2024-08-09_cf81d3972d7179e5930943ff4d9c4ba4_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-09_cf81d3972d7179e5930943ff4d9c4ba4_icedid
Size

2.4MB
MD5

cf81d3972d7179e5930943ff4d9c4ba4
SHA1

05cf1fcb8f7e04c7db042c30eec449ed191feb7b
SHA256

f38da499b087aaffb6ce97c1526294a7d2d9afa4bc2c57732f95f75a4592231b
SHA512

d19d7d9d7d7cc29e36b53a97cd1490ed1f11866a653c71b434823b028ac252219afb3414669f1765005135b9cd00d5abb390fa9dcc8a864cf06499320cf36677
SSDEEP

49152:pCRwIvMT/1acvb6YwPzPflOad6SbA4yKvOr8IiW/MhCB62X2PKjRKTM4s9jBFtIV:K3w8q00YoBFtI/cCb

Score

1^/10

Malware Config

Signatures

Files

2024-08-09_cf81d3972d7179e5930943ff4d9c4ba4_icedid
.exe windows:5 windows x86 arch:x86

318f276ded0e36090844dcb0ff01230d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:1e:33:c1:90:52:8c:57:9e:82:c3:d3:f3:dd:d8:d4
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

13/01/2017, 00:00

Not After

14/04/2018, 23:59

Subject

CN=ES-Computing,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a2:76:01:7f:7f:13:cc:9c:c5:29:88:43:13:5b:16:19:72:45:d7:86:7c:f4:a3:91:24:fb:6c:55:11:b5:35
Signer

Actual PE Digest

0f:a2:76:01:7f:7f:13:cc:9c:c5:29:88:43:13:5b:16:19:72:45:d7:86:7c:f4:a3:91:24:fb:6c:55:11:b5:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\x\code\epp3\Out\editplus32.pdb

Imports

user32

WinHelpW
GetDlgCtrlID
LoadStringW
CreateAcceleratorTableW
CopyAcceleratorTableW
GetMenuItemInfoW
SetCursor
GetMessagePos
DestroyAcceleratorTable
AdjustWindowRectEx
GetKeyboardLayout
keybd_event
UnpackDDElParam
IsWindowUnicode
ReuseDDElParam
GetWindowLongW
IsChild
SetLayeredWindowAttributes
GetMenuInfo
SetMenuInfo
LoadCursorW
SetParent
ModifyMenuW
SetMenuItemInfoW
GetMenuState
CreatePopupMenu
GetMenu
EnableMenuItem
CopyRect
InvertRect
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
OpenClipboard
LoadImageW
IsCharUpperW
IsCharLowerW
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetSysColor
GetSysColorBrush
DrawTextW
FindWindowW
GetFocus
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
IsCharAlphaNumericW
CharUpperW
CheckMenuItem
AppendMenuW
GetTabbedTextExtentW
ClientToScreen
DialogBoxParamW
IsWindow
DestroyMenu
LoadMenuW
TrackPopupMenuEx
GetDlgItem
GetDesktopWindow
SetWindowLongW
SetForegroundWindow
DrawMenuBar
InsertMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
DeleteMenu
GetMenuStringW
EndDialog
CallWindowProcW
SystemParametersInfoW
SetWindowPos
DdeUninitialize
DdeClientTransaction
DdeDisconnect
DdeCreateStringHandleW
DdeConnect
DdeFreeStringHandle
DdeInitializeW
GetWindow
SendDlgItemMessageW
SendDlgItemMessageA
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetDC
ReleaseDC
InvalidateRgn
GetCapture
KillTimer
SetTimer
RegisterWindowMessageW
GetKeyState
SetClipboardViewer
ChangeClipboardChain
IsWindowVisible
IsZoomed
IsIconic
IsClipboardFormatAvailable
GetClassLongW
SetClassLongW
CharLowerW
WindowFromPoint
PtInRect
TrackMouseEvent
ReleaseCapture
OffsetRect
SetRect
InflateRect
FillRect
TabbedTextOutW
GetParent
SetCapture
InvalidateRect
UpdateWindow
ScreenToClient
PostMessageW
EnableWindow
GetClientRect
GetWindowRect
LoadAcceleratorsW
DestroyIcon
LoadIconW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetDlgItemTextW
IsDialogMessageW
MoveWindow
SendMessageW
ShowWindow
ScrollWindowEx
RemoveMenu
TranslateMDISysAccel
TranslateAcceleratorW
SetRectEmpty
IntersectRect
CloseClipboard
GetClipboardData
SetClipboardData
EmptyClipboard
GetForegroundWindow
DefWindowProcW
CharNextExA
GetMessageTime
SetPropW
GetPropW
RemovePropW
SetFocus
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
GetWindowThreadProcessId
DefFrameProcW
DefMDIChildProcW
RedrawWindow
InsertMenuItemW
SetCursorPos
DestroyCursor
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
IsRectEmpty
GetSystemMenu
WaitMessage
DrawIcon
SetWindowRgn
UnregisterClassW
PostThreadMessageW
GetDCEx
LockWindowUpdate
CharNextW
MapDialogRect
SetWindowContextHelpId
CreateMenu
GetTabbedTextExtentA
GetNextDlgGroupItem
GetDoubleClickTime
RegisterClipboardFormatW
BringWindowToTop
EndDeferWindowPos
BeginDeferWindowPos
PostQuitMessage
DrawFocusRect
GetKeyNameTextW
GetCursorPos
MapVirtualKeyW
MessageBeep

comctl32

ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Draw

wsock32

closesocket
WSAStartup
setsockopt
WSAGetLastError
socket
htons
recv
select
send
WSACleanup
accept
bind
getsockname
listen
shutdown
ioctlsocket
connect
getservbyname
gethostbyname

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionFontW
ImmEscapeA
ImmEscapeW
ImmGetCompositionStringA
ImmGetCompositionStringW

uxtheme

SetWindowTheme
GetThemeBackgroundContentRect
IsAppThemed
CloseThemeData
OpenThemeData
DrawThemeBackground
EnableThemeDialogTexture

mpr

WNetOpenEnumW
WNetAddConnection2W
WNetGetConnectionW
WNetCloseEnum
WNetEnumResourceW

usp10

ScriptStringOut
ScriptString_pLogAttr
ScriptStringCPtoX
ScriptStringFree
ScriptStringAnalyse

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCloneImage

crypt32

CertStrToNameW
CryptFindCertificateKeyProvInfo
CryptBinaryToStringW
CertCreateSelfSignCertificate
CertFreeCertificateContext
CryptStringToBinaryW
CryptBinaryToStringA

secur32

FreeCredentialsHandle
AcquireCredentialsHandleW
FreeContextBuffer
InitializeSecurityContextW
EncryptMessage
QueryContextAttributesW
DecryptMessage
DeleteSecurityContext
ApplyControlToken

dbghelp

MiniDumpWriteDump

kernel32

EnumSystemLocalesA
InterlockedCompareExchange
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetLocaleInfoA
CreateThread
ExitThread
RaiseException
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
GetFileSizeEx
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
MultiByteToWideChar
GetACP
GlobalMemoryStatusEx
GetTickCount
WideCharToMultiByte
FindCloseChangeNotification
WaitForSingleObject
FindNextChangeNotification
FindFirstChangeNotificationW
InterlockedIncrement
InterlockedDecrement
GetTimeFormatW
GetDateFormatW
GetTempPathW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
CloseHandle
GetSystemDefaultLCID
SetThreadLocale
GetSystemDefaultLangID
GetUserDefaultUILanguage
SetThreadUILanguage
GetStringTypeExW
GetThreadLocale
lstrlenW
lstrcmpiW
UnmapViewOfFile
MapViewOfFile
ReadFile
SetFilePointer
GetFileSize
SetCurrentDirectoryW
GetCPInfo
GetLocalTime
GetShortPathNameW
GetModuleFileNameW
CreateFileMappingW
OpenFileMappingW
FindClose
FindNextFileW
GetFullPathNameW
GetTempFileNameW
CopyFileW
FindFirstFileW
DeleteFileW
GetSystemTime
GetCurrentDirectoryW
SetUnhandledExceptionFilter
MulDiv
lstrlenA
CreateFileMappingA
GetCurrentThreadId
SystemTimeToFileTime
GetCurrentThread
SetEndOfFile
GetCurrentProcess
CreateDirectoryW
CreateFileW
GetFileAttributesW
SetFileAttributesW
FreeResource
GetVersionExW
ExpandEnvironmentStringsW
GetFileTime
GetCurrentProcessId
ExitProcess
LocalFree
FormatMessageW
WriteFile
GetLocaleInfoW
GetPrivateProfileStringW
CreateProcessW
GlobalAddAtomW
GlobalGetAtomNameW
FileTimeToSystemTime
GlobalMemoryStatus
GetStdHandle
GetProcessHeap
Sleep
FileTimeToLocalFileTime
lstrcmpW
EnumSystemCodePagesW
FlushFileBuffers
CreatePipe
GetVolumeInformationW
ResumeThread
SuspendThread
GetDriveTypeW
ExpandEnvironmentStringsA
LoadLibraryA
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalSize
GetModuleHandleA
lstrcmpA
SetThreadPriority
SetEvent
CreateEventW
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetPrivateProfileIntW
WritePrivateProfileStringW
SetErrorMode
MoveFileW
LockFile
UnlockFile
DuplicateHandle
SetFileTime
GetDiskFreeSpaceW
GlobalFlags
GetProfileIntW
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetFileAttributesExW
LocalFileTimeToFileTime

gdi32

GetNearestColor
GetCharWidthW
Ellipse
LPtoDP
CreateEllipticRgn
GetMapMode
SetRectRgn
GetViewportOrgEx
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
DPtoLP
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetPolyFillMode
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CopyMetaFileW
CreateBitmap
GetClipBox
SetTextAlign
CreatePolygonRgn
PatBlt
GetRgnBox
CombineRgn
CreateRectRgn
Polygon
GetBkColor
CreatePatternBrush
CreateDIBitmap
SelectClipRgn
ExtTextOutA
CreateDIBSection
GetDeviceCaps
GetCurrentObject
GetCharABCWidthsW
GetOutlineTextMetricsW
CreateICW
EnumFontFamiliesExW
Rectangle
DeleteDC
GetTextExtentPointW
GetTextMetricsW
SetTextColor
SetBkColor
CreateRectRgnIndirect
GetObjectW
GetStockObject
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateSolidBrush
GetBkMode
SetBkMode
ExtTextOutW
GetTextColor
CreatePen
MoveToEx
LineTo
DeleteObject
GetTextExtentPoint32W
BitBlt
SelectObject
CreateCompatibleDC
CreateDCW
CreateCompatibleBitmap
CreateFontIndirectW
GetTextExtentPoint32A
GetWindowOrgEx
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
GetJobW
ClosePrinter

advapi32

CryptReleaseContext
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
RegOpenKeyW
CryptExportKey
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptDestroyKey
CryptVerifySignatureW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptGenKey
CryptGenRandom
CryptCreateHash
CryptImportKey
RegSetValueExW
CryptAcquireContextW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ExtractIconW
ord62
DragFinish
SHBindToParent
ord16
SHGetSettings
SHFileOperationW
ShellExecuteExW
DragQueryFileW
SHGetFileInfoW
DragAcceptFiles
Shell_NotifyIconW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHChangeNotify
ShellExecuteW
ExtractIconExW

shlwapi

PathIsUNCW
PathFindExtensionW
UrlEscapeW
UrlUnescapeW
StrCmpLogicalW
SHAutoComplete
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
PathStripToRootW

oledlg

OleUIBusyW

ole32

CoInitializeEx
OleDuplicateData
ReleaseStgMedium
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysFreeString
LoadTypeLi
SysStringLen
SafeArrayCreate
SysAllocString
OleCreateFontIndirect
VariantClear
SafeArrayPutElement
VariantInit

urlmon

CoInternetSetFeatureEnabled

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 611KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

318f276ded0e36090844dcb0ff01230d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4a:1e:33:c1:90:52:8c:57:9e:82:c3:d3:f3:dd:d8:d4Certificate

Extended Key Usages

Key Usages

0f:a2:76:01:7f:7f:13:cc:9c:c5:29:88:43:13:5b:16:19:72:45:d7:86:7c:f4:a3:91:24:fb:6c:55:11:b5:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

comctl32

wsock32

version

imm32

uxtheme

mpr

usp10

gdiplus

crypt32

secur32

dbghelp

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

urlmon

oleacc

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 33KB - Virtual size: 208KB

.rsrc Size: 611KB - Virtual size: 610KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4a:1e:33:c1:90:52:8c:57:9e:82:c3:d3:f3:dd:d8:d4
Certificate

0f:a2:76:01:7f:7f:13:cc:9c:c5:29:88:43:13:5b:16:19:72:45:d7:86:7c:f4:a3:91:24:fb:6c:55:11:b5:35
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 33KB - Virtual size: 208KB

.rsrc
Size: 611KB - Virtual size: 610KB