2024-07-03_399516d4e4534b9ae5baf28d7f0c4c35_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_399516d4e4534b9ae5baf28d7f0c4c35_icedid
Size

1.0MB
MD5

399516d4e4534b9ae5baf28d7f0c4c35
SHA1

a42bfb38c39317155f86ab01fce6b9acc0cbda8b
SHA256

6699dfc80d9f9adfe9f2b89e1f9c4458fddcd1b73a6ae236c9a1540a33bed5af
SHA512

8cfff6a5ab12feac95982cbd7085352db4ae070e7193963a9b576a4855d9b4bf01a9bc82a123b4100f3cc4bbe1f258126523e9e182774dd1a94fee97e0aafc89
SSDEEP

12288:i1zOoQ3ktvD1hPPonPrF26kiTCYNrPwCjKl6p1vVUHgpv0Re5Gtvz/ABzBQPgZYL:m5onP3rPwCe6Egpv0Q5IzIBzUWRy

Score

1^/10

Malware Config

Signatures

Files

2024-07-03_399516d4e4534b9ae5baf28d7f0c4c35_icedid
.exe windows:5 windows x86 arch:x86

b1f8c0fd0a0f3996dbf2125d6be74ac2

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16-03-2016 00:00

Not After

16-03-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:28:2d:03:1c:1a:47:a3:eb:f7:5f:de
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

16-01-2018 08:55

Not After

04-08-2020 04:37

Subject

CN=Zhongfu Information Inc.,O=Zhongfu Information Inc.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:76:e9:a5:09:3f:52:57:0c:c4:7a:ce
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

16-01-2018 08:57

Not After

04-08-2020 05:29

Subject

SERIALNUMBER=913700007357889006,CN=Zhongfu Information Inc.,O=Zhongfu Information Inc.,STREET=高新区新泺大街1166号奥盛大厦2号楼15-16层,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a494e414e,1.3.6.1.4.1.311.60.2.1.2=#13085348414e444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:32:25:f0:65:19:6b:3a:ec:30:c8:f0:6d:ff:a0:45:a2:df:2c:d2:e7:e5:f8:dc:fd:b2:a3:db:d5:47:20:44
Signer

Actual PE Digest

d4:32:25:f0:65:19:6b:3a:ec:30:c8:f0:6d:ff:a0:45:a2:df:2c:d2:e7:e5:f8:dc:fd:b2:a3:db:d5:47:20:44

Digest Algorithm

sha256

PE Digest Matches

true

48:9d:6c:7f:5d:e9:5d:b1:2e:7f:37:ad:84:39:f3:16:4f:ff:33:78
Signer

Actual PE Digest

48:9d:6c:7f:5d:e9:5d:b1:2e:7f:37:ad:84:39:f3:16:4f:ff:33:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\prj\3in1\clientxj\vcproject\Release\zfClientTray.pdb

Imports

kernel32

GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetCommandLineW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetFileType
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
ExitProcess
RaiseException
RtlUnwind
VirtualAlloc
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
FindResourceExW
lstrcpynW
GetProcessHeap
InterlockedCompareExchange
WriteConsoleA
SetHandleCount
CreateThread
ExitThread
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetModuleHandleA
GetCurrentProcessId
WritePrivateProfileStringW
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
SetLastError
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetFileAttributesExW
FreeLibrary
GetCurrentThread
CreateEventW
Process32NextW
LocalFree
Process32FirstW
CreateToolhelp32Snapshot
GetComputerNameW
GetModuleFileNameW
OpenProcess
GlobalFree
GlobalAlloc
GetFileSize
GetComputerNameA
CreateMutexW
GetCurrentThreadId
SetCurrentDirectoryW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
WriteFile
GetLocalTime
GetTickCount
DeleteFileW
RemoveDirectoryW
CopyFileW
GetLogicalDrives
QueryDosDeviceW
DeviceIoControl
CreateFileW
CreateProcessW
WaitForSingleObject
GetSystemDirectoryW
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetProcAddress
LoadLibraryW
OpenMutexW
SleepEx
CloseHandle
GetCurrentProcess
lstrlenW
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
GetDriveTypeW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount

user32

UpdateWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
SetRectEmpty
GetParent
EqualRect
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
SendInput
RegisterDeviceNotificationW
PostQuitMessage
ShowWindow
SetActiveWindow
GetSubMenu
UnregisterDeviceNotification
LoadImageW
PtInRect
ScreenToClient
GetCursorPos
SetLayeredWindowAttributes
ActivateKeyboardLayout
LoadKeyboardLayoutW
RegisterHotKey
SetMenu
GetKeyState
TrackPopupMenu
KillTimer
SystemParametersInfoW
MapWindowPoints
PeekMessageW
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
DispatchMessageW
GetLastActivePopup
GetForegroundWindow
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
SetFocus
IsWindow
EnableWindow
SendMessageW
FindWindowW
PostMessageW
GetSystemMetrics
RegisterWindowMessageW
EndDialog
SetWindowsHookExW
LoadCursorW
LoadIconW
RemovePropW
GetPropW
SetPropW
GetClassNameW
DefWindowProcW
GetClassLongW
CallNextHookEx
GetCapture
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
SetDlgItemTextW
IsDialogMessageW
SetWindowTextW
MoveWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CharUpperW
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
ValidateRect
TranslateMessage
GetMessageW
SetCursor
GetWindowThreadProcessId
DestroyMenu
FillRect
TabbedTextOutW
DrawTextW
RegisterClassW
GetFocus
SetForegroundWindow
IsZoomed
GetClientRect
CopyRect
SetWindowLongW
GetWindowLongW
SetTimer
ClientToScreen
OffsetRect
CreatePopupMenu
AppendMenuW
GetWindowRect
IsWindowVisible
DrawTextExW
GrayStringW
GetDC
ReleaseDC
BeginPaint
EndPaint
GetSysColorBrush
UnregisterClassW
UnionRect
IsRectEmpty

gdi32

ScaleWindowExtEx
DeleteDC
CreatePatternBrush
Escape
CreateCompatibleBitmap
CreateRectRgnIndirect
SetWindowExtEx
ScaleViewportExtEx
TextOutW
RectVisible
PtVisible
SelectClipRgn
DeleteObject
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetViewportOrgEx
CreateDIBSection
StretchBlt
SetBrushOrgEx
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateSolidBrush
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

DuplicateTokenEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
OpenThreadToken
SetThreadToken
DuplicateToken
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyW
CryptReleaseContext
CryptDestroyKey
CryptGetKeyParam
CryptGetUserKey
CryptSetProvParam
CryptAcquireContextW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
OpenProcessToken

shell32

Shell_NotifyIconW
ShellExecuteW
SHCreateDirectoryExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

SHGetValueW
SHSetValueW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathAppendW
PathAddBackslashW
PathMakePrettyW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathAddExtensionW

ole32

CoCreateGuid
StringFromGUID2
CLSIDFromString
CoInitialize
OleRun
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileW

zfsafeudiskdll

GetSafeUDiskHandle

zfdatacommon

CloseDBHandle
CreateDBHandle
DBGetKVDWORD
SetDeviceWhiteBuffer
SetPolicyVersion
SetProcessWhiteBuffer
DBGetKVString
DBGetDefaultPidVid
DBGetDefaultProcessWhite
DBSetKVString
DBDeleteKey
DBGetDefaultDeviceWhite
DBEnumKVStringEx
DBFreeKeyValueList
GetPolicyVersion
DBEnumKVString
DBDeleteKeyTree
UsbTrustGetBuffer
GetProcessWhiteBuffer
GetDeviceWhiteBuffer
DBAddEmployee
DBGetEmpNameByID
DBGetDepartIDByEmpID
DBGetKVStringA
DBSetKVDWORD
UsbTrustSetBuffer
DBGetALLEmployee
DBGetAllDepart
DBGetZoneInfo
GetCompatibleIDBuffer

sqlite3

sqlite3_mprintf
sqlite3_exec
sqlite3_free_table
sqlite3_free
sqlite3_get_table
sqlite3_busy_timeout

zfnetcommon

UrlGetBufferFree
UrlMakePostParam
UrlPost
UrlPostParamFree
UrlEasyPost

stringmgr

GetStringMgr

userenv

UnloadUserProfile

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

unzip

unzCloseCurrentFile
unzReadCurrentFile
unzOpenCurrentFile
unzClose
unzOpen
unzGoToFirstFile
unzGetCurrentFileInfo
unzGoToNextFile

udwrite

W_Log
W_Active_ReadKey
W_Key_Count
W_IsIn
W_GetKeyType
W_ReadConfigFile
W_Readkey
W_CheckPassWord
W_WritePassWord
W_GetErrorCount
W_GetKeySpace
W_AddHostConfigFile
W_Active_ReadPoint
W_Actice_GetSerialNo
W_ReadUnitCode
W_ReadCustomFile

psapi

GetModuleFileNameExW

zfhookctrl

ZfHookSetMonitorNotifyRoutine

setupapi

CM_Get_Device_ID_Size
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Get_Device_IDW

wininet

DeleteUrlCacheEntryW

crypt32

CertCreateCertificateContext
CertNameToStrW
CertFreeCertificateContext

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1f8c0fd0a0f3996dbf2125d6be74ac2

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

2d:28:2d:03:1c:1a:47:a3:eb:f7:5f:deCertificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

0b:76:e9:a5:09:3f:52:57:0c:c4:7a:ceCertificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

d4:32:25:f0:65:19:6b:3a:ec:30:c8:f0:6d:ff:a0:45:a2:df:2c:d2:e7:e5:f8:dc:fd:b2:a3:db:d5:47:20:44Signer

48:9d:6c:7f:5d:e9:5d:b1:2e:7f:37:ad:84:39:f3:16:4f:ff:33:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

zfsafeudiskdll

zfdatacommon

sqlite3

zfnetcommon

stringmgr

userenv

wtsapi32

unzip

udwrite

psapi

zfhookctrl

setupapi

wininet

crypt32

version

iphlpapi

msimg32

Sections

.text Size: 784KB - Virtual size: 783KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 13KB - Virtual size: 44KB

.rsrc Size: 85KB - Virtual size: 84KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

2d:28:2d:03:1c:1a:47:a3:eb:f7:5f:de
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

0b:76:e9:a5:09:3f:52:57:0c:c4:7a:ce
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

d4:32:25:f0:65:19:6b:3a:ec:30:c8:f0:6d:ff:a0:45:a2:df:2c:d2:e7:e5:f8:dc:fd:b2:a3:db:d5:47:20:44
Signer

48:9d:6c:7f:5d:e9:5d:b1:2e:7f:37:ad:84:39:f3:16:4f:ff:33:78
Signer

.text
Size: 784KB - Virtual size: 783KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 13KB - Virtual size: 44KB

.rsrc
Size: 85KB - Virtual size: 84KB