2024-06-29_34abc1a0c7b08e6c8c1307d8bc80f46b_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_34abc1a0c7b08e6c8c1307d8bc80f46b_icedid
Size

445KB
MD5

34abc1a0c7b08e6c8c1307d8bc80f46b
SHA1

58692808c53d68671285476f4af392db148c6487
SHA256

a99b6b2959db1e39016b8f64534f81fd3714eff2f769c6d8a12becc4b3c04e6f
SHA512

69181183e8a2470bf8ba697678bd3f64f6a0d3bd151cb8a965d2f69c526be796617a770db73e277443b6011102e8427a26061113c5a5fe6b243e313c771b98f8
SSDEEP

12288:BkNouJx0tNDIqpR/V4sQ7/RTU3AoFvSJmKu3+O:BkNou7CBJQ7/JU3AoFNKu3l

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_34abc1a0c7b08e6c8c1307d8bc80f46b_icedid
.exe windows:4 windows x86 arch:x86

338b27c7e906952529e5058a8550a345

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:19:64:8e:21:d4:bf:93:63:5f:4a:81:33:d4:0d:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/03/2009, 00:00

Not After

26/03/2010, 23:59

Subject

CN=ABS Gesell.f. Automatisierung\, Bildverarbeitung und Software mbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ABS Gesell.f. Automatisierung\, Bildverarbeitung und Software mbH,L=Jena,ST=Thueringen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:02:59:8d:92:85:2c:a8:61:50:99:32:34:53:33:5b:b3:2a:3c:7a
Signer

Actual PE Digest

73:02:59:8d:92:85:2c:a8:61:50:99:32:34:53:33:5b:b3:2a:3c:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
SetErrorMode
GetFileAttributesA
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
GetTickCount
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
TlsGetValue
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
lstrcmpA
SizeofResource
MultiByteToWideChar
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetCurrentProcess
lstrlenA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
ExpandEnvironmentStringsA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateFileA
CloseHandle
GetProcAddress
GetVersionExA
LoadLibraryA
FreeLibrary
SetLastError
GetModuleFileNameA
FormatMessageA
LocalFree
GetLastError
GetWindowsDirectoryA
GetSystemDirectoryA
LockResource
WideCharToMultiByte
FindResourceA
SetStdHandle
LoadResource

user32

RegisterClipboardFormatA
PostThreadMessageA
DrawTextExA
DrawTextA
TabbedTextOutA
InvalidateRect
DrawFocusRect
FillRect
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
MapWindowPoints
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMessagePos
GrayStringA
ModifyMenuA
PostQuitMessage
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ExitWindowsEx
IsWindow
RegisterDeviceNotificationA
UnregisterDeviceNotification
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
PostMessageA
SendMessageA
EnableMenuItem
CheckMenuItem
AppendMenuA
DrawIcon
PeekMessageA
DispatchMessageA
TranslateMessage
CharUpperA
GetMenu

gdi32

PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateSolidBrush
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetStockObject
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SelectObject
DeleteObject
GetTextMetricsA
ExtTextOutA
BitBlt
CreateCompatibleDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

shell32

SHGetFolderPathA
SHFileOperationA

shlwapi

PathAppendA
PathRenameExtensionA
PathFileExistsA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathStripPathA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
OleUninitialize
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiOpenDevRegKey

difxapi

DriverPackageGetPathA
DriverPackageUninstallA
DriverPackageInstallA

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

338b27c7e906952529e5058a8550a345

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7d:19:64:8e:21:d4:bf:93:63:5f:4a:81:33:d4:0d:57Certificate

Extended Key Usages

Key Usages

73:02:59:8d:92:85:2c:a8:61:50:99:32:34:53:33:5b:b3:2a:3c:7aSigner

Headers

File Characteristics

Imports

advapi32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

oledlg

ole32

oleaut32

setupapi

difxapi

Sections

.text Size: 292KB - Virtual size: 288KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 56KB - Virtual size: 52KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7d:19:64:8e:21:d4:bf:93:63:5f:4a:81:33:d4:0d:57
Certificate

73:02:59:8d:92:85:2c:a8:61:50:99:32:34:53:33:5b:b3:2a:3c:7a
Signer

.text
Size: 292KB - Virtual size: 288KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 56KB - Virtual size: 52KB