2024-06-16_4cf8cff3dc80115b2e7e46652dd3c8fe_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_4cf8cff3dc80115b2e7e46652dd3c8fe_icedid
Size

606KB
MD5

4cf8cff3dc80115b2e7e46652dd3c8fe
SHA1

238ad904c0ecd2959678943502e1e290e9bff19c
SHA256

47ed117792275c6f8075049e0549b81cbf4777883a979270b3c28b4e87c348aa
SHA512

8171143dd0baf5ba57a2ca760f237bc3f37bee9863bc0d046f21664fb1ad9d68806f4cfbff35728f5f7da3621cc581a380c56f55c4f386d0d4a953b861c42fb6
SSDEEP

6144:acRjQX8giaf2P3oBCcEnHMcvIyekwgMLz1wbHhV6mrjdvlCFCvAfujqRe:aGkX8gfVJk83KTh8mndvlCFC2ujqRe

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_4cf8cff3dc80115b2e7e46652dd3c8fe_icedid
.exe windows:4 windows x86 arch:x86

cdd509f2c44a6ed7f16d66ba2681d792

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:b5:e6:f2:aa:9a:9d:d8:0d:fb:4c:ef:4a:ac:9b:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/05/2022, 00:00

Not After

02/06/2023, 23:59

Subject

SERIALNUMBER=4800-01-000861,CN=JUSTSYSTEMS CORPORATION,O=JUSTSYSTEMS CORPORATION,L=Shinjuku-ku,ST=Tokyo,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:cb:81:63:6d:8d:de:e7:88:44:f3:58:9f:6b:dd:b4:d7:b4:ba:88
Signer

Actual PE Digest

09:cb:81:63:6d:8d:de:e7:88:44:f3:58:9f:6b:dd:b4:d7:b4:ba:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Projects\license_management_agent\jspass2_20181101\LMAUI\Release\JSLMAUI.pdb

Imports

imm32

ImmAssociateContext

wininet

InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

kernel32

SetErrorMode
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringA
LCMapStringW
GetConsoleCP
GetFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
GetVersionExW
SetLastError
GetLastError
WriteFile
CreateFileW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryW
GetModuleHandleW
GetProcAddress
CreateEventW
SetEvent
LocalFree
ExpandEnvironmentStringsW
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
FindResourceExW
GlobalFlags
WritePrivateProfileStringW
ReadFile
WaitForSingleObject
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
ReleaseMutex
CreateMutexW
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
CreateNamedPipeW
FormatMessageW
lstrlenW
MulDiv
VirtualProtect
GetCurrentProcessId
FreeResource
RaiseException
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetProcessHeap
HeapAlloc
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
DeleteFileW
GetTempPathW
GetTempFileNameW
CompareFileTime
WideCharToMultiByte
GlobalSize
GlobalGetAtomNameW
lstrlenA
InterlockedDecrement
ResumeThread
InterlockedIncrement
MultiByteToWideChar
GetModuleFileNameW
OpenProcess
Sleep
WaitNamedPipeW
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcess
GetConsoleMode

user32

PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
CallWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
DestroyMenu
InflateRect
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
ValidateRect
DrawTextExW
FillRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
SetPropW
GetCapture
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
SetFocus
GetLastActivePopup
MessageBoxW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuItemInfoW
FindWindowA
GetKeyState
GetFocus
GetWindowDC
SystemParametersInfoW
GetSystemMetrics
GetSysColorBrush
DrawIconEx
SetCursor
ReleaseCapture
LoadCursorW
SetCapture
RedrawWindow
InvalidateRect
SetWindowRgn
DrawTextW
LoadBitmapW
CopyRect
OffsetRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
IsClipboardFormatAvailable
GetClipboardData
GetDlgItem
CloseClipboard
OpenClipboard
GetClassNameW
GetWindow
RegisterWindowMessageW
PeekMessageW
GetCursorPos
DefWindowProcW
TranslateMessage
GetMessageW
ShowOwnedPopups
CharUpperW
UnregisterClassW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
SetMenu
GrayStringW
TranslateAcceleratorW
KillTimer
SetTimer
LoadMenuW
GetSubMenu
GetSysColor
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
GetDC
ReleaseDC
GetParent
DestroyIcon
PostMessageW
MapDialogRect
LoadIconW
EnableWindow
GetClientRect
GetWindowRect
GetSystemMenu
SendMessageW
AppendMenuW
TabbedTextOutW
UnregisterClassA

gdi32

BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateSolidBrush
GetTextExtentPoint32W
CreateCompatibleBitmap
DPtoLP
EnumFontFamiliesExW
CreateBitmap
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
DeleteDC
CreateRectRgn
CombineRgn
DeleteObject
GetDIBits
StretchBlt
GetObjectW
CreateFontIndirectW
SetTextColor
SetBkColor
GetStockObject
GetPixel
SelectObject
CreatePatternBrush
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
OpenProcessToken
DuplicateTokenEx
CreateProcessWithTokenW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
LookupAccountNameW
EqualSid
GetSecurityInfo
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFileInfoW
ord680
ShellExecuteW
Shell_NotifyIconW
ord727
SHGetStockIconInfo
SHGetSpecialFolderPathW
SHGetFolderPathW
DragFinish
DragQueryFileW
ExtractIconExW

shlwapi

PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW
PathAddBackslashW
AssocQueryStringW
PathAppendW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRect
GdipCloneImage
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdd509f2c44a6ed7f16d66ba2681d792

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

01:b5:e6:f2:aa:9a:9d:d8:0d:fb:4c:ef:4a:ac:9b:d9Certificate

Extended Key Usages

Key Usages

09:cb:81:63:6d:8d:de:e7:88:44:f3:58:9f:6b:dd:b4:d7:b4:ba:88Signer

Headers

File Characteristics

PDB Paths

Imports

imm32

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

gdiplus

Sections

.text Size: 284KB - Virtual size: 281KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 220KB - Virtual size: 218KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

01:b5:e6:f2:aa:9a:9d:d8:0d:fb:4c:ef:4a:ac:9b:d9
Certificate

09:cb:81:63:6d:8d:de:e7:88:44:f3:58:9f:6b:dd:b4:d7:b4:ba:88
Signer

.text
Size: 284KB - Virtual size: 281KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 220KB - Virtual size: 218KB