2024-06-24_8028971564ae8c6dc0f897549681bae5_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-24_8028971564ae8c6dc0f897549681bae5_icedid
Size

477KB
MD5

8028971564ae8c6dc0f897549681bae5
SHA1

15d0f0eb508a1612b4785aa2c90fe0d7b28f39f9
SHA256

4d253a2be378cfe6aee4869739d86652e1e655ca7ddb5987a0fcf8e9c94f4853
SHA512

812d00d370fa938f0cdd8c43ebd74961b16d956e13b106e8857773440bc4d101799dbffe297a0c3d15345c275bad7fc063ad941d527cfe6c85558dc0ab30879f
SSDEEP

12288:aSzpoW/x3oRNKG1UW+shAT17thnw+D6/mvoup7:1zoRePshAZfw+D0M7

Score

1^/10

Malware Config

Signatures

Files

2024-06-24_8028971564ae8c6dc0f897549681bae5_icedid
.exe windows:5 windows x86 arch:x86

606a23de2273f14e16f863843f57a19d

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:32:23:8f:41:6d:23:4e:04:30:fc:3a:c2:d3:5b:2e:25
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12-07-2013 08:07

Not After

13-07-2014 08:07

Subject

CN=Shinano Kenshi Co.\,Ltd.,O=Shinano Kenshi Co.\,Ltd.,L=Ueda-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:d9:2e:c7:51:0f:aa:db:4c:ac:19:a1:22:d3:01:f2:62:32:d0:8b
Signer

Actual PE Digest

6a:d9:2e:c7:51:0f:aa:db:4c:ac:19:a1:22:d3:01:f2:62:32:d0:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\PlexTalkProjects\Tool\VerUpTool\PTR2 USER Relaese\VerUpTool.pdb

Imports

wintdc

?WriteBuffer@CTmkDriveCtrl@@QAEHPAXHKKK@Z
?ReadBuffer@CTmkDriveCtrl@@QAEHPAXHKKK@Z
?FindFirstDrive@CTmkDriveCtrl@@QAEPAUTDC_DRIVE_FIND@@PBDPAUTDC_DRIVE_INFO@@E@Z
?ConnectDrive@CTmkDriveCtrl@@QAEHDE@Z
??0CTmkDriveCtrl@@QAE@XZ
??1CTmkDriveCtrl@@UAE@XZ
??1CTmkSendCmd@@UAE@XZ
?FindNextDrive@CTmkDriveCtrl@@QAEHPAUTDC_DRIVE_FIND@@PAUTDC_DRIVE_INFO@@@Z
?FindDriveClose@CTmkDriveCtrl@@QAEXPAUTDC_DRIVE_FIND@@@Z
?DisconnectDrive@CTmkDriveCtrl@@QAEXXZ
??1CSendASPI@@UAE@XZ
??1CTmkSwitchInterface@@UAE@XZ
??1CSendSPTI@@UAE@XZ
?ConnectCheckDrive@CTmkDriveCtrl@@QAEHXZ

uusbd

ord7
ord2
ord1
ord4
ord10
ord3

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindResourceExA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetModuleHandleW
GetCurrentDirectoryA
SetErrorMode
GetFileSizeEx
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStdHandle
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
MultiByteToWideChar
lstrcmpW
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VirtualProtect
SetFilePointer
GetVersionExA
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
lstrcatA
GetUserDefaultLCID
MulDiv
CreateProcessA
GetDriveTypeA
lstrcpyA
FindFirstFileA
FindClose
WriteFile
OutputDebugStringA
CreateEventA
CreateThread
SetEvent
ResetEvent
GetTempPathA
EnterCriticalSection
LeaveCriticalSection
OpenMutexA
WaitForSingleObject
GetTickCount
Sleep
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
LocalFree
FormatMessageA
CopyFileA
DeleteFileA
GetShortPathNameA
lstrlenA
CreateMutexA
GetLastError
CloseHandle
lstrcmpA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetFileTime

user32

BeginPaint
EndPaint
GetSysColorBrush
LoadCursorA
UnregisterClassA
SetCapture
ReleaseCapture
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetWindowContextHelpId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetWindowDC
GetMessageTime
GetMessagePos
PeekMessageA
GetKeyState
SetMenu
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetPropA
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropA
RemovePropA
GetAsyncKeyState
GetDlgItem
IsWindowEnabled
ExitWindowsEx
GetFocus
InvalidateRect
GetWindowRect
PostMessageA
OffsetRect
CopyRect
SetFocus
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetParent
MapWindowPoints
GetWindowLongA
AdjustWindowRectEx
MoveWindow
GetClientRect
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
DestroyMenu
GetTopWindow
CharUpperA
IsWindow
IsWindowVisible
EnumChildWindows
GetClassNameA
LoadIconA
SendMessageA
GetSystemMenu
AppendMenuA
DeleteMenu
EnumWindows
GetWindowTextA
SetForegroundWindow
EnableWindow
KillTimer
SetTimer
IsChild

gdi32

GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
RestoreDC
DeleteDC
GetStockObject
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
SaveDC
DeleteObject
CreateRectRgnIndirect
ExtTextOutA
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectA
CreateFontIndirectA
SetMapMode
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject

oleaut32

SysFreeString
VariantCopy
SysStringLen
SysAllocStringByteLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

??0CSendASPI@@QAE@ABV0@@Z
??0CSendSPTI@@QAE@ABV0@@Z
??0CTmkDriveCtrl@@QAE@ABV0@@Z
??0CTmkSendCmd@@QAE@ABV0@@Z
??0CTmkSwitchInterface@@QAE@ABV0@@Z
??0IBlankStatus@@QAE@ABV0@@Z
??0IBlankStatus@@QAE@XZ
??4CSendASPI@@QAEAAV0@ABV0@@Z
??4CSendSPTI@@QAEAAV0@ABV0@@Z
??4CTmkDriveCtrl@@QAEAAV0@ABV0@@Z
??4CTmkSendCmd@@QAEAAV0@ABV0@@Z
??4CTmkSwitchInterface@@QAEAAV0@ABV0@@Z
??4IBlankStatus@@QAEAAV0@ABV0@@Z
??_7CSendASPI@@6B@
??_7CSendSPTI@@6B@
??_7CTmkDriveCtrl@@6B@
??_7CTmkSendCmd@@6B@
??_7CTmkSwitchInterface@@6B@
??_7IBlankStatus@@6B@

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606a23de2273f14e16f863843f57a19d

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

11:21:32:23:8f:41:6d:23:4e:04:30:fc:3a:c2:d3:5b:2e:25Certificate

Extended Key Usages

Key Usages

6a:d9:2e:c7:51:0f:aa:db:4c:ac:19:a1:22:d3:01:f2:62:32:d0:8bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintdc

uusbd

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 12KB - Virtual size: 32KB

.rsrc Size: 30KB - Virtual size: 30KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

11:21:32:23:8f:41:6d:23:4e:04:30:fc:3a:c2:d3:5b:2e:25
Certificate

6a:d9:2e:c7:51:0f:aa:db:4c:ac:19:a1:22:d3:01:f2:62:32:d0:8b
Signer

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 30KB - Virtual size: 30KB