2024-07-05_73adc4624a977e1c1861280ac079a2eb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-05_73adc4624a977e1c1861280ac079a2eb_icedid
Size

5.9MB
MD5

73adc4624a977e1c1861280ac079a2eb
SHA1

de2685f9b8655da9891979eaf175ac4da17f5ccf
SHA256

dd0c6ce7ca1468f77ed67665caf4a24602f04166d698d956bae2fb488dc2481e
SHA512

f6bc573bb96217d746de0d0549a6c00117fd282e965fed62c695379e18a67c6e721aa5521294c41b43137349dadbb61ee9d48cc3cb7318a6114d743c457e4dd6
SSDEEP

49152:pwY6Ynj429ej2UIF0GPgBGApZRgQ6XxJGQHxEcE0f+k:36Yn/A2rF0unHp+k

Score

1^/10

Malware Config

Signatures

Files

2024-07-05_73adc4624a977e1c1861280ac079a2eb_icedid
.exe windows:4 windows x86 arch:x86

32cb85c56145aec8c7db065ff7f38a35

Code Sign

60:5d:52:5a:1d:74:49:db:26:a5:37:2a:2e:f7:94:82
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/01/2010, 00:00

Not After

18/01/2011, 23:59

Subject

CN=Mediannet,OU=Service Business Dept,O=Mediannet,L=Dong-gu,ST=Daegu,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:23:43:66:67:48:da:1d:12:1d:2d:92:31:e7:3f:69:2e:d5:27:03
Signer

Actual PE Digest

81:23:43:66:67:48:da:1d:12:1d:2d:92:31:e7:3f:69:2e:d5:27:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\ServiceApp\ExpDown\trunk\Seed\SpeedDown\bin\JJangFileDown.pdb

Imports

ws2_32

setsockopt
WSAEventSelect
WSACreateEvent
WSAGetLastError
WSASocketW
htonl
connect
closesocket
htons
WSAStartup
WSACleanup
listen
accept
send
recv
ioctlsocket
socket
ntohl
bind
__WSAFDIsSet
getsockopt
select
ntohs
gethostname
gethostbyname
inet_ntoa
inet_addr
WSACloseEvent

iphlpapi

GetAdaptersInfo
GetIpNetTable

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameW
GetModuleHandleA
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalGetAtomNameW
SetErrorMode
WritePrivateProfileStringW
GetFileAttributesW
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ExitThread
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GlobalAddAtomW
FreeResource
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
ReadDirectoryChangesW
RaiseException
GetModuleFileNameA
CreateFileA
IsProcessorFeaturePresent
GetSystemInfo
lstrcmpiW
GlobalMemoryStatus
FindNextFileW
GetDriveTypeW
GetFileTime
SetFileTime
GlobalMemoryStatusEx
GetFileSizeEx
MoveFileExW
GetVersionExA
SetFilePointerEx
SetEndOfFile
GetCurrentThreadId
LocalAlloc
ResetEvent
CreateNamedPipeW
ExitProcess
GetExitCodeProcess
TerminateProcess
OpenMutexW
GetCurrentProcessId
OpenEventW
SetFilePointer
CreateProcessW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetLocalTime
CreateDirectoryW
InterlockedDecrement
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
CreateEventW
SetEvent
TerminateThread
SuspendThread
MoveFileW
WriteFile
WaitForSingleObject
LocalFree
ReleaseMutex
ResumeThread
SetThreadPriority
OutputDebugStringW
MulDiv
lstrcpynW
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindFirstFileW
HeapAlloc
HeapDestroy
HeapFree
HeapCreate
GetVersionExW
WideCharToMultiByte
GetCommandLineW
MultiByteToWideChar
DeleteCriticalSection
SetCurrentDirectoryW
lstrcpyW
ReadFile
lstrcmpW
GetFileSize
GetProcAddress
lstrlenW
CreateFileW
LeaveCriticalSection
lstrlenA
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
GetModuleFileNameW
DeleteFileW
InitializeCriticalSection
EnterCriticalSection
SetLastError
LoadResource
LockResource
LoadLibraryW
SizeofResource
FreeLibrary
CloseHandle
GetCurrentProcess
Sleep
GetLastError
CreateMutexW
FindResourceW
InterlockedExchange
FormatMessageW

user32

InsertMenuItemW
LoadAcceleratorsW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
PostThreadMessageW
BeginPaint
GetWindowDC
CharUpperW
SystemParametersInfoW
GetMenuItemInfoW
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
IntersectRect
SetRectEmpty
IsIconic
GetWindowPlacement
ShowOwnedPopups
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowsHookExW
CallNextHookEx
GetMessageW
ValidateRect
PostQuitMessage
RegisterWindowMessageW
wsprintfW
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
AttachThreadInput
GetForegroundWindow
SetWindowPos
ReleaseDC
EnableMenuItem
CreateWindowExW
DefWindowProcW
IsWindowVisible
wvsprintfA
FillRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DrawFocusRect
GetFocus
FindWindowW
SetWindowRgn
SetRect
GetDC
GetWindowLongW
GetActiveWindow
IsWindow
GetDesktopWindow
CallWindowProcW
MessageBoxW
GetParent
SetCursor
UpdateWindow
RedrawWindow
LoadBitmapW
GetDlgItem
DrawIconEx
CopyRect
PtInRect
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
DestroyIcon
OffsetRect
GetSystemMetrics
InflateRect
GetIconInfo
GetSysColor
LoadImageW
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
CreatePopupMenu
DestroyWindow
InvalidateRect
GetClientRect
ReplyMessage
KillTimer
EnableWindow
ShowWindow
GetKeyState
GetWindowRect
SetTimer
SetWindowLongW
PostMessageW
SetForegroundWindow
DispatchMessageW
BringWindowToTop
SetMenu
TranslateAcceleratorW
GetSysColorBrush
UnregisterClassW
MessageBeep
AppendMenuW
TranslateMessage
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
LoadCursorW
DrawIcon
IsRectEmpty
SystemParametersInfoA
EndPaint
PeekMessageW
GetSystemMenu
LoadIconW
ExitWindowsEx
SendMessageW
GetClassInfoW
UnregisterClassA
RegisterClassExW

gdi32

SelectClipRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateEllipticRgn
Ellipse
GetTextColor
SaveDC
GetRgnBox
GetClipBox
Escape
GetBkColor
GetDeviceCaps
ExtTextOutW
GetViewportExtEx
TextOutW
GetWindowExtEx
RectVisible
PtVisible
SetRectRgn
LPtoDP
CreateRectRgnIndirect
CombineRgn
ExtCreateRegion
CreateDIBSection
DeleteDC
SetBkColor
BitBlt
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
SelectObject
CreateCompatibleDC
StretchBlt
DeleteObject
CreateFontIndirectW
GetObjectW
Rectangle
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
SetTextColor
SetBkMode
GetDIBits
CreateRectRgn
CreateFontW
CreatePen
RestoreDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyW
RegQueryValueW
RegOpenKeyW
QueryServiceConfigW
DeleteService
ControlService
CreateServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegEnumValueW
RegConnectRegistryW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathGetArgsW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
StrFormatByteSizeW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
CoInitialize
CoCreateInstance
CoTaskMemFree
OleRun
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysStringLen
VariantInit
VariantClear
SysAllocString
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
GetErrorInfo

version

GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32cb85c56145aec8c7db065ff7f38a35

Code Sign

60:5d:52:5a:1d:74:49:db:26:a5:37:2a:2e:f7:94:82Certificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

81:23:43:66:67:48:da:1d:12:1d:2d:92:31:e7:3f:69:2e:d5:27:03Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 364KB - Virtual size: 362KB

.data Size: 1.3MB - Virtual size: 2.4MB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

60:5d:52:5a:1d:74:49:db:26:a5:37:2a:2e:f7:94:82
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

81:23:43:66:67:48:da:1d:12:1d:2d:92:31:e7:3f:69:2e:d5:27:03
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 364KB - Virtual size: 362KB

.data
Size: 1.3MB - Virtual size: 2.4MB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB