2024-08-25_df9cc0b64c83a9b236b4dc7bf86117af_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-25_df9cc0b64c83a9b236b4dc7bf86117af_icedid
Size

1.1MB
MD5

df9cc0b64c83a9b236b4dc7bf86117af
SHA1

4d6420c20797e97fdaeca0a5bff32f072a4771f7
SHA256

a5e42f3de4a8ec303626280c429d1b08301d3d331ad09d8034fe00953ef0011f
SHA512

616c20131667d66ef2e471909886105ecbc9f482d78f02af539063c9d4a87a11cc49e88ebbbfeb59667969e92634c42edeefa608b4db411b059f6982f6978b80
SSDEEP

24576:Bb6XRoTJs6e4pBrk8yqc/fbXH/TApbod2auZU89R3/:BWXuT26e4pBA5h7TApbod2aeU89RP

Score

1^/10

Malware Config

Signatures

Files

2024-08-25_df9cc0b64c83a9b236b4dc7bf86117af_icedid
.exe windows:5 windows x86 arch:x86

1224789703cc9eeb9c134723d01c3a9f

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:69:88:f3:4a:2a:a2:31:c3:fd:99:21:7d:0b:2f:a2
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

17/08/2015, 00:00

Not After

15/10/2017, 23:59

Subject

CN=Daishin Securities Co.\, Ltd.,O=Daishin Securities Co.\, Ltd.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\giantcybos\_pdbim\ncStarter.pdb

Imports

gdiplus

GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipTranslateWorldTransform
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipDrawString
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipDrawImageI
GdipCloneBitmapAreaI
GdipSaveGraphics
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipMeasureString
GdipFillRectangle
GdipRestoreGraphics
GdipDrawImageRect
GdipDrawRectangleI
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSetStringFormatTrimming
GdipFree

spednetmodule

ProcessCancel

kernel32

FindClose
lstrlenW
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcpyA
GetFileSize
ReadFile
MulDiv
FreeResource
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleFileNameW
lstrcmpA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
FindNextFileA
FileTimeToLocalFileTime
GetThreadLocale
WriteFile
GetEnvironmentVariableA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GetFileAttributesExA
GetFileSizeEx
GetModuleHandleW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapFree
ExitThread
GetTimeZoneInformation
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
FindFirstFileA
VirtualFree
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
GetVersionExA
CopyFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
GetWindowsDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThread
SetErrorMode
SetEnvironmentVariableA
CreateDirectoryA
CreateThread
LoadLibraryExA
TerminateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateProcessA
GetVersion
GetCurrentDirectoryA
SetCurrentDirectoryA
WinExec
MultiByteToWideChar
DeleteFileA
GetTempFileNameA
GetTempPathA
lstrlenA
InterlockedDecrement
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetTickCount
IsBadWritePtr
GetSystemTime
LocalFree
Sleep
OpenProcess
FreeLibrary
SetLastError
WaitForSingleObject
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetProcAddress
LoadLibraryA
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
VirtualQuery
GetModuleHandleA
FormatMessageA
SetUnhandledExceptionFilter
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
OutputDebugStringA
GetFileAttributesA
GetProcessHeap
SetFilePointer

user32

CharUpperA
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
GetMenuItemInfoA
DestroyMenu
WindowFromPoint
GetSysColorBrush
CopyAcceleratorTableA
InvalidateRgn
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
CharNextA
UnregisterClassA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
GetCursorPos
SetCursor
LoadCursorA
IsRectEmpty
WaitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
MoveWindow
IsDialogMessageA
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowContextHelpId
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetWindow
GetLastActivePopup
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowLongA
CreateWindowExA
RegisterClassA
GetClassInfoA
DestroyWindow
GetDlgItem
GetDC
GetDesktopWindow
UpdateWindow
DrawFocusRect
WinHelpA
SetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
DefWindowProcA
GetFocus
DrawIcon
MessageBoxA
ExitWindowsEx
AppendMenuA
GetSystemMenu
LoadIconA
SetActiveWindow
SetWindowPos
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
SetForegroundWindow
ShowWindow
IsIconic
RedrawWindow
GetDCEx
ReleaseDC
GetWindowDC
DestroyIcon
DrawStateA
GetIconInfo
GetSystemMetrics
IsWindowEnabled
GetSysColor
InflateRect
CopyRect
GetWindowLongA
PostThreadMessageA
SetTimer
KillTimer
wsprintfA
SetWindowRgn
PtInRect
SetRect
OffsetRect
SystemParametersInfoA
GetParent
LoadImageA
FillRect
GetClientRect
InvalidateRect
ReleaseCapture
EqualRect
SetCapture
ScreenToClient
PostMessageA
IsWindow
GetWindowRect
EnableWindow
SendMessageA
MapDialogRect
GetDlgCtrlID
PostQuitMessage
SetFocus

gdi32

SaveDC
RestoreDC
SetBkMode
SetTextColor
SetMapMode
GetClipBox
LineTo
MoveToEx
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
CreateRectRgnIndirect
GetMapMode
DPtoLP
CreateEllipticRgn
LPtoDP
Ellipse
GetRgnBox
GetBkColor
GetTextColor
SelectClipRgn
GetTextMetricsA
ScaleWindowExtEx
SetWindowExtEx
GetTextExtentPoint32A
SetBkColor
ExtTextOutA
SetPixel
CreateBrushIndirect
SelectObject
CreateCompatibleBitmap
RoundRect
CreateRoundRectRgn
CreatePen
CreatePalette
GetDIBColorTable
CreateHalftonePalette
BitBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
Arc
CreateFontIndirectA
ExtSelectClipRgn
GetObjectA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetPixel
DeleteObject
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx

msimg32

GradientFill

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSaveKeyA
RegCreateKeyExA
RegEnumKeyA
RegDeleteValueA
RegQueryValueA
RegRestoreKeyA
RegCreateKeyA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetFolderPathA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
DragFinish
SHGetMalloc

comctl32

_TrackMouseEvent
ord17

shlwapi

SHCreateStreamOnFileW
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindFileNameA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoFreeUnusedLibraries

oleaut32

VariantInit
VariantClear
OleCreateFontIndirect
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayCopy
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysFreeString
VarDateFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SysAllocString
SysStringLen
SysAllocStringLen
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy

wsock32

WSASetLastError
sendto
recvfrom
WSAAsyncSelect
getsockname
inet_ntoa
setsockopt
recv
send
select
accept
bind
htonl
closesocket
connect
socket
htons
shutdown
WSACleanup
WSAStartup
WSAAsyncGetHostByName
inet_addr
WSAGetLastError
gethostbyname
ioctlsocket

msi

ord67

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetQueryOptionA
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetCrackUrlA
InternetSetStatusCallback
InternetCanonicalizeUrlA

Sections

.text
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1224789703cc9eeb9c134723d01c3a9f

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

69:69:88:f3:4a:2a:a2:31:c3:fd:99:21:7d:0b:2f:a2Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

spednetmodule

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

msi

wininet

Sections

.text Size: 554KB - Virtual size: 553KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 26KB - Virtual size: 43KB

.rsrc Size: 409KB - Virtual size: 408KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

69:69:88:f3:4a:2a:a2:31:c3:fd:99:21:7d:0b:2f:a2
Certificate

.text
Size: 554KB - Virtual size: 553KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 26KB - Virtual size: 43KB

.rsrc
Size: 409KB - Virtual size: 408KB