2024-06-30_c7e07eac03de175372634b4f65f3afc9_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-30_c7e07eac03de175372634b4f65f3afc9_icedid
Size

849KB
MD5

c7e07eac03de175372634b4f65f3afc9
SHA1

651ca28e2a9d06197fb521ec3ca169a1d8a28605
SHA256

a6557e587c2396118e3dc6854a71d8707ce18159942b460fe0fb4398748fe2e0
SHA512

6afe3ea8d5a2919659db33aee827828abbd2d7662c008e128f4fbea237ea3f327791124c83f3c955fe8a1feb54f1149f4d2e4285b5efa1507af2fac0eb293ca1
SSDEEP

12288:/crkXHaHrrBp+r5S5POQu3AfTNQo0ZOcMHeXrta26Qic9TB+4:0rY/r5S52QJwgHes26QD9TBJ

Score

1^/10

Malware Config

Signatures

Files

2024-06-30_c7e07eac03de175372634b4f65f3afc9_icedid
.exe windows:5 windows x86 arch:x86

c47e6193cbed89e1090e6e30a85ab50d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:71:9d:9e:a3:a2:1d:fd:c9:b9:4b:d1:63:5a:6c:1c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/09/2009, 00:00

Not After

13/09/2012, 23:59

Subject

CN=Seagull Scientific\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=BarTender Development,O=Seagull Scientific\, Inc,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\main\driver\bin\DriverWizard.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

kernel32

FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
FindResourceExA
GetCPInfo
GetOEMCP
GetFileSizeEx
SetErrorMode
RtlUnwind
HeapFree
HeapAlloc
RemoveDirectoryA
HeapReAlloc
GetStartupInfoA
VirtualAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
LCMapStringA
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
FindFirstFileA
FileTimeToSystemTime
FindNextFileA
FindClose
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
VirtualProtect
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
CompareStringA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
RaiseException
InterlockedExchange
MulDiv
MultiByteToWideChar
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
GetCurrentProcessId
GetCurrentThreadId
GetStdHandle
GetModuleHandleW
CreateProcessW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryW
GetTempPathW
GetSystemDirectoryW
SetFileTime
SetFileAttributesW
GetTempFileNameW
CreateDirectoryW
GetFileSize
SetFilePointer
WriteFile
ReadFile
SetEndOfFile
CreateFileW
LCMapStringW
InterlockedDecrement
InterlockedIncrement
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToLocalFileTime
MoveFileExW
CreateThread
GetFileTime
CompareFileTime
GetCurrentDirectoryA
GetDefaultCommConfigA
GetACP
DeviceIoControl
LocalAlloc
CreateDirectoryA
SetLastError
OpenProcess
GetProfileStringA
WriteProfileStringA
WaitForSingleObject
GetTimeFormatA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
CopyFileA
GetTempFileNameA
GetTickCount
Sleep
SetFileAttributesA
GetFileAttributesA
GetWindowsDirectoryA
GetSystemDirectoryA
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
GetCommandLineA
FreeLibrary
DeleteFileA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetVersionExA
GetCurrentProcess
GetLastError
MoveFileExA

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
InvalidateRect
DrawFocusRect
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
CharUpperA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetClassLongA
GetClassNameA
IsWindow
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
UnregisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetPropA
GetCapture
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropA
RemovePropA
SetFocus
GetDlgItem
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
wvsprintfW
wvsprintfA
GetAsyncKeyState
GetClientRect
ReleaseDC
GetWindowDC
GetDC
GetWindowRect
LoadBitmapA
PostMessageA
RegisterClassA
GetParent
SendNotifyMessageA
EnableWindow
GetWindow
SendMessageA
ExitWindowsEx
GetDesktopWindow
MessageBoxA

gdi32

CreateSolidBrush
GetTextMetricsA
EnumFontFamiliesExA
SetMapMode
RestoreDC
SaveDC
DPtoLP
DeleteObject
GetStockObject
CreateCompatibleDC
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
BitBlt
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
GetObjectA
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

EnumPrinterDriversA
ClosePrinter
OpenPrinterA
AddPortA
EnumMonitorsA
GetPrinterA
ord201
EnumPrintersA
DeletePrinter
DeletePrinterConnectionA
SetJobA
EnumJobsA
DeletePrinterDriverA
SetPrinterA
DocumentPropertiesA
DocumentPropertiesW
EnumPortsA
ord202
GetPrinterDriverDirectoryA
ConfigurePortA
AddPrinterA
GetPrintProcessorDirectoryA

advapi32

RegEnumKeyA
RegQueryValueA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyA
AdjustTokenPrivileges
EnumServicesStatusA
OpenServiceA
OpenSCManagerA
QueryServiceConfigA
DeleteService
QueryServiceStatus
ControlService
StartServiceA
CloseServiceHandle
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHChangeNotify
ShellExecuteExA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oleaut32

VariantClear
SysAllocStringLen
VariantChangeType
VariantInit

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c47e6193cbed89e1090e6e30a85ab50d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:71:9d:9e:a3:a2:1d:fd:c9:b9:4b:d1:63:5a:6c:1cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

Sections

.text Size: 516KB - Virtual size: 516KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 180KB - Virtual size: 184KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:71:9d:9e:a3:a2:1d:fd:c9:b9:4b:d1:63:5a:6c:1c
Certificate

.text
Size: 516KB - Virtual size: 516KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 180KB - Virtual size: 184KB