2024-06-19_42b518613fc0ab835c2a25d5820fd890_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-19_42b518613fc0ab835c2a25d5820fd890_icedid
Size

1.9MB
MD5

42b518613fc0ab835c2a25d5820fd890
SHA1

15e6bfd8b295c53c5b4f03489332430f5115ee18
SHA256

caad1a2aaffcc17207d78f350fd18f8c2f50d1a839335759c6c63b79dd3dea44
SHA512

79620d22a6d7e1a7a8be23246471557acf0aa665a892195213e84bb5000c320f9b36049ce5d6e90fbc9fa8bda89fab3d257ad6a7243ddec9eb67cb6fb7141256
SSDEEP

49152:Yii8V839fsRczgM+G+rIMHQiSUYYNzrbWsa6:Yii8utfs2zgW+XHh1zXWN6

Score

1^/10

Malware Config

Signatures

Files

2024-06-19_42b518613fc0ab835c2a25d5820fd890_icedid
.exe windows:5 windows x86 arch:x86

a58d946c02561323e8edba6c25ca0e99

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:a9:fe:e7:b5:5f:45:e6:ec:b8:2d:6a:12:f1:28:18
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

14-12-2007 00:00

Not After

13-12-2010 23:59

Subject

CN=Bullseye Testing Technology,O=Bullseye Testing Technology,POSTALCODE=98052,STREET=11515 169TH CT NE,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:32:70:c0:63:02:a6:e9:ee:e7:35:4a:f2:d0:7e:d2:a7:02:b6:9f
Signer

Actual PE Digest

84:32:70:c0:63:02:a6:e9:ee:e7:35:4a:f2:d0:7e:d2:a7:02:b6:9f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetFullPathNameA
GetModuleHandleW
SystemTimeToFileTime
FindResourceExA
GetCPInfo
GetOEMCP
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetProcessHeap
SetConsoleCtrlHandler
SetStdHandle
ExitThread
CreateThread
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
SetFilePointer
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
CreateDirectoryA
GetDriveTypeA
SetCurrentDirectoryA
WriteFile
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
VirtualProtect
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalUnlock
lstrlenA
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
ExpandEnvironmentStringsA
SetLastError
RemoveDirectoryA
DeleteFileA
QueryPerformanceCounter
GetSystemInfo
CreateFileA
ReadFile
GetFileType
GetFileInformationByHandle
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
Sleep
CreateHardLinkA
SetHandleInformation
UnlockFile
LockFileEx
FindNextFileA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetVersionExA
GetStartupInfoA
FindFirstFileA
FindClose
GetComputerNameA
GetCompressedFileSizeA
FormatMessageA
LocalFree
SetEnvironmentVariableW
GetTempPathA
GetModuleFileNameA
MulDiv
GetModuleHandleA
ExitProcess
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
MoveFileExA
GetLastError
UnhandledExceptionFilter
GetCommandLineA

user32

GetClassLongA
GetClassNameA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetPropA
GetCapture
SetActiveWindow
SetWindowPos
ShowWindow
GetPropA
RemovePropA
GetAsyncKeyState
GetDlgItem
GetWindowTextLengthA
GetWindow
SetFocus
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnhookWindowsHookEx
CopyRect
IsWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetCursorPos
GetClientRect
GetWindowRect
PtInRect
SendMessageA
LoadIconA
EnableWindow
SendMessageTimeoutA
GetActiveWindow
LoadCursorA
SetCursor
EnumWindows
GetWindowTextA
PostMessageA
MapDialogRect
PeekMessageA
PostQuitMessage
ReleaseDC
GetDC
GetParent
KillTimer
SetTimer
UnregisterClassA
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetWindowThreadProcessId
SetForegroundWindow

gdi32

SetMapMode
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
DPtoLP
EnumFontFamiliesExA
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetTextExtentPoint32A
GetDeviceCaps
CreateFontIndirectA
GetObjectA

comdlg32

CommDlgExtendedError

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHChangeNotify

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathFindExtensionA

ole32

StringFromCLSID
CoTaskMemFree
OleInitialize
CoCreateInstance
OleUninitialize
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a58d946c02561323e8edba6c25ca0e99

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

8e:a9:fe:e7:b5:5f:45:e6:ec:b8:2d:6a:12:f1:28:18Certificate

Extended Key Usages

Key Usages

84:32:70:c0:63:02:a6:e9:ee:e7:35:4a:f2:d0:7e:d2:a7:02:b6:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

8e:a9:fe:e7:b5:5f:45:e6:ec:b8:2d:6a:12:f1:28:18
Certificate

84:32:70:c0:63:02:a6:e9:ee:e7:35:4a:f2:d0:7e:d2:a7:02:b6:9f
Signer

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB