2024-07-03_4edcc1f7eb3ec15249adcb4133a547e9_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_4edcc1f7eb3ec15249adcb4133a547e9_icedid
Size

410KB
MD5

4edcc1f7eb3ec15249adcb4133a547e9
SHA1

95d66fa4afdaf0c8961c3701158f2504989629f0
SHA256

569010ced04756e47613eeba612e9fc42254be59c6fde6a2567b9c4078f23e3e
SHA512

33ef10f348388a89c736c75762b9378a70e3c92af0287d36e01ff215604905ee5595e91b72396cedd689db53abb64b9cc156cbb9ff777be2aa2be5d5c47dbbe7
SSDEEP

6144:EdtselOBL6j/CFCeorektQQPNuuLCuJxNqFgKUjLKAoNojoj2akX6vgZYqRm:mlOBLQrewPNuueuJ793vKx2dKvgZYqRm

Score

1^/10

Malware Config

Signatures

Files

2024-07-03_4edcc1f7eb3ec15249adcb4133a547e9_icedid
.exe windows:5 windows x86 arch:x86

c2a550724405632e1bf74aac05601c18

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16-03-2016 00:00

Not After

16-03-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:28:2d:03:1c:1a:47:a3:eb:f7:5f:de
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

16-01-2018 08:55

Not After

04-08-2020 04:37

Subject

CN=Zhongfu Information Inc.,O=Zhongfu Information Inc.,L=Jinan,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:76:e9:a5:09:3f:52:57:0c:c4:7a:ce
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

16-01-2018 08:57

Not After

04-08-2020 05:29

Subject

SERIALNUMBER=913700007357889006,CN=Zhongfu Information Inc.,O=Zhongfu Information Inc.,STREET=高新区新泺大街1166号奥盛大厦2号楼15-16层,L=Jinan,ST=Shandong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054a494e414e,1.3.6.1.4.1.311.60.2.1.2=#13085348414e444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:e5:1a:25:5a:b8:50:e9:3f:66:25:f2:11:2d:46:56:93:e2:80:84:ce:f8:65:a6:9e:06:14:35:19:84:57:b8
Signer

Actual PE Digest

bb:e5:1a:25:5a:b8:50:e9:3f:66:25:f2:11:2d:46:56:93:e2:80:84:ce:f8:65:a6:9e:06:14:35:19:84:57:b8

Digest Algorithm

sha256

PE Digest Matches

true

b5:bc:03:e5:8f:aa:f7:e2:73:c5:f1:bc:9c:78:45:cf:b6:b3:da:97
Signer

Actual PE Digest

b5:bc:03:e5:8f:aa:f7:e2:73:c5:f1:bc:9c:78:45:cf:b6:b3:da:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\prj\3in1\clientxj\vcproject\Release\zfMsgShow.pdb

Imports

unzip

unzGoToFirstFile
unzOpen
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToNextFile
unzOpenCurrentFile
unzReadCurrentFile
unzClose

kernel32

HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
Sleep
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
VirtualAlloc
LCMapStringA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStartupInfoW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
IsDebuggerPresent
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FlushFileBuffers
GetModuleHandleA
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetCommandLineW
SetCurrentDirectoryW
ExitProcess
GetFileAttributesExW
WriteFile
GetLocalTime
SetFilePointer
InterlockedDecrement
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
LocalFree
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetTickCount
CloseHandle
GetVersionExW
GetModuleFileNameW
FindResourceExW
GetProcAddress
GetModuleHandleW
LoadLibraryW
lstrcpynW
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
lstrlenW
SetLastError
GlobalFlags
GlobalFree
GlobalAlloc
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetLocaleInfoW
UnhandledExceptionFilter
GetProcessHeap
QueryPerformanceCounter

user32

UnregisterClassW
GetSysColorBrush
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExW
AdjustWindowRectEx
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
GetSysColor
EndPaint
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DrawIcon
GetSystemMetrics
IsIconic
FindWindowW
IsZoomed
SetForegroundWindow
AppendMenuW
CreatePopupMenu
ScreenToClient
GetCursorPos
GetClassInfoExW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
EnableWindow
GetParent
SetActiveWindow
GetWindowRect
GetWindowLongW
SetWindowLongW
RegisterClassW
DefWindowProcW
LoadIconW
SystemParametersInfoW
PostMessageW
SendMessageW
InvalidateRect
PtInRect
FillRect
IntersectRect
SetCursor
SetRectEmpty
IsRectEmpty
GetClientRect
SetTimer
KillTimer
ReleaseDC
GetDC
CopyRect
EqualRect
UnionRect
OffsetRect
LoadCursorW
BeginPaint
GetClassInfoW

gdi32

SelectClipRgn
DeleteObject
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
GetObjectW
GetTextExtentPoint32W
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateSolidBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
CreatePatternBrush
SetBrushOrgEx
StretchBlt
GetViewportOrgEx
BitBlt

msimg32

AlphaBlend
TransparentBlt
GradientFill

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHCreateDirectoryExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathAddExtensionW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleFileNameExW

zfdatacommon

DBGetALLEmployee
DBGetAllDepart
DBSetKVString
DBGetKVString
DBGetZoneInfo

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2a550724405632e1bf74aac05601c18

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

2d:28:2d:03:1c:1a:47:a3:eb:f7:5f:deCertificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

0b:76:e9:a5:09:3f:52:57:0c:c4:7a:ceCertificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

bb:e5:1a:25:5a:b8:50:e9:3f:66:25:f2:11:2d:46:56:93:e2:80:84:ce:f8:65:a6:9e:06:14:35:19:84:57:b8Signer

b5:bc:03:e5:8f:aa:f7:e2:73:c5:f1:bc:9c:78:45:cf:b6:b3:da:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unzip

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

psapi

zfdatacommon

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 9KB - Virtual size: 37KB

.rsrc Size: 49KB - Virtual size: 49KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

2d:28:2d:03:1c:1a:47:a3:eb:f7:5f:de
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

0b:76:e9:a5:09:3f:52:57:0c:c4:7a:ce
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

bb:e5:1a:25:5a:b8:50:e9:3f:66:25:f2:11:2d:46:56:93:e2:80:84:ce:f8:65:a6:9e:06:14:35:19:84:57:b8
Signer

b5:bc:03:e5:8f:aa:f7:e2:73:c5:f1:bc:9c:78:45:cf:b6:b3:da:97
Signer

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 9KB - Virtual size: 37KB

.rsrc
Size: 49KB - Virtual size: 49KB