2024-09-06_69931f640ef885708a2d8a5a4a327fe4_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_69931f640ef885708a2d8a5a4a327fe4_icedid
Size

1.4MB
MD5

69931f640ef885708a2d8a5a4a327fe4
SHA1

c5fc35cdab398c50d8bb13c5b9975748aeeaa415
SHA256

9aeec85e662cb47abae064e5b49bbebbf2fce3980adb903e40d2689a7416bdc6
SHA512

27555602209d1c58aa9a0fc835c2b3819a7deb4fccd2a6c41515459fc06db53c88278efed79ece9795754dd5833a288e122a0f615b40b318d962f5dd83eacd13
SSDEEP

12288:rF+l74ad2L6+Q7sYjGiHnVkQoGvogskDMQo3OoXNO0V0xBYwbvzIAgmnf:rF+B2L6+Q4KHnOQLckDb66zCu

Score

1^/10

Malware Config

Signatures

Files

2024-09-06_69931f640ef885708a2d8a5a4a327fe4_icedid
.exe windows:5 windows x86 arch:x86

83372fcb85949f3b01e3e557096b37bd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:21:af:bd:39:11:e7:00:d0:cf:ef:d9:b3:f8:8b:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/03/2008, 00:00

Not After

18/03/2009, 23:59

Subject

CN=Utherverse Digital Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=Utherverse Digital Inc.,L=Vancouver,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:70:d9:2b:cf:72:bf:79:d9:67:c0:17:d1:f8:34:7a:49:1b:76:b2
Signer

Actual PE Digest

64:70:d9:2b:cf:72:bf:79:d9:67:c0:17:d1:f8:34:7a:49:1b:76:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\LOCAL\UtherversePatcher\UtherversePatcher\Release\UtherversePatcher.pdb

Imports

artpclnt

AutoRTPatch32

kernel32

GetFileSizeEx
GetFileTime
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
Sleep
ExitProcess
ExitThread
CreateThread
HeapSize
GetTimeZoneInformation
HeapCreate
VirtualFree
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentProcessId
WritePrivateProfileStringA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
lstrlenA
MultiByteToWideChar
CreateDirectoryA
GetFileAttributesA
MoveFileA
DeleteFileA
GetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
GetACP

user32

RegisterClipboardFormatA
PostThreadMessageA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
SystemParametersInfoA
DestroyMenu
CopyRect
GetWindowTextA
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
UnhookWindowsHookEx
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
CheckMenuItem
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
UnregisterClassA
CharUpperA
MessageBeep
GetDesktopWindow
GetActiveWindow
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
PtInRect
CopyAcceleratorTableA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableMenuItem
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadBitmapA
EnableWindow
AppendMenuA
GetSystemMenu
SendMessageA
LoadIconA
MessageBoxA
SetFocus

gdi32

ExtSelectClipRgn
DeleteDC
TextOutA
CreateBitmap
GetStockObject
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
PatBlt
CreateFontA
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegQueryValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
OleCreateFontIndirect
SysAllocString
SysStringLen

wininet

HttpSendRequestA
InternetOpenA
InternetCrackUrlA
HttpQueryInfoA
InternetReadFile
InternetConnectA
HttpOpenRequestA
InternetCloseHandle

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83372fcb85949f3b01e3e557096b37bd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

17:21:af:bd:39:11:e7:00:d0:cf:ef:d9:b3:f8:8b:bbCertificate

Extended Key Usages

Key Usages

64:70:d9:2b:cf:72:bf:79:d9:67:c0:17:d1:f8:34:7a:49:1b:76:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

artpclnt

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 327KB - Virtual size: 326KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 975KB - Virtual size: 975KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

17:21:af:bd:39:11:e7:00:d0:cf:ef:d9:b3:f8:8b:bb
Certificate

64:70:d9:2b:cf:72:bf:79:d9:67:c0:17:d1:f8:34:7a:49:1b:76:b2
Signer

.text
Size: 327KB - Virtual size: 326KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 975KB - Virtual size: 975KB