:7f:03:f2:06:15:3b:67:9e:c0:6c:b9
Certificate

3f:6b:32:3b:ac:45:79:32:80:aa:08:a4:d3:43:13:79:2d:25:78:8f
Signer

.text
Size: 612KB - Virtual size: 610KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 28KB - Virtual size: 41KB

.rsrc
Size: 420KB - Virtual size: 416KB