2024-08-17_58b47f6651122872bd89a1918923cdb8_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-17_58b47f6651122872bd89a1918923cdb8_icedid
Size

5.0MB
MD5

58b47f6651122872bd89a1918923cdb8
SHA1

dc65699865ff80e9a62fdcf4380e6c8627f0bee2
SHA256

fd34fd038388557763e314c18e8f5115127ce4272f2219cd703b8643adf38be9
SHA512

4ac032cd181dcc4a356767987e1cb47b0d7e8a6db9031999425d404d9900fa845e680cf0ea1a9399031d3fcf2521611b3082dd0c6cea56ef7edd648b3be52613
SSDEEP

49152:m5U+HyiPZ79iasZFj6oahfjREhfjg9+VmRCCfXJEY9ZY8CVmX+fXJEZ+W9T:mi+Ss9iaYpA4mRCW7i8kmX6a+mT

Score

1^/10

Malware Config

Signatures

Files

2024-08-17_58b47f6651122872bd89a1918923cdb8_icedid
.exe windows:4 windows x86 arch:x86

e77a7ae64dfd386058fd689074836cc5

Code Sign

0d:85:64:c6:47:e0:b3:7d:1f:1d:c2:a2:bc:b1:e7:93
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/01/2016, 00:00

Not After

18/02/2016, 12:00

Subject

SERIALNUMBER=11011103061407,CN=Solusseum\, Inc.,O=Solusseum\, Inc.,POSTALCODE=152-741,STREET=Guro-gu+STREET=Mario Tower #405\, 28\, Digital-ro 30-gil\,,L=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:4e:8d:b2:f2:3f:85:4e:cc:cb:13:7f:c6:84:cf:88:d0:b5:77:86
Signer

Actual PE Digest

92:4e:8d:b2:f2:3f:85:4e:cc:cb:13:7f:c6:84:cf:88:d0:b5:77:86

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WiseCap\test\WiseCap_DCheck_vs2005\release\WiseCap_DCheck.pdb

Imports

kernel32

GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetPrivateProfileStringW
WritePrivateProfileStringW
SystemTimeToFileTime
GetThreadLocale
lstrlenA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
ConvertDefaultLocale
OutputDebugStringW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GetCurrentProcessId
FormatMessageW
LocalFree
WideCharToMultiByte
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
MulDiv
GetModuleHandleA
SetLastError
lstrlenW
GetTickCount
SetEndOfFile
WriteFile
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeProcess
CreateProcessW
GetNativeSystemInfo
GetLocalTime
RemoveDirectoryW
VerifyVersionInfoW
DeleteFileW
WaitForSingleObject
VerSetConditionMask
SetEvent
GlobalMemoryStatusEx
Sleep
CreateEventW
GetModuleFileNameW
GetCommandLineW
CreateFileW
MultiByteToWideChar
Wow64RevertWow64FsRedirection
DeviceIoControl
Wow64DisableWow64FsRedirection
GetCurrentThread
CloseHandle
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleHandleW
InterlockedDecrement
GlobalLock
GlobalAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalFree
QueryPerformanceCounter
GlobalUnlock

user32

RegisterClipboardFormatW
UnregisterClassW
CharUpperW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
DestroyMenu
LoadCursorW
GetSysColorBrush
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetCursor
SetWindowContextHelpId
MapDialogRect
GetActiveWindow
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
GetCursorPos
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
UnregisterClassA
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
ScreenToClient
GetWindowTextW
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
PostThreadMessageW
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
GetWindowLongW
IsDialogMessageW
SendDlgItemMessageW
GetMessagePos
GetDlgItem
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
IsIconic
SetTimer
KillTimer
GetDesktopWindow
LoadIconW
DrawIcon
GetSystemMetrics
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
MessageBoxW
wsprintfW
ExitWindowsEx
GetClientRect
DrawTextW
EnableWindow
GetDC
EqualRect
TabbedTextOutW
SendMessageW
IsWindow
InvalidateRect
GetWindowRect
GetParent
GrayStringW
DrawTextExW

gdi32

CreateRectRgnIndirect
ScaleViewportExtEx
GetMapMode
GetTextColor
GetRgnBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
GetBkColor
CreateCompatibleBitmap
SelectObject
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateFontW
GetStockObject
CreateCompatibleDC
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
Escape
SetWindowOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

LookupPrivilegeValueW
RegQueryValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
InitiateSystemShutdownW
AdjustTokenPrivileges

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantClear
SysAllocString
SysFreeString
VariantInit
SafeArrayGetElement
VariantChangeType
SysAllocStringLen
SysStringLen

wininet

InternetCloseHandle
InternetOpenW
InternetReadFile
InternetOpenUrlW

sensapi

IsNetworkAlive

gdiplus

GdipDeleteGraphics
GdipCloneImage
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipFree
GdiplusStartup
GdipCreateFromHDC
GdipDisposeImage

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e77a7ae64dfd386058fd689074836cc5

Code Sign

0d:85:64:c6:47:e0:b3:7d:1f:1d:c2:a2:bc:b1:e7:93Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

92:4e:8d:b2:f2:3f:85:4e:cc:cb:13:7f:c6:84:cf:88:d0:b5:77:86Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

sensapi

gdiplus

netapi32

version

iphlpapi

Sections

.text Size: 292KB - Virtual size: 288KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

0d:85:64:c6:47:e0:b3:7d:1f:1d:c2:a2:bc:b1:e7:93
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

92:4e:8d:b2:f2:3f:85:4e:cc:cb:13:7f:c6:84:cf:88:d0:b5:77:86
Signer

.text
Size: 292KB - Virtual size: 288KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB