2024-06-27_9b6838894c75a59afe6dda8aa3faacbb_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-27_9b6838894c75a59afe6dda8aa3faacbb_icedid
Size

1.9MB
MD5

9b6838894c75a59afe6dda8aa3faacbb
SHA1

23ea68a99f5acafb0f907f61a57fb931daa05417
SHA256

bc34d2c1b7a0d15e0e790439021a2b49ffff9c4b3141d33695306eec90c8eae1
SHA512

097ec153adc4c12c7b16b3924541dbe8a54df87470b7a7a93a7a18db64912a1467a9d65760850e9734afdc06d4a8028958cae730333c11b125ad2e0157326ae0
SSDEEP

49152:dLcu2Fa2ldpvGTkg0LF/Ppv9UrpwuTldpo8qJaoK:BcuG3laTkg6F/BvAf7qJc

Score

1^/10

Malware Config

Signatures

Files

2024-06-27_9b6838894c75a59afe6dda8aa3faacbb_icedid
.exe windows:5 windows x86 arch:x86

a84c1a0a3e52235a17b02f3ccc5340a0

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:c9:b5:27:99:64:02:6f:0f:d8:6e:0d:fa:29:03:fe
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

14/01/2015, 00:00

Not After

14/01/2017, 23:59

Subject

CN=Arvato Digital Services\, llc,O=Arvato Digital Services\, llc,L=Weaverville,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:e3:46:95:14:b6:35:4c:d5:77:cc:32:aa:77:36:58:e8:b0:94:dc
Signer

Actual PE Digest

88:e3:46:95:14:b6:35:4c:d5:77:cc:32:aa:77:36:58:e8:b0:94:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\Mercury\BRANCH_MERCURY_1_4_0\Applications\bin\Release\DownloadAssistant.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

DuplicateToken
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
GetLengthSid
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

iphlpapi

GetAdaptersInfo

kernel32

FileTimeToSystemTime
WritePrivateProfileStringW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
GetDriveTypeA
TlsFree
PeekNamedPipe
GetFileType
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedDecrement
GetThreadLocale
InterlockedIncrement
ConvertDefaultLocale
lstrcmpA
CompareStringA
InterlockedExchange
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
MulDiv
GlobalUnlock
FreeResource
lstrlenA
SetFileAttributesW
CreateFileW
FindFirstFileA
FindClose
GetCurrentThreadId
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTime
ExpandEnvironmentStringsA
GetExitCodeThread
SetLastError
CreateMutexA
CreateEventA
WaitForMultipleObjects
InterlockedCompareExchange
FlushConsoleInputBuffer
DuplicateHandle
SleepEx
FormatMessageA
GetLocaleInfoW
LocalAlloc
GetCurrentProcess
GetCurrentThread
GetSystemInfo
LoadLibraryExW
SetThreadPriority
SetEvent
ResetEvent
WideCharToMultiByte
lstrlenW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
SetThreadLocale
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
EnumResourceLanguagesW
LocalFree
FormatMessageW
TerminateThread
WaitForSingleObject
ResumeThread
SuspendThread
GetModuleHandleW
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
CreateProcessW
GetTempPathW
GetCurrentDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GlobalFree
GlobalLock
GlobalAlloc
FindResourceExW
CloseHandle
ReleaseMutex
GetLastError
CreateMutexW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GlobalFlags
ReadConsoleInputA
SetConsoleMode
GetFileInformationByHandle

user32

GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
DestroyMenu
GetSysColorBrush
WindowFromPoint
GetWindowThreadProcessId
GetMessageW
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
CharNextW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
PostThreadMessageW
GetMenuState
RegisterClipboardFormatW
CharUpperW
UnregisterClassW
SendDlgItemMessageW
MessageBeep
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
ReleaseCapture
SetCapture
PtInRect
LoadCursorW
SetCursor
SetWindowLongW
ReleaseDC
GetDC
DrawIcon
GetClientRect
GetSystemMetrics
LoadIconW
SetForegroundWindow
ShowWindow
IsIconic
BringWindowToTop
GetLastActivePopup
GetParent
GetWindowLongW
EnumChildWindows
GetClassNameW
GetClassInfoW
EnumWindows
MessageBoxW
SendMessageW
EnableWindow
GetWindowRect
UpdateWindow

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
SetWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetWindowExtEx
GetViewportExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentPoint32W
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
GetStockObject
CreateFontIndirectW
GetObjectW
GetTextExtentExPointW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
OleLoadPicture
SysAllocString
SysFreeString
SysStringLen

ws2_32

shutdown
__WSAFDIsSet
listen
accept
recvfrom
sendto
inet_ntoa
WSASetLastError
connect
getsockopt
getsockname
ntohs
ioctlsocket
send
select
inet_addr
setsockopt
bind
htons
gethostbyname
gethostname
socket
WSAStartup
WSAGetLastError
recv
closesocket
WSACleanup
WSAIoctl

Sections

.text
Size: 935KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a84c1a0a3e52235a17b02f3ccc5340a0

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

55:c9:b5:27:99:64:02:6f:0f:d8:6e:0d:fa:29:03:feCertificate

Extended Key Usages

Key Usages

88:e3:46:95:14:b6:35:4c:d5:77:cc:32:aa:77:36:58:e8:b0:94:dcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 935KB - Virtual size: 934KB

.rdata Size: 219KB - Virtual size: 218KB

.data Size: 64KB - Virtual size: 88KB

.rsrc Size: 770KB - Virtual size: 770KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

55:c9:b5:27:99:64:02:6f:0f:d8:6e:0d:fa:29:03:fe
Certificate

88:e3:46:95:14:b6:35:4c:d5:77:cc:32:aa:77:36:58:e8:b0:94:dc
Signer

.text
Size: 935KB - Virtual size: 934KB

.rdata
Size: 219KB - Virtual size: 218KB

.data
Size: 64KB - Virtual size: 88KB

.rsrc
Size: 770KB - Virtual size: 770KB