2024-06-15_3c2646dff6f52832541afa46027bf4b3_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-15_3c2646dff6f52832541afa46027bf4b3_icedid
Size

8.8MB
MD5

3c2646dff6f52832541afa46027bf4b3
SHA1

001bef47a2339e9114d37533c338723a431c4e1b
SHA256

f5ae598bb93d6fb871b8252806a6f3ccef4117e6f1e0aa893c899d9e60858856
SHA512

1b22473aa28d495afb25bcb87830bc4481ba1fb704365b48be40448912d89727c67f58f3eb25b8039b5b3590bc4055c655b9069d0d2ee534b0fefbe88f92af1f
SSDEEP

98304:8KQBK9zYiMArTjVQjadX4pKDDkqWPlaOnFLCrnHaWXN4fwxYxAUGwfG:8KQK9zYiMKHVKnF+TaWXNXxvwfG

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_3c2646dff6f52832541afa46027bf4b3_icedid
.exe windows:4 windows x86 arch:x86

3cb6703715751fad84cd5413e73108d3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20-10-2023 00:00

Not After

19-11-2026 23:59

Subject

CN=Information Security Technology Corporation,O=Information Security Technology Corporation,L=Neihu District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20-10-2023 00:00

Not After

19-11-2026 23:59

Subject

CN=Information Security Technology Corporation,O=Information Security Technology Corporation,L=Neihu District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:c8:eb:8d:70:51:b6:27:91:56:da:1c:56:04:7e:99:b4:da:50:a8:38:76:df:cc:82:0b:34:bf:5a:ba:13:e5
Signer

Actual PE Digest

52:c8:eb:8d:70:51:b6:27:91:56:da:1c:56:04:7e:99:b4:da:50:a8:38:76:df:cc:82:0b:34:bf:5a:ba:13:e5

Digest Algorithm

sha256

PE Digest Matches

true

2d:ca:60:64:60:f4:cb:1b:1a:e4:ea:87:ba:7a:3f:c4:23:6b:9c:02
Signer

Actual PE Digest

2d:ca:60:64:60:f4:cb:1b:1a:e4:ea:87:ba:7a:3f:c4:23:6b:9c:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetFileInformationByHandle
FindFirstFileA
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
FlushConsoleInputBuffer
SetFileAttributesA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
SetEnvironmentVariableA
GetOEMCP
GetACP
SetStdHandle
SetConsoleCtrlHandler
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
LCMapStringW
LCMapStringA
CompareStringW
CompareStringA
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
TerminateProcess
ExitThread
CreateThread
HeapFree
HeapAlloc
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
SystemTimeToFileTime
SetCurrentDirectoryW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
LocalLock
LocalUnlock
lstrcpyA
GetLogicalDrives
QueryDosDeviceW
DeviceIoControl
GetComputerNameA
SetVolumeLabelW
CreateFileMappingW
FindResourceA
GlobalAddAtomA
GetProfileStringA
BackupWrite
BackupRead
BackupSeek
MoveFileExW
VirtualProtectEx
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileMappingA
VirtualQuery
FlushInstructionCache
CreateProcessW
GetExitCodeThread
TerminateThread
GetThreadContext
GetLongPathNameW
SetThreadLocale
OutputDebugStringA
LoadLibraryExW
LoadLibraryExA
EnumResourceLanguagesW
GetWindowsDirectoryW
FormatMessageA
OpenSemaphoreW
OpenMutexW
QueryPerformanceCounter
GlobalMemoryStatus
GetTimeFormatW
GetDateFormatW
SearchPathW
LocalFileTimeToFileTime
FindResourceExW
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetTempFileNameW
GetProcessVersion
GlobalFlags
GlobalSize
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetProfileIntW
lstrcmpW
lstrcmpiA
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
GlobalGetAtomNameW
SuspendThread
SetThreadPriority
ResumeThread
MulDiv
SetLastError
GetModuleHandleA
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
ReleaseMutex
lstrlenA
GetVersionExW
GetSystemInfo
SetEvent
GetFileSize
ReadFile
CreateFileA
InterlockedExchangeAdd
ReleaseSemaphore
CreateSemaphoreW
VirtualProtect
CreateMutexW
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileIntW
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
GetLocalTime
GetCurrentDirectoryW
GetFileAttributesExW
InterlockedExchange
OutputDebugStringW
GetModuleHandleW
GetComputerNameW
ResetEvent
lstrlenW
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FormatMessageW
LocalFree
GetCurrentProcessId
FindResourceW
SizeofResource
LoadResource
LockResource
GetTempPathW
WriteFile
GetSystemDefaultLangID
GetUserDefaultLangID
FreeLibrary
GetPrivateProfileStringW
GetPrivateProfileStructW
GetModuleFileNameW
WritePrivateProfileStringW
MultiByteToWideChar
Sleep
FindNextFileW
GetLogicalDriveStringsW
GetDriveTypeW
CreateDirectoryW
CreateFileW
FindFirstFileW
FindClose
GetLastError
GetDiskFreeSpaceExW
GetVersion
LoadLibraryA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LoadLibraryW
GetProcAddress
GetLocaleInfoW
lstrcpynW
WideCharToMultiByte
GetVolumeInformationW
DeleteFileW
GetTickCount
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetSystemDirectoryW
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
FindNextFileA

user32

IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
ScrollWindowEx
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
KillTimer
SetTimer
InflateRect
FillRect
GetSysColor
IsDialogMessageW
SetWindowTextW
MoveWindow
SetMenuItemBitmaps
ModifyMenuW
GetClientRect
InvalidateRect
GetMenuCheckMarkDimensions
LoadStringW
IsWindow
SendDlgItemMessageA
GetClassInfoW
GetClassNameW
GetParent
OffsetRect
CopyRect
GetSysColorBrush
IsWindowVisible
DestroyIcon
TrackPopupMenu
EnableMenuItem
SetMenuDefaultItem
AppendMenuW
CreatePopupMenu
LoadIconW
PostMessageW
ShowScrollBar
GetMenuItemCount
GetSubMenu
LoadMenuW
PtInRect
GetWindowLongW
CallWindowProcW
SetWindowLongW
DrawFocusRect
DrawTextW
ReleaseDC
wvsprintfW
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GrayStringW
ValidateRect
GetMessageW
LoadAcceleratorsW
TranslateAcceleratorW
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
WindowFromPoint
MapDialogRect
CharUpperW
SetCursorPos
DestroyCursor
ShowOwnedPopups
SetWindowContextHelpId
WaitMessage
wsprintfW
GetFocus
RedrawWindow
GetCursorPos
ScreenToClient
LoadBitmapW
SendMessageW
GetWindowRect
EnableWindow
RegisterWindowMessageW
InvertRect
GetDialogBaseUnits
IsClipboardFormatAvailable
DeleteMenu
CharNextW
CopyAcceleratorTableW
GetNextDlgGroupItem
GetDC
GetSystemMetrics
CreateWindowExW
GetAsyncKeyState
EnumThreadWindows
GetKeyState
SetRect
GetMenuState
CheckMenuItem
InsertMenuW
GetDesktopWindow
UpdateWindow
SetCursor
LoadCursorW
SetRectEmpty
SetClassLongW
RemoveMenu
DefWindowProcW
SetWindowPos
DestroyWindow
DispatchMessageW
TranslateMessage
IsChild
PeekMessageW
SetActiveWindow
SetForegroundWindow
IsRectEmpty
IntersectRect
IsWindowEnabled
ShowWindow
SetFocus
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
SetParent
GetSystemMenu
MapWindowPoints
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
WinHelpW
RegisterClassW
GetMenu
GetMenuItemID
SetWindowPlacement
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
MsgWaitForMultipleObjects
UnionRect
FrameRect
DrawEdge
GetWindow
SystemParametersInfoW
ClientToScreen
SetCapture
GetCapture
MessageBeep
HideCaret
ReleaseCapture
GetMenuStringW
DestroyMenu
PostThreadMessageW
FindWindowW
GetActiveWindow
PostQuitMessage
DrawStateW
DrawIconEx
CopyImage
LoadImageW
DrawFrameControl
EnableScrollBar
SetWindowRgn
DestroyAcceleratorTable
IsZoomed
GetMenuItemInfoW
GetClassLongW
IsMenu
DrawIcon
GetMenuDefaultItem
GetUpdateRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
CreateAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
CopyIcon
CharUpperBuffW
SubtractRect
EnumChildWindows
GetClipboardData
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
GetWindowRgn
GetDoubleClickTime
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
WaitForInputIdle
SetWindowsHookExA
GetPropA
SetPropA
SetWindowLongA
GetClassNameA
IsWindowUnicode
SendMessageA
GetWindowLongA
RemovePropA
CallWindowProcA
CharNextA
DefWindowProcA
DefDlgProcA
GetClassInfoA
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
ShowCaret
GetWindowTextLengthA
OemToCharBuffA
CharToOemBuffA
InSendMessage
DefFrameProcW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
CreateMenu
WindowFromDC
GetTabbedTextExtentA
GetTabbedTextExtentW
UnregisterClassW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetIconInfo
MessageBoxW

gdi32

GetTextColor
SelectObject
GetTextMetricsW
SetBkColor
SetTextColor
ExtTextOutW
GetTextExtentPoint32W
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetObjectW
CreateFontIndirectW
BitBlt
CreateSolidBrush
DeleteObject
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
Escape
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
LPtoDP
GetBkColor
RestoreDC
SetBkMode
SaveDC
EnumFontFamiliesExW
DeleteDC
SetDIBits
CreateDCW
GetStockObject
GetObjectType
GetPixel
Polygon
CreatePen
GetTextExtentPointW
GetDeviceCaps
RoundRect
GetDCOrgEx
GetClipBox
CreateBitmap
PatBlt
StartDocW
SelectPalette
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
CreateDIBSection
Rectangle
Ellipse
EnumFontFamiliesW
GetTextCharsetInfo
CreateDIBitmap
SetPixel
Polyline
CreatePolygonRgn
AbortDoc
EndDoc
EndPage
StartPage
CreateRoundRectRgn
GetDIBits
RealizePalette
StretchBlt
OffsetRgn
GetRgnBox
GetPaletteEntries
CreatePalette
GetNearestPaletteIndex
GetSystemPaletteEntries
PtInRegion
FrameRgn
FillRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetBitmapBits
GetObjectA
CreateDCA
ExtTextOutA
GetTextExtentPointA
SetAbortProc
GetViewportOrgEx
StretchDIBits
GetCharWidthW
CreateFontW
GetWindowOrgEx
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceW
GetTextExtentPoint32A
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CopyMetaFileW
CreatePatternBrush

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW
PrintDlgW
ChooseFontW
CommDlgExtendedError
ReplaceTextW
FindTextW
ChooseColorW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
EnumPrintersW

advapi32

RegSetValueExA
RegCloseKey
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
GetUserNameW
SetFileSecurityW
RegConnectRegistryW
RegCreateKeyExW
RegQueryValueExA
RegEnumKeyW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegOpenKeyW
RegSetValueW
GetFileSecurityW
GetUserNameA
RegQueryValueW

shell32

SHFileOperationA
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW
Shell_NotifyIconW
DragAcceptFiles
DragFinish
DragQueryFileW
ExtractIconW
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetDesktopFolder
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetOverlayImage
ImageList_Copy
ImageList_GetImageInfo
ImageList_GetIconSize
PropertySheetW
ImageList_Remove
ord17
ord13
ord14
ImageList_Destroy
ImageList_Add
ImageList_Create
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Write
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_DrawEx
ImageList_GetImageCount

oledlg

OleUIBusyW

ole32

RevokeDragDrop
OleTranslateAccelerator
IsAccelerator
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
CoGetMalloc
GetRunningObjectTable
CreateOleAdviseHolder
CreateDataAdviseHolder
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleCreateMenuDescriptor
ReleaseStgMedium
OleGetClipboard
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoTreatAsClass
DoDragDrop
OleSetMenuDescriptor
OleLockRunning
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
StringFromCLSID
CoTaskMemFree
CoCreateGuid
CreateFileMoniker
CLSIDFromProgID
OleRun
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
RegisterDragDrop
CLSIDFromString
CoLockObjectExternal
OleDestroyMenuDescriptor

olepro32

ord253

oleaut32

VarBstrFromCy
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocString
LoadTypeLi
SysStringLen
SysReAllocStringLen
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
SafeArrayCreateVector
VarCyFromStr
SysAllocStringByteLen
SysStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SysFreeString
VariantInit
VariantChangeType
VariantClear

wsock32

gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
WSASetLastError
gethostname
getservbyport
gethostbyaddr
getservbyname
select
__WSAFDIsSet
inet_addr
ntohs
getpeername
getsockname
accept
ioctlsocket
bind
htons
htonl
closesocket
recv
send
WSAAsyncSelect
inet_ntoa
socket
recvfrom
sendto
connect
ntohl
getsockopt
listen
shutdown
setsockopt
WSACancelBlockingCall

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

PlaySoundW

rpcrt4

RpcStringFreeA
UuidFromStringW
UuidToStringA
UuidCreate
RpcStringFreeW
UuidToStringW

ws2_32

WSAIoctl

wldap32

ord33
ord79
ord35
ord301
ord200
ord30
ord26
ord50
ord145
ord213
ord22
ord45
ord27
ord41
ord46
ord32

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 892KB - Virtual size: 890KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cb6703715751fad84cd5413e73108d3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

52:c8:eb:8d:70:51:b6:27:91:56:da:1c:56:04:7e:99:b4:da:50:a8:38:76:df:cc:82:0b:34:bf:5a:ba:13:e5Signer

2d:ca:60:64:60:f4:cb:1b:1a:e4:ea:87:ba:7a:3f:c4:23:6b:9c:02Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

version

winmm

rpcrt4

ws2_32

wldap32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 892KB - Virtual size: 890KB

.data Size: 252KB - Virtual size: 321KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

52:c8:eb:8d:70:51:b6:27:91:56:da:1c:56:04:7e:99:b4:da:50:a8:38:76:df:cc:82:0b:34:bf:5a:ba:13:e5
Signer

2d:ca:60:64:60:f4:cb:1b:1a:e4:ea:87:ba:7a:3f:c4:23:6b:9c:02
Signer

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 892KB - Virtual size: 890KB

.data
Size: 252KB - Virtual size: 321KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB