2024-07-03_851171bde2439b9026c287efb9d9a482_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_851171bde2439b9026c287efb9d9a482_icedid
Size

1.5MB
MD5

851171bde2439b9026c287efb9d9a482
SHA1

4e2acde2b9f15d74af60f0d202a63c433128d5eb
SHA256

67bc89d4784ce5376c78166f2383a664a8e72321c611ce7849f9541cd7a499db
SHA512

d3287b8f50d9ad1eb12a03343cb54c5af10348bf491f0d19902dc629d48e13f8efae8f80957372bff0242652f7c3cf07cecc8329f2e35e35dc364b505ea190b8
SSDEEP

24576:DzKvHgJOe6evSsRe5/TbNJAScT82Cp8NTh+wwduAzDFcOjSY:DWv6gQzSiC++F+Ojp

Score

1^/10

Malware Config

Signatures

Files

2024-07-03_851171bde2439b9026c287efb9d9a482_icedid
.exe windows:4 windows x86 arch:x86

734b796ec0f3c25146106c65e013ec29

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:c2:b5:24:cb:f0:e5:42:95:f9:20:a6:39:5c:cc:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/08/2012, 00:00

Not After

28/08/2014, 23:59

Subject

CN=金华比奇网络技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=安全部,O=金华比奇网络技术有限公司,L=金华,ST=浙江,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:7d:81:fb:e4:e4:83:a2:8d:5a:19:5e:73:68:c9:ba:03:4f:b5:81
Signer

Actual PE Digest

98:7d:81:fb:e4:e4:83:a2:8d:5a:19:5e:73:68:c9:ba:03:4f:b5:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\半自动程序\API\F-FIFA OL3\RC2FIFAOL3\RC2FIFAOL3\exec\RC2FIFAOL3.pdb

Imports

kernel32

FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
SetEnvironmentVariableA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
CreateMutexA
GetDriveTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
LoadLibraryW
FatalAppExitA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
GetFileType
SetStdHandle
ExitThread
RaiseException
RtlUnwind
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
IsBadReadPtr
HeapValidate
GetDiskFreeSpaceA
GetTempFileNameA
GetCurrentDirectoryA
GetPrivateProfileIntA
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
FindResourceExA
GetCurrentThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetOEMCP
GetCPInfo
GlobalFlags
ResetEvent
PulseEvent
GetProfileIntA
VirtualProtect
InterlockedIncrement
FileTimeToSystemTime
ResumeThread
GetThreadPriority
SetThreadPriority
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileAttributesA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
InterlockedDecrement
GetModuleFileNameW
FreeResource
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetAtomNameA
GlobalGetAtomNameA
lstrcmpA
FindNextFileA
GetShortPathNameA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
GetHandleInformation
LocalAlloc
CreateEventA
SuspendThread
GetCurrentThreadId
SetEvent
MulDiv
GlobalFree
GlobalSize
FormatMessageA
LocalFree
SetLastError
FreeLibrary
SetErrorMode
LoadLibraryA
GetSystemDirectoryA
GetCurrentProcess
GetProcAddress
GetVersionExA
GlobalAlloc
GlobalUnlock
GlobalLock
WaitForSingleObject
GetVersion
CompareStringA
lstrcmpiA
InterlockedExchange
GetStringTypeExA
lstrlenW
CompareStringW
lstrlenA
CopyFileA
WritePrivateProfileStringA
MultiByteToWideChar
GetPrivateProfileStringA
ExitProcess
TerminateProcess
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLocalTime
TerminateThread
GetExitCodeThread
Sleep
CreateThread
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetModuleHandleA
GetCommandLineA
CloseHandle
GetLastError
OpenEventA

user32

SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
OpenIcon
CloseWindow
LoadCursorA
PostThreadMessageA
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageA
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
FindWindowExA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
SetCapture
GetActiveWindow
DrawCaption
DrawAnimatedRects
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
DragDetect
GetMenuCheckMarkDimensions
RegisterWindowMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetClipboardFormatNameA
SetScrollPos
IsChild
GetCapture
WinHelpA
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextLengthA
DestroyWindow
GetDlgCtrlID
GetClassLongA
GetClassNameA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ScreenToClient
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
SetMenuItemBitmaps
ModifyMenuA
InsertMenuItemA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
DeleteMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextExA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
LoadBitmapA
MessageBoxA
EndDialog
ShowWindow
SetWindowLongA
GetWindowLongA
SetLayeredWindowAttributes
GetSysColorBrush
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
TabbedTextOutA
MapDialogRect
CallNextHookEx
GetCursorPos
SetWindowsHookExA
ValidateRect
RemoveMenu
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
UnpackDDElParam
CreateDialogIndirectParamA
SetRectEmpty
SetCursor
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
ReuseDDElParam
UnregisterClassA
GetDialogBaseUnits
GetKeyNameTextA
MsgWaitForMultipleObjects
DestroyIcon
GetScrollPos
GetWindowRect
IsWindowUnicode
GetMessageW
DispatchMessageW
SubtractRect
UnionRect
InflateRect
SetRect
PtInRect
IsRectEmpty
GetSystemMetrics
MoveWindow
SetTimer
IsWindow
KillTimer
PostQuitMessage
CreateDialogParamA
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemID
WaitMessage
PeekMessageA
VkKeyScanA
MapVirtualKeyA
PostMessageA
LoadKeyboardLayoutA
OpenClipboard
AttachThreadInput
IsIconic
keybd_event
GetForegroundWindow
GetTopWindow
FindWindowA
LoadImageA
GetDC
CharUpperA
GetKeyboardState
SetCursorPos
ClientToScreen
SendMessageA
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetKeyState
GetWindowThreadProcessId
GetWindowTextA
SetDlgItemTextA
GetDesktopWindow
GetWindow
GetAsyncKeyState

gdi32

EnumObjects
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetGraphicsMode
GetWorldTransform
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetFontLanguageInfo
GetCharacterPlacementA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
GetBrushOrgEx
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
SaveDC
RestoreDC
SelectPalette
SetBkColor
SetPolyFillMode
SetROP2
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
GetDCOrgEx
StretchDIBits
EnumFontFamiliesExA
RectInRegion
PtInRegion
GetRgnBox
OffsetRgn
EqualRgn
CombineRgn
SetRectRgn
GetRegionData
ExtCreateRegion
PathToRegion
CreateRoundRectRgn
CreatePolyPolygonRgn
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateRectRgnIndirect
GetNearestPaletteIndex
AnimatePalette
SetPaletteEntries
GetPaletteEntries
CreateHalftonePalette
CreatePalette
CreateDiscardableBitmap
GetBitmapDimensionEx
SetBitmapDimensionEx
SetBitmapBits
CreateBitmapIndirect
CreateBitmap
CreateFontIndirectA
CreateDIBPatternBrushPt
SetTextColor
SetBkMode
CreateSolidBrush
CreateDCA
GetDeviceCaps
DeleteDC
GetCurrentObject
CreateBrushIndirect
CreateHatchBrush
ExtCreatePen
CreatePenIndirect
CreateRectRgn
EndPath
CreatePatternBrush
GetDIBits
GetObjectA
GetBitmapBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
GetObjectType
UnrealizeObject
GetStockObject
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA
CopyMetaFileA
CreateFontA
CreateDIBSection
CreateICA
StretchBlt
SetBrushOrgEx
SetStretchBltMode
BitBlt
SelectObject
ResizePalette

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

SetThreadToken
OpenThreadToken
GetFileSecurityA
SetFileSecurityA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegSetValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RevertToSelf

shell32

SHGetFileInfoA
DragAcceptFiles
DragFinish
DragQueryFileA
ExtractIconA
ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathFileExistsA
PathRemoveExtensionA

ole32

ReleaseStgMedium
CoTaskMemAlloc
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoCreateInstance
OleDuplicateData
CoInitialize
OleRun
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromProgID
CoDisconnectObject
CreateBindCtx
StringFromGUID2
CLSIDFromString

oleaut32

SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
SafeArrayCopy
SafeArrayAllocData
VariantInit
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarBstrFromDec
VarDecFromStr
VarDateFromStr
VarBstrFromDate
SysAllocString
LoadTypeLi
VariantChangeType
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
SafeArrayAllocDescriptor
SysStringLen
DosDateTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VarDateFromUdate
SafeArrayRedim

ws2_32

accept
WSACleanup
WSAStartup
WSASetLastError
shutdown
listen
ioctlsocket
bind
getsockopt
setsockopt
getsockname
getpeername
connect
sendto
recvfrom
socket
select
WSAGetLastError
WSAAsyncSelect
send
recv
gethostbyname
closesocket
htonl
inet_addr
htons
inet_ntoa
ntohs

keymousehelper

ord7
ord5
ord2
ord1
ord6

wininet

GopherGetLocatorTypeA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
FtpFindFirstFileA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetErrorDlg
HttpOpenRequestA
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpGetFileA
FtpPutFileA
FtpCommandA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA

Sections

.text
Size: 988KB - Virtual size: 985KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

734b796ec0f3c25146106c65e013ec29

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

69:c2:b5:24:cb:f0:e5:42:95:f9:20:a6:39:5c:cc:18Certificate

Extended Key Usages

Key Usages

98:7d:81:fb:e4:e4:83:a2:8d:5a:19:5e:73:68:c9:ba:03:4f:b5:81Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

keymousehelper

wininet

Sections

.text Size: 988KB - Virtual size: 985KB

.rdata Size: 552KB - Virtual size: 550KB

.data Size: 12KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 1KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

69:c2:b5:24:cb:f0:e5:42:95:f9:20:a6:39:5c:cc:18
Certificate

98:7d:81:fb:e4:e4:83:a2:8d:5a:19:5e:73:68:c9:ba:03:4f:b5:81
Signer

.text
Size: 988KB - Virtual size: 985KB

.rdata
Size: 552KB - Virtual size: 550KB

.data
Size: 12KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 1KB