2024-09-12_01597d610a5688c1c751cbf6593c4d9a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-12_01597d610a5688c1c751cbf6593c4d9a_icedid
Size

526KB
MD5

01597d610a5688c1c751cbf6593c4d9a
SHA1

28e6a21b7a7341461550f63a0de45bc89e7bb977
SHA256

87f674e3b4ff07ca80ecdc64c6476967eb8a69e20c05eca0d484d6367a55502a
SHA512

1d567ba521b1005bac31f42b9bfe87ebc0ab76f785875b884480d1935d33f27c828e8927db46a962b1fab39d3d6af8cb730d45c57fc019348b9dd5568016f149
SSDEEP

6144:9NZosXLZhZOFgQ8PnNIkeMTE6oN9K1hwzJHLcGpULMGWs4/m7KLuYxKX7/Pff0lb:9/j9hZOFcNf9TuK1uzJoGuE/4m

Score

1^/10

Malware Config

Signatures

Files

2024-09-12_01597d610a5688c1c751cbf6593c4d9a_icedid
.exe windows:4 windows x86 arch:x86

06f5d834c1edd84523bf604aac58eed6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:4d:f5:38:cf:03:00:68:9d:ee:d6:03:d1:0f:7a:00
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/01/2013, 00:00

Not After

31/03/2016, 23:59

Subject

CN=MarkAny Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MarkAny Inc.,L=Jung-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:75:cf:0e:eb:ff:a1:1e:19:bf:9f:f2:3b:8b:9d:f7:52:c0:43:2f
Signer

Actual PE Digest

47:75:cf:0e:eb:ff:a1:1e:19:bf:9f:f2:3b:8b:9d:f7:52:c0:43:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIfTable

kernel32

GetFullPathNameW
GetFileAttributesW
GetFileTime
GetStartupInfoW
RtlUnwind
RaiseException
CreateThread
ExitThread
GetDriveTypeW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetLastError
FindResourceA
GlobalAddAtomA
GetProfileStringA
InterlockedExchange
lstrlenA
lstrlenW
MultiByteToWideChar
OutputDebugStringW
lstrcatW
GetPrivateProfileStringW
GetCommandLineW
ExitProcess
lstrcpyW
lstrcmpW
GlobalFree
GlobalUnlock
GlobalLock
lstrcpynW
LocalFree
GetSystemDefaultLangID
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
FormatMessageW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
CloseHandle
HeapFree
WriteFile
HeapAlloc
Sleep
ResumeThread
SuspendThread
CreateFileW
ReadFile
GetSystemDefaultLCID
GetUserDefaultLangID
VerLanguageNameW
GetFileAttributesExW
GetFileSize
GetVersion
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
GetTickCount
lstrcpyA
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
LoadResource
FindResourceW
LockResource
VirtualProtect
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
LoadLibraryA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
SetLastError
MulDiv
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
GlobalFlags
SizeofResource
FindResourceExW
GetProcessVersion
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
WritePrivateProfileStringW
GetCurrentDirectoryW
GetThreadLocale
SetErrorMode
DuplicateHandle
GetCurrentProcess
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW

user32

SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
AdjustWindowRectEx
IsWindowVisible
GetTopWindow
IsChild
WinHelpW
GetClassInfoW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextW
GetDlgCtrlID
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
RegisterWindowMessageW
OffsetRect
IntersectRect
SystemParametersInfoW
GetWindowPlacement
CopyRect
MapDialogRect
SetWindowPos
PostMessageW
GetCapture
GetAsyncKeyState
GetFocus
SetFocus
GetNextDlgTabItem
EndDialog
SetActiveWindow
GetNextDlgGroupItem
DestroyWindow
GetDlgItem
IsWindowEnabled
SetDlgItemTextW
GetActiveWindow
FindWindowW
ShowWindow
BringWindowToTop
SetForegroundWindow
DefDlgProcW
RegisterClassW
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
MessageBeep
SetMenuItemBitmaps
UpdateWindow
LoadBitmapW
IsWindow
GetParent
InflateRect
GetMessagePos
ScreenToClient
PtInRect
KillTimer
ShowCursor
SetCursor
InvalidateRect
SetTimer
LoadCursorW
GetSysColor
PostThreadMessageW
RegisterClipboardFormatW
CharUpperW
LoadImageW
GetDC
ReleaseDC
SetWindowTextW
FindWindowExW
GetWindowRect
wsprintfW
EnableWindow
IsIconic
GetSystemMetrics
DrawIcon
GetKeyState
MessageBoxW
LoadIconW
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SetRect
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
MessageBoxA
GetClientRect
SendMessageW
SetWindowLongW
GetWindowLongW
CopyAcceleratorTableW
CharNextW
wsprintfA
DestroyMenu
GetSysColorBrush
GetDesktopWindow
GetClassNameW
LoadStringW
WindowFromPoint
SetWindowContextHelpId
GetMessageW
TranslateMessage
ValidateRect
GetCursorPos
PostQuitMessage
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
CreateDialogIndirectParamW
ModifyMenuW

gdi32

GetTextExtentPointA
GetObjectW
ExtTextOutA
LPtoDP
GetBkColor
GetTextColor
EnumFontFamiliesExW
DPtoLP
GetMapMode
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
PatBlt
BitBlt
GetPixel
GetStockObject
CreateCompatibleDC
SelectObject
StretchBlt
DeleteObject
CreateDIBitmap
CreateFontIndirectW
SetBkMode

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegQueryValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHBrowseForFolderW
FindExecutableW
ExtractIconExW
ShellExecuteW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW

comctl32

PropertySheetW
CreatePropertySheetPageW
ImageList_Destroy
ord17
DestroyPropertySheetPage

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

PathFindFileNameW
PathRemoveBackslashA
PathRenameExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
StrStrIW
PathFindExtensionW

ws2_32

gethostname
inet_ntoa
gethostbyname

wininet

HttpEndRequestW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetReadFile
HttpSendRequestExW
InternetConnectW
InternetWriteFile

cipher2010r3

?SendAcapFileLog@CDRMPacket@@QAEHPAVCFlexibleHeader@@W4LogType@1@PAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4IllegalActType@1@@Z
??0CDRMPacket@@QAE@XZ
?SetServerOrigin@CFlexibleHeader@@QAE_NPAGH_N@Z
?DecryptFileInPlace@CCipherFile@@QAE_NPAVCFlexibleHeader@@PBGPBD@Z
?DecryptFromFileToFile@CCipherFile@@QAE_NPAVCFlexibleHeader@@PBG1PBD@Z
??1CDRMPacket@@QAE@XZ
?GetCreatorID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetUserID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetHeaderUserName@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetCompanyName@CCCF@@QAEPAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetCompanyID@CCCF@@QAEPAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
??1CCCF@@UAE@XZ
?GetField@CCCF@@QAEPAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAG@Z
?CheckCCFValidity@CCCF@@QAEHXZ
??0CCCF@@QAE@XZ
?GetCompanyName@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetCompanyID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetGroupName@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetOpenCount@CFlexibleHeader@@QAEHXZ
?GetPrintCount@CFlexibleHeader@@QAEHXZ
?GetCreateDate@CFlexibleHeader@@QAEJXZ
?GetValidPeriod@CFlexibleHeader@@QAEHXZ
?GetCanBlockCopy@CFlexibleHeader@@QAE_NXZ
?GetCanEdit@CFlexibleHeader@@QAE_NXZ
?GetCanSave@CFlexibleHeader@@QAE_NXZ
?GetImageSafer@CFlexibleHeader@@QAE_NXZ
?GetVisiblePrint@CFlexibleHeader@@QAE_NXZ
?ParseStream@CDRMStream@@QAE_NXZ
?IsAcapFile@CFlexibleHeader@@QAE_NPBGKKK@Z
??0CFlexibleHeader@@QAE@XZ
?GetMachineKey@CFlexibleHeader@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetOnlineControl@CFlexibleHeader@@QAE_NXZ
?GetDocExchangePolicy@CFlexibleHeader@@QAE?AW4DOC_EXCHANGE@CCCF@@XZ
?GetServerOrigin@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetPrintLog@CFlexibleHeader@@QAE_NXZ
?GetOpenLog@CFlexibleHeader@@QAE_NXZ
?GetSaveLog@CFlexibleHeader@@QAE_NXZ
?GetFileUsableAlways@CFlexibleHeader@@QAE_NXZ
?GetDocTitle@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetFileName@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetFileID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetFileType@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetMultiUserID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetCreatedBy@CFlexibleHeader@@QAE?AW4CreatedBy@1@XZ
?GetHeaderSize@CFlexibleHeader@@QAEHXZ
?GetUserID@CCCF@@QAEPAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
??1CFlexibleHeader@@QAE@XZ
??1CCipherFile@@QAE@XZ
?DecryptFromFileToHGlobal@CCipherFile@@QAE_NPAVCFlexibleHeader@@PBGPAXPBD@Z
?GetHeaderFromFile@CFlexibleHeader@@QAEHPBGKKK@Z
??0CCipherFile@@QAE@XZ
??1CDRMLogic@@QAE@XZ
??0CDRMLogic@@QAE@XZ
?SetFileName@CFlexibleHeader@@QAE_NPAGH_N@Z
?SetOpenLog@CFlexibleHeader@@QAE_N_N0@Z
?SetCreatedBy@CFlexibleHeader@@QAE_NW4CreatedBy@1@_N@Z
?CanSave@CDRMLogic@@QAE_NPAVCFlexibleHeader@@@Z
?CanEdit@CDRMLogic@@QAE_NPAVCFlexibleHeader@@@Z
?CanPrint@CDRMLogic@@QAE_NPAVCFlexibleHeader@@@Z
?GetDeptID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetEnterpriseID@CFlexibleHeader@@QAE_NAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?IsGoodToGo2@CDRMLogic@@QAE_NPAVCFlexibleHeader@@PBG_NKKK2@Z
?GetUserID@CDRMLogic@@QAEPBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetDeptID@CDRMLogic@@QAEPBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetCompanyID@CDRMLogic@@QAEPBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetEnterpriseID@CDRMLogic@@QAEPBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetLogInStatus@CDRMLogic@@QAE?BHXZ
?GetUserConfiguration@CDRMLogic@@QAEHW4CCF_APP_LIST@@_N@Z
?GetSecurityLevel@CFlexibleHeader@@QAEHXZ
?CloseCCF@CCCF@@QAEHXZ

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06f5d834c1edd84523bf604aac58eed6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:4d:f5:38:cf:03:00:68:9d:ee:d6:03:d1:0f:7a:00Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

47:75:cf:0e:eb:ff:a1:1e:19:bf:9f:f2:3b:8b:9d:f7:52:c0:43:2fSigner

Headers

File Characteristics

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

wininet

cipher2010r3

version

Sections

.text Size: 264KB - Virtual size: 261KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 40KB - Virtual size: 58KB

.rsrc Size: 136KB - Virtual size: 134KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:4d:f5:38:cf:03:00:68:9d:ee:d6:03:d1:0f:7a:00
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

47:75:cf:0e:eb:ff:a1:1e:19:bf:9f:f2:3b:8b:9d:f7:52:c0:43:2f
Signer

.text
Size: 264KB - Virtual size: 261KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 40KB - Virtual size: 58KB

.rsrc
Size: 136KB - Virtual size: 134KB