2024-07-09_8a63998a26f51d824e872335af19d3e9_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_8a63998a26f51d824e872335af19d3e9_icedid
Size

2.4MB
MD5

8a63998a26f51d824e872335af19d3e9
SHA1

25078c714b6f0e85cc42ec1112473b89200524f8
SHA256

55696501bdbbff2c08decebe9154884074782c0e480cbfa4e5331f3ea867c38e
SHA512

ecc7da90938c4592fc6e1811ff19b142972a7f271b07dbbf4ccf5f055c7e2f031e58ca9600def3b48dca6ce7b2ce8acb0b44d96671389e202a3816fc1b4db327
SSDEEP

24576:8eNmgItt8+SYf/lD5ielzT6za48qg85zyeLy6:wSO/lDAelzT1qh5zyeLy6

Score

1^/10

Malware Config

Signatures

Files

2024-07-09_8a63998a26f51d824e872335af19d3e9_icedid
.exe windows:4 windows x86 arch:x86

63c91614010b356dbceb384f7eb13b28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:67:f9:f6:28:a0:ae:34:ac:71:58:2a:82:fe:a4:66
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/11/2007, 00:00

Not After

04/11/2009, 23:59

Subject

CN=CMOTech,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sales,O=CMOTech,L=Seoul,ST=Kyunggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_____Product_Sample_UI_ Released______\NTELOS_CDU680\200704241800_jj632_v5_680DORA_Only_Franklin_Common_UMSD_071607\Bin\cmoUIMain.pdb

Imports

cmodeviceinfo

ord4
ord3
ord2
ord1

cmodialupdll

ord5
ord3
ord6
ord7
ord2
ord4

cmoserialdll

cmo_Serial_Read_MIPPreReRRQTime
cmo_Serial_Read_MIPQcDrsOpt
cmo_Serial_Read_MIP2002BisAuth
cmo_Serial_Read_MIPRrqTfrk
cmo_Serial_Read_FW_Download_Status
cmo_Serial_Read_HDR_Mode
cmo_Serial_AT_Read_Curr_NAM
cmo_Serial_ReadUMSD
cmo_Serial_GetUMSD
cmo_Serial_Read_MIPRetries
cmo_Serial_Read_MIPRetryInterval
cmo_Serial_SetUMSD
cmo_Serial_DM_Reset
cmo_Serial_AT_Write_Mode_Change
cmo_Serial_AT_Write_HdrNai
cmo_Serial_AT_Write_HdrPw
cmo_Serial_AT_Write_MDN
cmo_Serial_AT_Write_MIN
cmo_Serial_Write_MIN
cmo_Serial_DM_Write_RTN
cmo_Serial_AT_Write_RTN
cmo_Serial_Write_MIPGenUserProfile
cmo_Serial_Write_MIPEnableProf
cmo_Serial_Write_QCMIP
cmo_Serial_Read_BADMODE
cmo_Serial_Write_MIPRetryInterval
cmo_Serial_Write_MIPRetries
cmo_Serial_Write_MIPPreReRRQTime
cmo_Serial_Write_MIPQcDrsOpt
cmo_Serial_Write_MIP2002BisAuth
cmo_Serial_Write_MIPRrqTfrk
cmo_Serial_ChangeOffilneMode
cmo_Serial_GPS_WritePDE
cmo_Serial_Read_QCMIP
cmo_Serial_Read_MIN1
cmo_Serial_Read_MIN2
cmo_Serial_GetHDR_SCP_Subtype_Custom_Config
cmo_Serial_Read_MIPGenUserProfile
cmo_Serial_Read_MIPEnableProf
cmo_Serial_AT_Write_User_MODE
cmo_Serial_DM_DTR_DOWN
cmo_Serial_Read_Log
cmo_Serial_SetDateType
cmo_Serial_SPC_CHECK
cmo_Serial_AT_User_Lock_Code
cmo_Serial_Write_Lock_Code
cmo_Serial_IsDMConnected
cmo_Serial_Write_ACCOLC
cmo_Serial_Write_MDN
cmo_Serial_AT_Write_ACCOLC
cmo_Serial_LogMessageFile
cmo_Serial_AT_Check_SPC
cmo_Serial_DM_SETSPC
cmo_Serial_DIAG_MSG_SAVE
cmo_Serial_DIAG_MSG
cmo_Serial_SetLogging
cmo_Serial_CloseDMPort
cmo_Serial_GetMsmType
cmo_Serial_CloseDataPort
cmo_Serial_AT_Reset
cmo_Serial_AT_Read_MIN
cmo_Serial_AT_Read_MDN
cmo_Serial_IsDS2Connected
cmo_Serial_SetParentHWND
cmo_Serial_Read_DIR_Number
cmo_Serial_IsDataConnected
cmo_Serial_CloseDS2Port
cmo_Serial_SetHDR_SCP_Subtype_Custom_Config
cmo_Serial_Read_STATUS_SNAPSHOT_F
cmo_Serial_Read_TAGRAPH_F
cmo_Serial_Read_STATUS_F
cmo_Serial_Read_AN_AAA
cmo_Serial_Read_1x_Pilot_Sets
cmo_Serial_Read_Lock_Code
cmo_Serial_Write_Lock
cmo_Serial_AT_Write_User_Lock
cmo_Serial_AT_Write_HDR_Mode
cmo_Serial_Write_ROAM_Mode
cmo_Serial_GPS_Write_UIC
cmo_Serial_SetOnlyData
cmo_Serial_Read_ESN
cmo_Serial_AT_Read_PRL_ID
cmo_Serial_GPS_Read_GRPT
cmo_Serial_SetDS2Port
cmo_Serial_OpenDS2Port
cmo_Serial_SetDMPort
cmo_Serial_OpenDMPort
cmo_Serial_SetDataPort
cmo_Serial_OpenDataPort
cmo_Serial_Read_Noti_DS
cmo_Serial_Read_Roam_Ind
cmo_Serial_Read_Ant_Lvl
cmo_Serial_Set_Noti_Lcd
cmo_Serial_Read_MIPActiveProf
cmo_Serial_ReadHDR_SCP_Subtype_Custom_Config
cmo_Serial_GPS_Read_UIC
cmo_Serial_Read_ROAM_Mode
cmo_Serial_Read_SWVer
cmo_Serial_Read_Time
cmo_Serial_Read_SYS_SRV_MODE
cmo_Serial_DM_Read_PRL_ID
cmo_Serial_AT_Write_CRM
cmo_Serial_Initial

systeminfodll

cmo_InstalledFile
cmo_GetOSUserName
cmo_NetworkInformation
cmo_MonitorInformation
cmo_ProcessorInformation
cmo_MemoryInformation
cmo_ComputerNameInformation
cmo_HardDiskSpaceInformation
cmo_DriverInformation
cmo_OSInformation

kernel32

TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
FindResourceExA
SetErrorMode
GetFileAttributesA
GetFileTime
RtlUnwind
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoA
RaiseException
ExitThread
CreateThread
CreateFileA
GetVolumeInformationA
DuplicateHandle
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
GetStdHandle
SetHandleCount
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetSystemTimeAsFileTime
ExitProcess
LocalFree
FormatMessageA
GetLastError
Sleep
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
DeleteFileA
SetFileAttributesA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
WinExec
CreateMutexA
GetCurrentProcessId
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
lstrcpyA
lstrlenA
lstrcatA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
InterlockedExchange
MultiByteToWideChar
GetVersion
CompareStringA
CompareStringW
lstrcmpiA
GetStringTypeExA
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
OpenProcess
ReleaseSemaphore
GetLocalTime
CreateSemaphoreA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetFullPathNameA
CreateProcessA
GetModuleHandleA
GetProcAddress
SetLastError
CreateDirectoryA
FreeResource
MulDiv
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
GetModuleFileNameW
InterlockedDecrement
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
VirtualProtect
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize

user32

PostThreadMessageA
SetActiveWindow
RegisterClipboardFormatA
MessageBeep
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
UnregisterClassA
GetSysColorBrush
LoadBitmapA
GetWindowRect
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
MessageBoxA
SetRect
SendMessageA
GetClientRect
LoadIconA
PostMessageA
SetWindowPos
ShowWindow
PtInRect
UnionRect
OffsetRect
SetCursor
InflateRect
ScreenToClient
InvalidateRect
GetCursorPos
SetWindowLongA
CopyIcon
LoadCursorA
GetSysColor
IsWindowVisible
CharUpperA
DrawIcon
DeleteMenu
EnableMenuItem
GetSubMenu
LoadMenuA
GetSystemMenu
IsIconic
GetDesktopWindow
DestroyIcon
LoadImageA
SetWindowRgn
SetCapture
ReleaseCapture
PostQuitMessage
GetDC
GetWindowLongA
GetCapture
DrawEdge
GetParent
WindowFromPoint
ClientToScreen
SetFocus
GetNextDlgGroupItem
DrawFocusRect
FillRect
DispatchMessageA
TranslateMessage
PeekMessageA
DrawTextA
RedrawWindow
GetFocus
DefWindowProcA
GetClassInfoA
GetKeyState
CopyRect
SetRectEmpty
GetDlgItem
EndDialog
GetNextDlgTabItem
IsWindowEnabled
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetActiveWindow
TabbedTextOutA
DrawTextExA
GrayStringA
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
CallWindowProcA
GetDlgCtrlID
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA
CreateWindowExA
GetMenuItemCount
GetMenuItemID
GetMenu
UpdateWindow
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
InsertMenuA
GetMenuStringA
GetMenuState
CheckDlgButton
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
ModifyMenuA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowThreadProcessId
ValidateRect
GetMessageA
MapDialogRect
SetWindowContextHelpId
GetAsyncKeyState
DestroyMenu

gdi32

SaveDC
GetCurrentObject
SetBkMode
SetTextColor
PlgBlt
SetPixel
GetPixel
StretchBlt
SelectClipRgn
CreateBitmapIndirect
GetObjectA
CreateDIBSection
SelectObject
ExtCreateRegion
CombineRgn
DeleteDC
TextOutA
CreateSolidBrush
CreateRectRgn
GetDeviceCaps
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
DeleteObject
CreateFontA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RestoreDC
ExtSelectClipRgn
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExA
SetMapMode
RectVisible
GetClipBox
SetBkColor
GetViewportExtEx
GetWindowExtEx
ScaleViewportExtEx
PtVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
RegQueryValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
OleLoadPicture
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen

winmm

mciGetErrorStringA
mciSendCommandA

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
InternetCloseHandle
InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA

ws2_32

recvfrom
__WSAFDIsSet
select
sendto
inet_ntoa
inet_addr
gethostbyname
closesocket
setsockopt
socket
WSAGetLastError
WSAStartup

Sections

.text
Size: 624KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c91614010b356dbceb384f7eb13b28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:67:f9:f6:28:a0:ae:34:ac:71:58:2a:82:fe:a4:66Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

cmodeviceinfo

cmodialupdll

cmoserialdll

systeminfodll

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

iphlpapi

wininet

ws2_32

Sections

.text Size: 624KB - Virtual size: 620KB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:67:f9:f6:28:a0:ae:34:ac:71:58:2a:82:fe:a4:66
Certificate

.text
Size: 624KB - Virtual size: 620KB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB