2024-08-07_3476e6630de1beeab2f17129320d6310_icedid_virut

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-07_3476e6630de1beeab2f17129320d6310_icedid_virut
Size

4.7MB
MD5

3476e6630de1beeab2f17129320d6310
SHA1

8306b3a76a70a4a65f9dd64204f172c10200ed0a
SHA256

bc7407665c16ee919a52f17bc5d1adae7bdbea452d5dc0b59b3c9ed490333f8c
SHA512

1a7ef59e08677b6565ea2ff6fbff014dad313ae5e7b7dbca28bf7fe499e4f37cfb19e3c082940070783a6d6908e9588e8ee5e42404d59aaf408f2c5f66f1632f
SSDEEP

24576:1vM/4P6GWOvgPMm/r7pt9++Kvz1Dqxim0gVOSqi/3YTLrYJfPgz+MYWX4+33IQY:5IDPMiHX8e6TWgzrrIR

Score

1^/10

Malware Config

Signatures

Files

2024-08-07_3476e6630de1beeab2f17129320d6310_icedid_virut
.exe windows:4 windows x86 arch:x86

d8bc03de5ead5ed23be4100ff3734b1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02/02/2009, 00:00

Not After

07/02/2012, 23:59

Subject

CN=CPUID,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CPUID,L=DUNKERQUE,ST=NORD,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:22:e4:70:8e:f5:3e:d2:ea:e9:83:15:19:50:c8:35:d0:b4:02:80
Signer

Actual PE Digest

49:22:e4:70:8e:f5:3e:d2:ea:e9:83:15:19:50:c8:35:d0:b4:02:80

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cpuid\applications\cpu_z\cpu_z_cn\release\cpuz.pdb

Imports

winmm

timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FlushFileBuffers
SetEndOfFile
SetErrorMode
HeapAlloc
GetStartupInfoW
RaiseException
HeapReAlloc
VirtualAlloc
RtlUnwind
ExitProcess
HeapSize
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WritePrivateProfileStringW
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
InterlockedIncrement
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
GetVersionExW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcmpW
FormatMessageW
MulDiv
GlobalLock
GlobalUnlock
FreeResource
GetSystemDirectoryA
GetModuleHandleA
FindResourceA
GetWindowsDirectoryA
RemoveDirectoryA
GetComputerNameA
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryA
GetLocalTime
DeleteFileA
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcessId
CreateEventA
GetOverlappedResult
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
LocalAlloc
CreateFileA
DeviceIoControl
LocalFree
GetSystemInfo
GetProcessAffinityMask
GetCurrentThread
GetCurrentProcess
SetFilePointer
GetVersionExA
LoadLibraryA
CreateMutexA
SetLastError
ReleaseMutex
lstrlenA
lstrcmpiA
CompareStringW
WriteConsoleA
GetVersion
InterlockedExchange
GetProcessHeap
HeapFree
GlobalMemoryStatus
GetTempPathW
lstrcatW
lstrcpyW
WinExec
lstrlenW
WriteFile
GetLastError
LoadLibraryW
CreateFileW
FreeLibrary
WriteConsoleW
CreateThread
GetProcAddress
ExitThread
Sleep
SetThreadPriority
GetStdHandle
InterlockedDecrement
MultiByteToWideChar
WaitForSingleObject
CloseHandle
WideCharToMultiByte
GetModuleHandleW
GetModuleFileNameW
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalFree
GetComputerNameW
GetCurrentDirectoryW
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
LockResource
FreeEnvironmentStringsW

user32

UnregisterClassW
LoadCursorW
GetSysColorBrush
DestroyMenu
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetWindowThreadProcessId
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
UnregisterClassA
SetForegroundWindow
IsWindowVisible
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
CallWindowProcW
SystemParametersInfoA
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
GetFocus
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
GetWindowLongW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItem
GetWindow
wsprintfA
ClientToScreen
ModifyMenuW
AppendMenuW
GetClassInfoExW
CreatePopupMenu
CreateCursor
SetWindowLongW
SetCursor
DestroyCursor
UpdateWindow
InvalidateRect
GetSysColor
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
LoadImageW
KillTimer
DestroyIcon
OffsetRect
MessageBoxW
wsprintfW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseDC
GetClientRect
GetDC
GetWindowDC
SendMessageW
EnableWindow
GetWindowRect
LoadBitmapW
RegisterWindowMessageW
GetWindowPlacement
DefWindowProcW

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SelectPalette
GetObjectW
GetStockObject
CreatePalette
GetSystemPaletteEntries
CreateCompatibleDC
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetPixel
CreateBitmap
CreateFontW
GetDeviceCaps
BitBlt
GetDIBits
CreateCompatibleBitmap
RealizePalette

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeSecurity

oleaut32

SafeArrayGetElemsize
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
VariantInit
SysStringLen
SafeArrayGetElement
SafeArrayGetVartype

Sections

.text
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8bc03de5ead5ed23be4100ff3734b1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:ddCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

49:22:e4:70:8e:f5:3e:d2:ea:e9:83:15:19:50:c8:35:d0:b4:02:80Signer

Headers

File Characteristics

PDB Paths

Imports

winmm

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 872KB - Virtual size: 871KB

.rdata Size: 204KB - Virtual size: 200KB

.data Size: 92KB - Virtual size: 110KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:f2:5a:23:90:6d:e1:bb:fa:2c:46:06:7e:ba:0d:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

49:22:e4:70:8e:f5:3e:d2:ea:e9:83:15:19:50:c8:35:d0:b4:02:80
Signer

.text
Size: 872KB - Virtual size: 871KB

.rdata
Size: 204KB - Virtual size: 200KB

.data
Size: 92KB - Virtual size: 110KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB