2024-06-20_6afdced443ec6f38b9841891e42af009_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_6afdced443ec6f38b9841891e42af009_icedid
Size

1.9MB
MD5

6afdced443ec6f38b9841891e42af009
SHA1

b046116673c20df8e68e06ebf666dcf2c4fac62d
SHA256

a6eb96b9f951845d0ca39343eae39f658f8446063625fe269afd21ba8ab8f1d4
SHA512

310a4720a4c30b33c4a624f1141759a25be510764f61e335fc119e2233846647f7e4368a768f003e82b0159028475d4079521cce8846c7ffeee593b7e298c365
SSDEEP

24576:NUO1KeEQNRjvhLefjuNFSmlDOLirealQApDo06IKPIB/YzGwuY4rBxkNed2VRgcs:zcyRjvhL4YFSG4irealQApDGiBAg

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_6afdced443ec6f38b9841891e42af009_icedid
.exe windows:5 windows x86 arch:x86

c9fca0380af9786a764a559303c12278

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:1d:88:fa:e4:57:51:44:ac:7c:77:95:3e:52:7a:e3
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/10/2010, 00:00

Not After

30/09/2011, 23:59

Subject

CN=Language Engineering Company\, LLC,OU=SECURE APPLICATION DEVELOPMENT,O=Language Engineering Company\, LLC,L=Belmont,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:d1:c0:7a:b7:ef:43:72:35:cb:e5:86:f3:b1:55:a5:5c:f0:e6:2e
Signer

Actual PE Digest

3e:d1:c0:7a:b7:ef:43:72:35:cb:e5:86:f3:b1:55:a5:5c:f0:e6:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

htons
htonl
bind
getsockname
socket
listen
accept
WSAGetLastError
inet_addr
send
ntohs
setsockopt
closesocket
WSAStartup
WSACleanup
gethostname
getpeername

odbc32

ord24
ord41
ord36
ord9
ord77
ord31
ord19
ord61
ord12
ord72
ord26
ord13
ord4

wininet

InternetReadFile
InternetOpenUrlA
InternetSetStatusCallback
InternetSetOptionA
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetQueryOptionA
InternetErrorDlg
HttpOpenRequestA
InternetConnectA
InternetGetConnectedStateEx
InternetAutodial
InternetCloseHandle

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
UnhandledExceptionFilter
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetFileType
RemoveDirectoryA
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetStdHandle
GetProcessHeap
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetEnvironmentVariableA
GetStartupInfoA
GetOEMCP
GetCPInfo
GlobalFlags
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetLocaleInfoA
InterlockedExchange
lstrcmpA
VirtualProtect
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FormatMessageA
LocalFree
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CompareStringW
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
LoadLibraryA
WaitForSingleObject
FreeResource
MulDiv
IsDBCSLeadByteEx
CreateEventA
WaitForMultipleObjectsEx
GetUserDefaultLCID
CreateProcessA
GetShortPathNameA
FindNextFileA
CreateDirectoryA
FindFirstFileA
FindClose
ResetEvent
SetEvent
CopyFileA
DeleteFileA
LockResource
Sleep
GetTickCount
ExitProcess
ResumeThread
GetCommandLineA
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
lstrcmpiA
lstrlenA
InterlockedIncrement
lstrlenW
GetCurrentThread
GetCurrentProcess
CloseHandle
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetACP
HeapAlloc
CreateFileW

user32

ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
IsIconic
DestroyMenu
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GrayStringA
DrawTextExA
TabbedTextOutA
CharUpperA
UnhookWindowsHookEx
GetMenuState
RegisterClipboardFormatA
RegisterClassExA
CreateWindowExA
SetWindowPos
GetMenuItemCount
GetMenuItemID
CallWindowProcA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
EnumWindows
SetActiveWindow
GetSubMenu
GetClassNameA
KillTimer
SetTimer
GetCapture
LoadCursorA
SetCursor
GetKeyState
BeginPaint
EndPaint
GetDlgCtrlID
SetWindowLongA
SystemParametersInfoA
GetSystemMetrics
ScreenToClient
DrawTextA
LoadBitmapA
UpdateWindow
GetTopWindow
GetWindow
ShowWindow
SetForegroundWindow
DefWindowProcA
GetSysColorBrush
GetFocus
SetFocus
PostMessageA
GetParent
GetWindowPlacement
DestroyWindow
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
GetWindowLongA
MoveWindow
GetDlgItem
CopyRect
GetSysColor
GetClientRect
GetDC
ReleaseDC
EnableWindow
GetMenu
GetWindowRect
ClientToScreen
PtInRect
TranslateMessage
SendMessageA
MsgWaitForMultipleObjectsEx
PeekMessageA
GetDesktopWindow
GetMessageA
DispatchMessageA
PostThreadMessageA
LoadStringA
CharNextW
CharNextA

gdi32

SaveDC
RestoreDC
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
GetClipBox
DeleteObject
ExtTextOutA
CreateBitmap
SetMapMode
SetBkColor
DeleteDC
GetObjectA
SetTextColor
GetDeviceCaps
SelectObject
TextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegQueryValueExA
CreateServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
OpenThreadToken
OpenProcessToken
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegOpenKeyExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteA

shlwapi

PathStripToRootA
PathIsUNCA
SHDeleteKeyA
PathFindFileNameA

ole32

CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoInitializeEx
CoInitializeSecurity
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantChangeType
SysFreeString

ws2_32

recv
select

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9fca0380af9786a764a559303c12278

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1d:1d:88:fa:e4:57:51:44:ac:7c:77:95:3e:52:7a:e3Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

3e:d1:c0:7a:b7:ef:43:72:35:cb:e5:86:f3:b1:55:a5:5c:f0:e6:2eSigner

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

odbc32

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 316KB - Virtual size: 316KB

.data Size: 39KB - Virtual size: 73KB

.rsrc Size: 415KB - Virtual size: 415KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1d:1d:88:fa:e4:57:51:44:ac:7c:77:95:3e:52:7a:e3
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

3e:d1:c0:7a:b7:ef:43:72:35:cb:e5:86:f3:b1:55:a5:5c:f0:e6:2e
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 316KB - Virtual size: 316KB

.data
Size: 39KB - Virtual size: 73KB

.rsrc
Size: 415KB - Virtual size: 415KB