2024-07-10_8e204d474ed4f89c3ac60ed734b8406a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-10_8e204d474ed4f89c3ac60ed734b8406a_icedid
Size

329KB
MD5

8e204d474ed4f89c3ac60ed734b8406a
SHA1

bc0c6ee9a9bc7b36cb93295d4e61de690d825a02
SHA256

a3df86165475e54d84c2fdf3279c5d74352f494af5cd50c473bfef5872212a17
SHA512

0f81fc45b0766cf5371cd3ac17fc79e32236111ea34b45dab46c410a83fe1338682f89971c3de2971443145aee9523a4ccd7f0394bea752fb113529aa938eeaa
SSDEEP

6144:7I0NnFkuLM0apJaB6cVnL86etHjoRpBM9XE7uMnowhGKvXAd9yp:7I0kuo0apmXL8ZDojKJECMn5x

Score

1^/10

Malware Config

Signatures

Files

2024-07-10_8e204d474ed4f89c3ac60ed734b8406a_icedid
.exe windows:4 windows x86 arch:x86

d67e9314722920654484f5b34fcf7bfc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:7e:d5:0d:04:5c:25:02:bb:75:f1:c1:c2:a4:4d:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Administrative management department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=ShangHai,ST=ShangHai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\XSearchNew\ppsvod\Cdnds_mgr\Release\pssmgr.pdb

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

iphlpapi

GetTcpTable

kernel32

GetPrivateProfileIntA
GetTempPathA
GetTempFileNameA
MoveFileExA
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualQuery
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatus
GetFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProfileStringA
CreateProcessA
GetProcessHeap
GetLogicalDriveStringsA
GetDriveTypeA
TerminateProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
FormatMessageA
GlobalAlloc
GlobalFree
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateEventA
Sleep
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
lstrcpynA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
FindResourceExA
RaiseException
MultiByteToWideChar
LCMapStringW
OpenFile
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
InterlockedDecrement
InterlockedIncrement
GetVersionExA
DeviceIoControl
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
MoveFileA
CreateFileA
CreateDirectoryA
GetModuleFileNameA
WriteFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
GetCurrentProcess
LoadLibraryA
GetProcAddress
OpenProcess
ReadProcessMemory
FreeLibrary
lstrcpyA
LocalFree
LocalAlloc
lstrlenA
WaitForSingleObject
SetEvent
TerminateThread
SetLastError
GetExitCodeThread
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
CloseHandle
SetEnvironmentVariableA
SetStdHandle
GlobalUnlock
GlobalLock
EnumResourceLanguagesA
ConvertDefaultLocale
GetModuleHandleA
lstrcmpA
GlobalDeleteAtom
GetCurrentThreadId
GetCurrentThread
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcatA
GlobalAddAtomA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FlushFileBuffers
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapReAlloc
HeapSize
LCMapStringA
IsBadCodePtr
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW

user32

LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
GetClassNameA
PtInRect
GetWindowRect
GetWindow
ClientToScreen
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcA
DefWindowProcA
RegisterClassA
GetClassInfoA
AdjustWindowRectEx
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
LoadIconA
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetKeyState
GetClassLongA
CreateWindowExA
SetCursor
WinHelpA
RegisterWindowMessageA
DestroyMenu
GetSysColor
GetSysColorBrush
GetWindowTextA
GetFocus
GetParent
SetWindowPos
EnableWindow
IsWindowEnabled
ShowWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
GetDlgItem
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetCursorPos
ValidateRect
GetLastActivePopup
DispatchMessageA
PeekMessageA
wsprintfA
UnregisterClassA
MessageBoxA
GetProcessWindowStation
TranslateMessage
SendMessageA
LoadCursorA
GetSystemMetrics
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
GetCapture
IsWindowVisible
GetDC
GetClassInfoExA
ReleaseDC

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetDeviceCaps
SetTextColor
SetMapMode
GetClipBox
DeleteDC
Escape

advapi32

StartServiceCtrlDispatcherA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
OpenProcessToken
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
SetServiceStatus
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
ChangeServiceConfig2A
CreateServiceA
QueryServiceStatus
ControlService
StartServiceA
RegisterServiceCtrlHandlerA
ImpersonateSelf
ImpersonateLoggedOnUser
RegCreateKeyExA
RegQueryValueA
CreateProcessAsUserA
RegOpenKeyExA
GetUserNameA

shell32

ShellExecuteA

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemFree
StringFromCLSID

comctl32

ord17

shlwapi

PathFindExtensionA

ws2_32

setsockopt
shutdown
recv
send
getprotobyname
gethostname
inet_ntoa
WSAStartup
closesocket
ntohs
htons
socket
connect
WSACleanup
gethostbyname

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetGetConnectedState
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d67e9314722920654484f5b34fcf7bfc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0b:7e:d5:0d:04:5c:25:02:bb:75:f1:c1:c2:a4:4d:9dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

psapi

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

ws2_32

version

wininet

oleacc

winspool.drv

oleaut32

Sections

.text Size: 260KB - Virtual size: 258KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 792B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0b:7e:d5:0d:04:5c:25:02:bb:75:f1:c1:c2:a4:4d:9d
Certificate

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 792B