2024-08-18_e0cb333a26fccb5c757b94cf7b895473_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-18_e0cb333a26fccb5c757b94cf7b895473_icedid
Size

2.6MB
MD5

e0cb333a26fccb5c757b94cf7b895473
SHA1

67238253e54617e944df61f1bc5c84a67a38da2e
SHA256

5a1799f121dc0342cec80c885469580182c5d2bf1e18ee8f06919e532d7c8ab9
SHA512

31a6fc6018d12c2919c7c00e823e0726f67423ad29cc3ae70ab432581b9c8993cd76d3f3a079f38d0c62db6544b51f5f0560608fe2668f82cd59a03f239cad9a
SSDEEP

24576:7XZWQO6McKRiwQzyYJIQrg0PWWVUqcQcZOYKPCmtVWBJVUcBAT6bc6G6lN3gIV+p:75O6rzBIiWmvPJtVWxDW6bc6GE414+Jj

Score

1^/10

Malware Config

Signatures

Files

2024-08-18_e0cb333a26fccb5c757b94cf7b895473_icedid
.exe windows:4 windows x86 arch:x86

205af0b5e4e109ca01073d9923b017af

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15/05/2008, 00:00

Not After

30/05/2010, 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
ioctlsocket
htons
socket
connect
send
select
inet_ntoa
closesocket
__WSAFDIsSet
getsockopt
listen
bind
htonl
accept
getsockname
ntohs
WSAStartup
recv
gethostbyname
WSACleanup

kernel32

SetErrorMode
WritePrivateProfileStringA
FindResourceExA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
HeapReAlloc
RaiseException
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
ExitThread
GetACP
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
SetHandleCount
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
GetProfileStringA
MulDiv
LocalFree
FormatMessageA
GetLastError
CreateDirectoryA
GetFileAttributesA
GlobalUnlock
GlobalLock
GlobalSize
MultiByteToWideChar
GetFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SizeofResource
GlobalFlags
VirtualProtect
FileTimeToLocalFileTime
lstrlenW
GetCurrentThread
GetTickCount
GetProfileIntA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
UnlockFile
LockFile
DuplicateHandle
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
InterlockedDecrement
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
FindResourceA
LoadResource
FileTimeToSystemTime
FlushFileBuffers
GetDiskFreeSpaceA
GetComputerNameA
GetCurrentDirectoryA
SleepEx
lstrlenA
lstrcpynA
ResetEvent
ReadFile
MoveFileA
LocalAlloc
SetLastError
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
GetModuleFileNameA
GetSystemDirectoryA
CloseHandle
SetEvent
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetUserDefaultLangID
OpenEventA
SetFileAttributesA
lstrcmpiA
GetLocaleInfoA
GetVersion
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
CreateEventA
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileA
FindNextFileA
FindClose
MoveFileExA
GetShortPathNameA
lstrcpyA
GlobalAlloc
GlobalFree
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
GetWindowsDirectoryA
lstrcatA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
DeleteFileA
CreateFileA
CreateThread
TerminateThread
GetVersionExA
GetModuleHandleA
GetExitCodeProcess
GetCurrentProcess
ExitProcess
CreateProcessA
CreateMutexA
OpenMutexA
WaitForSingleObject
GetStdHandle

user32

GetDCEx
LockWindowUpdate
IsRectEmpty
InflateRect
CharUpperA
IsClipboardFormatAvailable
ValidateRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetFocus
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsChild
GetClassInfoA
GetWindowTextLengthA
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
GetParent
IsWindowEnabled
DrawFrameControl
DrawStateA
SetRect
DeleteMenu
DrawIconEx
GetWindowLongA
SetWindowLongA
IntersectRect
GetSysColorBrush
FrameRect
UnionRect
ClientToScreen
WindowFromPoint
DestroyWindow
CopyIcon
SetFocus
GetPropA
RemovePropA
PostQuitMessage
DefWindowProcA
RegisterClassA
SetPropA
GetMessageA
TranslateMessage
DispatchMessageA
WinHelpA
DestroyIcon
CreateWindowExA
SetWindowPos
RegisterClipboardFormatA
GetWindowDC
FillRect
RemoveMenu
DrawFocusRect
GetMessagePos
ScreenToClient
LoadCursorA
SetCursor
EqualRect
GetCapture
ReleaseCapture
SetCapture
CreatePopupMenu
ModifyMenuA
TrackPopupMenu
IsIconic
GetSystemMetrics
DrawIcon
OffsetRect
EnableMenuItem
SetClipboardViewer
CheckMenuItem
LoadImageA
DestroyMenu
ChangeClipboardChain
GetMenu
EnumWindows
SetForegroundWindow
IsWindowVisible
GetWindowTextA
ShowWindow
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
GetAsyncKeyState
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
SystemParametersInfoA
LoadBitmapA
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
AppendMenuA
CheckMenuRadioItem
FindWindowA
GetCursorPos
PtInRect
InvalidateRect
GetClientRect
ReleaseDC
CopyRect
PostMessageA
MsgWaitForMultipleObjects
GetDesktopWindow
SetParent
KillTimer
SetTimer
wsprintfA
GetClassNameA
GetForegroundWindow
ExitWindowsEx
MessageBoxA
MessageBeep
GetWindowRect
EnableWindow
GetDlgItem
GetSysColor
GetDlgCtrlID
LoadStringA
SendMessageA
GetWindow
GetDC
LoadIconA
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
PeekMessageA

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePen
CreatePatternBrush
PtVisible
RectVisible
ExtTextOutA
Escape
PatBlt
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
GetTextMetricsA
CopyMetaFileA
GetTextColor
GetBkColor
LPtoDP
EnumFontFamiliesExA
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteDC
CreateCompatibleBitmap
GetStockObject
SelectObject
BitBlt
DeleteObject
CreateRectRgnIndirect
CreateCompatibleDC
GetDIBits
CreateDIBSection
CreateSolidBrush
GetObjectA
CreateFontIndirectA
GetDeviceCaps
GetTextExtentPointA
TextOutA
CreateDIBitmap
CreateFontA

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
GetUserNameA
RegLoadKeyA
RegRestoreKeyA
RegSaveKeyA
RegEnumValueA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey

shell32

SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconA
SHFileOperationA
FindExecutableA
ShellExecuteExA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_Add
ImageList_Remove
ord17
ord8
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

CLSIDFromString
CoInitialize
CoRevokeClassObject
CLSIDFromProgID
CoCreateInstance
CoUninitialize
OleUninitialize
OleInitialize
CoRegisterClassObject
CoGetObject
StringFromGUID2
ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
OleDuplicateData
CreateStreamOnHGlobal
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoFreeUnusedLibraries

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime
VariantChangeType
VariantClear
VariantCopy
SysAllocStringLen
LoadTypeLi
LoadTypeLibEx
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SysFreeString

wininet

InternetCombineUrlA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetCookieA
HttpOpenRequestA
InternetGetCookieA
InternetCloseHandle
GetUrlCacheEntryInfoA
InternetOpenA
InternetConnectA
InternetReadFile

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 724KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

205af0b5e4e109ca01073d9923b017af

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 360KB - Virtual size: 356KB

.data Size: 144KB - Virtual size: 166KB

.rsrc Size: 724KB - Virtual size: 720KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 360KB - Virtual size: 356KB

.data
Size: 144KB - Virtual size: 166KB

.rsrc
Size: 724KB - Virtual size: 720KB