2024-08-21_77cd14c84178aaffe186618cd56a5005_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-21_77cd14c84178aaffe186618cd56a5005_icedid
Size

7.0MB
MD5

77cd14c84178aaffe186618cd56a5005
SHA1

4bcea33048286912e3166f2f6317f1646ebabc33
SHA256

2adf5d3a63f18a45785524820bdf477394672591296b7c3fd0922a63286bf5d3
SHA512

092ed0ea6018ca43084a1d5848836713fba70a3254a45a5daf00f786bb1a4d20dd5d8c37488ce0e15da4b74d88142425406b99d559c9e6a4ecc593e7a8b4dbb9
SSDEEP

196608:wQ1BEeG1sYn3TPNxytTsNJsv6tWKFdu9Cb:d1Be3BrNJsv6tWKFdu9Cb

Score

1^/10

Malware Config

Signatures

Files

2024-08-21_77cd14c84178aaffe186618cd56a5005_icedid
.exe windows:4 windows x86 arch:x86

cd8607baa8045fcf3a1ace150f8c4124

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:f5:4c:8b:81:54:88:f3:56:e5:02:75:f6:a6:e4:fe
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/10/2014, 00:00

Not After

20/10/2016, 23:59

Subject

CN=Bradford Networks,OU=Operations,O=Bradford Networks,POSTALCODE=03301,STREET=162 Pembroke Road,L=Concord,ST=New Hampshire,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:01:ba:a9:09:65:5e:42:7d:0f:f4:f4:1b:dc:b3:ad:9b:44:54:82
Signer

Actual PE Digest

6a:01:ba:a9:09:65:5e:42:7d:0f:f4:f4:1b:dc:b3:ad:9b:44:54:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
CryptReleaseContext
CryptGetHashParam
RegOpenKeyExW
RegSetValueExA
OpenProcessToken
StartServiceA
ControlService
OpenServiceA
OpenSCManagerA
CryptDestroyHash
CryptSignHashA
CryptHashData
CryptCreateHash
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
CloseServiceHandle
QueryServiceStatusEx
EnumDependentServicesA
QueryServiceStatus
ChangeServiceConfigA
RegQueryValueExW
GetTokenInformation
CryptAcquireContextA
GetLengthSid
CopySid
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
FreeSid

ws2_32

sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
send
recv
WSAGetLastError
WSACleanup
WSAAsyncSelect
WSAStartup
WSAAddressToStringA
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom

wldap32

ord211
ord143
ord60
ord50
ord26
ord30
ord46
ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord22

imm32

ImmSetCompositionFontW
ImmSetCandidateWindow
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmSetCompositionWindow

winmm

PlaySoundW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

CreateFileMappingW
GetUserDefaultLCID
GetCommandLineW
GetCurrentProcessId
GetSystemInfo
SwitchToThread
GetThreadPriority
SetThreadPriority
ResumeThread
TlsFree
GetCurrentThread
CreateEventW
GetVersionExW
FormatMessageW
LocalFree
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
OutputDebugStringW
GetLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
CreateSemaphoreW
ReleaseSemaphore
SetFilePointerEx
GetLogicalDrives
SetEndOfFile
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
DeviceIoControl
FindFirstFileW
FindClose
GetFileInformationByHandle
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
GetTempPathW
CopyFileW
MoveFileW
DeleteFileW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
FindNextFileW
GlobalAlloc
UnmapViewOfFile
GetLocaleInfoW
SetErrorMode
CreateProcessW
ExpandEnvironmentStringsW
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetOEMCP
GetCPInfo
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalFlags
FlushFileBuffers
lstrcmpA
GlobalGetAtomNameA
GetModuleHandleA
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFileAttributesA
FindFirstFileA
GetThreadLocale
GetLocaleInfoA
GetACP
FindNextFileA
InterlockedCompareExchange
MapViewOfFile
ExitProcess
ExpandEnvironmentStringsA
GetFileType
SleepEx
lstrcmpW
TerminateThread
CreatePipe
CreateThread
SetLastError
WaitForMultipleObjects
PeekNamedPipe
GetModuleFileNameA
GetUserDefaultLangID
FileTimeToLocalFileTime
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
OpenProcess
TerminateProcess
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
FindResourceA
LoadResource
GetExitCodeProcess
EnumSystemLocalesA
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
HeapCreate
HeapDestroy
VirtualFree
HeapSize
SetFileAttributesW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
WriteConsoleW
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GlobalFree
GetVolumeInformationW
GetLongPathNameW
LockResource
SizeofResource
HeapAlloc
IsBadCodePtr
FormatMessageA
GetProcessHeap
HeapFree
TlsGetValue
TlsSetValue
TlsAlloc
SystemTimeToFileTime
FileTimeToSystemTime
GetPrivateProfileStringA
CreateProcessA
GetSystemDirectoryA
SetEvent
WaitForSingleObject
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
IsValidCodePage
IsDBCSLeadByteEx
DeleteCriticalSection
GetFullPathNameW
GetFullPathNameA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetVersionExA
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetCurrentDirectoryW
GetCurrentDirectoryA
WriteFile
ReadFile
GetStdHandle
GetCurrentProcess
GlobalSize
DuplicateHandle
CreateFileW
CreateFileA
CloseHandle
SetFilePointer
Sleep
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RaiseException
VirtualAlloc
IsValidLocale
IsValidLanguageGroup
GlobalUnlock
GetCurrentThreadId
GlobalLock

dnsapi

DnsQuery_A
DnsFree

crypt32

CryptBinaryToStringA
CryptAcquireCertificatePrivateKey
CertGetNameStringA
CertOpenStore
CertEnumCertificatesInStore

user32

ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowLongA
IsWindow
GetDlgItem
GetWindow
GetDlgCtrlID
GetClassNameA
PtInRect
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
DispatchMessageA
PeekMessageA
ValidateRect
GetWindowTextA
LoadCursorA
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
wsprintfW
ExitWindowsEx
GetSystemMetrics
SystemParametersInfoW
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
SetFocus
GetActiveWindow
IsChild
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
SetWindowPos
InvalidateRect
GetClientRect
ValidateRgn
ClientToScreen
GetSystemMenu
GetWindowPlacement
EnableMenuItem
SetWindowPlacement
IsWindowVisible
GetWindowRect
DestroyWindow
ShowWindow
SetParent
ScreenToClient
ScrollWindowEx
SetWindowTextW
UpdateWindow
DestroyIcon
SendMessageW
CallNextHookEx
SetCapture
SetWindowsHookExW
SetCursor
SetWindowRgn
ReleaseCapture
UnhookWindowsHookEx
SetForegroundWindow
IsIconic
IsZoomed
GetDesktopWindow
DispatchMessageW
MsgWaitForMultipleObjectsEx
RegisterClassW
SetTimer
GetQueueStatus
KillTimer
CharNextExA
GetClipboardFormatNameW
ChangeClipboardChain
SetClipboardViewer
GetKeyboardLayout
TrackPopupMenuEx
SetMenuItemInfoW
ToUnicode
GetMenu
ToAscii
MapVirtualKeyW
GetKeyboardState
LoadIconW
HideCaret
CreateCaret
DestroyCaret
SetCaretPos
TranslateMessage
GetKeyboardLayoutList
RegisterClipboardFormatW
GetAsyncKeyState
GetIconInfo
MapWindowPoints
GetWindowThreadProcessId
RegisterWindowMessageW
FlashWindowEx
GetCaretBlinkTime
MessageBeep
GetParent
GetSysColor
WindowFromPoint
GetKeyState
ClipCursor
UnregisterClassW
RegisterClassExW
GetWindowRgn
GetSysColorBrush
GetClassInfoW
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
EndPaint
BeginPaint
InvalidateRgn
GetUpdateRect
DefWindowProcW
DrawIconEx
PeekMessageW
PostMessageW
CreateIconIndirect
SetCursorPos
GetCursorPos
DestroyCursor
LoadImageW
CreateCursor
CreateWindowExW
MoveWindow
AdjustWindowRectEx

gdi32

GetCharABCWidthsFloatW
CreatePalette
GetPaletteEntries
GdiFlush
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
SelectClipRgn
SaveDC
RestoreDC
GetTextExtentPoint32W
SetBkColor
SetMapMode
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetOutlineTextMetricsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetFontData
GetDeviceCaps
CombineRgn
OffsetRgn
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteDC
CreateRectRgn
GetRegionData
GetStockObject
GetObjectW
SelectPalette
RealizePalette
PtInRegion
CreateCompatibleBitmap
GetDIBits
CreateBitmap
EnumFontFamiliesExW
GetTextMetricsW
GetTextFaceW

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

Shell_NotifyIconW
ShellExecuteExA
ShellExecuteW
ShellExecuteA

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoGetObject
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
StringFromGUID2
OleInitialize
OleUninitialize
DoDragDrop
ReleaseStgMedium
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
CoGetMalloc

oleaut32

VariantChangeType
SysStringLen
VariantInit
GetActiveObject
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

shlwapi

PathIsUNCA
PathStripToRootA

iphlpapi

IpRenewAddress
IpReleaseAddress
GetAdaptersAddresses
GetInterfaceInfo

netapi32

NetApiBufferFree
NetGetJoinInformation

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd8607baa8045fcf3a1ace150f8c4124

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

a3:f5:4c:8b:81:54:88:f3:56:e5:02:75:f6:a6:e4:feCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

6a:01:ba:a9:09:65:5e:42:7d:0f:f4:f4:1b:dc:b3:ad:9b:44:54:82Signer

Headers

File Characteristics

Imports

advapi32

ws2_32

wldap32

imm32

winmm

version

kernel32

dnsapi

crypt32

user32

gdi32

winspool.drv

shell32

ole32

oleaut32

shlwapi

iphlpapi

netapi32

oleacc

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 212KB - Virtual size: 246KB

.rsrc Size: 12KB - Virtual size: 9KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

a3:f5:4c:8b:81:54:88:f3:56:e5:02:75:f6:a6:e4:fe
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

6a:01:ba:a9:09:65:5e:42:7d:0f:f4:f4:1b:dc:b3:ad:9b:44:54:82
Signer

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 212KB - Virtual size: 246KB

.rsrc
Size: 12KB - Virtual size: 9KB