2024-09-13_31a4a9a416add721636311851ee4a706_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-13_31a4a9a416add721636311851ee4a706_icedid
Size

739KB
MD5

31a4a9a416add721636311851ee4a706
SHA1

06d71ff9156fe489dd957fbeef7132b5fff0b7ad
SHA256

12f11c0db5f084d0119515246caef7496a76fb23bc28df3c84e28601a22fd47c
SHA512

1250b32d5aef408296dd44eab55bd2c4700e8fd728a522ae3857457e298a034d3517331156dbc18f1c25c3f190a8bf6ab7449fa923fa54df0c279e224779fd97
SSDEEP

12288:QOwlDZnQZN3QUxCSJ1gqCeRtQyalk/dekpVwRePMvl66Q1ePt/E54lxXXR:Fw/6QUggKpWAlkrieOY60EXR

Score

1^/10

Malware Config

Signatures

Files

2024-09-13_31a4a9a416add721636311851ee4a706_icedid
.exe windows:5 windows x86 arch:x86

d54d6dd342db2fb3ea0c2475ed099374

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:4b:f1:b2:53:c9:f8:5b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/04/2020, 12:01

Not After

08/06/2022, 16:41

Subject

CN=Eclipse Security\, Inc.,O=Eclipse Security\, Inc.,L=Hollywood,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:4b:f1:b2:53:c9:f8:5b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/04/2020, 12:01

Not After

08/06/2022, 16:41

Subject

CN=Eclipse Security\, Inc.,O=Eclipse Security\, Inc.,L=Hollywood,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:ae:ad:bf:42:bd:b4:6d:08:a1:c5:e4:86:0f:fc:53:df:a4:ca:09:7a:44:c4:12:91:ed:9f:c6:23:8c:fa:e9
Signer

Actual PE Digest

0e:ae:ad:bf:42:bd:b4:6d:08:a1:c5:e4:86:0f:fc:53:df:a4:ca:09:7a:44:c4:12:91:ed:9f:c6:23:8c:fa:e9

Digest Algorithm

sha256

PE Digest Matches

true

12:c4:40:81:06:61:ed:d5:e1:3b:8e:6d:1d:d3:fc:33:38:cc:0b:77
Signer

Actual PE Digest

12:c4:40:81:06:61:ed:d5:e1:3b:8e:6d:1d:d3:fc:33:38:cc:0b:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\template_build\UWare_DailyBuild_Win_DDS_D031\NetSdkWebPlugin\build\Win32\Release\WebPlugin.pdb

Imports

ndplayer

ord31
ord27
ord50
ord55
ord42
ord14
ord20
ord2
ord6
ord62
ord67
ord49
ord58
ord70
ord41
ord87
ord28
ord97
ord16
ord95
ord18
ord52
ord74
ord53
ord8
ord101
ord120
ord4
ord84
ord12
ord117
ord116
ord13
ord96
ord115
ord57
ord132
ord103
ord30
ord56
ord73
ord94
ord66
ord54
ord15
ord102
ord21
ord123
ord124
ord29
ord69
ord93
ord127
ord98
ord60
ord68
ord76
ord11
ord78
ord5
ord59
ord86
ord134
ord17
ord19
ord24
ord72
ord23
ord7
ord99
ord126
ord91
ord92
ord26
ord106
ord89
ord51
ord107
ord1
ord61
ord63
ord75
ord90
ord125
ord71

ndrm_module

IMCP_RM_Cleanup
IMCP_RM_GetAudioInfo
IMCP_RM_PlayStream
IMCP_RM_PauseStream
_IMCP_RM_StartStreamV2@60
IMCP_RM_GetPayloadType
IMCP_RM_StopStream
IMCP_RM_Init

winmm

waveInGetNumDevs
timeSetEvent
timeKillEvent

kernel32

WaitForSingleObject
Sleep
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcessId
CreateThread
GetFileSize
CompareFileTime
GlobalLock
GetTickCount
GlobalAlloc
MulDiv
ReadFile
CreateFileW
GlobalUnlock
GlobalFree
FindClose
FindNextFileW
DeleteFileW
FormatMessageW
GetACP
GetProcAddress
LoadLibraryA
GetCurrentThreadId
CreateMutexW
lstrlenW
FindFirstFileW
GetModuleFileNameW
GetProfileIntW
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventW
GetVersionExA
GetModuleHandleW
lstrcmpW
FreeLibrary
CompareStringW
LoadLibraryW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedDecrement
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
LocalFree
lstrlenA
GetThreadLocale
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
CreateDirectoryW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
DeleteFileA
MoveFileA
HeapReAlloc
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetProcessHeap
DeleteCriticalSection
QueryPerformanceFrequency
GetModuleHandleA
GetModuleFileNameA
LockResource
GetLocalTime
EnterCriticalSection
GetLastError
CreateDirectoryA
RaiseException
MultiByteToWideChar
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
InitializeCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadResource
FindResourceW
SetLastError
InterlockedCompareExchange

user32

InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
InflateRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
CopyAcceleratorTableW
IsWindowEnabled
MessageBoxW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UpdateWindow
GetClassNameA
GetParent
EnumWindows
GetWindowTextA
EnumChildWindows
CopyRect
ClientToScreen
SetCursor
SetTimer
FillRect
SetCapture
PostMessageW
KillTimer
LoadCursorW
SetRectEmpty
GetDC
GetWindowLongW
ReleaseDC
SetWindowLongW
FrameRect
LoadBitmapW
ClipCursor
ReleaseCapture
IsWindowVisible
SetWindowRgn
GetWindowRect
SetParent
GetClientRect
PtInRect
wsprintfW
SetRect
InvalidateRect
MonitorFromWindow
GetCursorPos
DestroyMenu
GetSysColorBrush
SwitchToThisWindow
SendMessageW
EnableWindow
GetMonitorInfoW
RegisterClipboardFormatW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IsRectEmpty
CharNextW
CharUpperW
UnregisterClassW
ShowWindow
MoveWindow
GetLastActivePopup
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetSubMenu
GetMessageTime
GetDlgCtrlID

gdi32

SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutW
Escape
SetViewportOrgEx
PtInRegion
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RestoreDC
ExtSelectClipRgn
GetMapMode
SaveDC
CreateBitmap
CreatePolygonRgn
BitBlt
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleBitmap
GetObjectW
CreatePen
TextOutW
GetStockObject
CreateCompatibleDC
CreateRectRgnIndirect
CombineRgn
GetBkColor
GetTextColor
GetRgnBox
CreateFontIndirectW
CreatePenIndirect
CreateBrushIndirect
CreateRectRgn
Rectangle
CreateRoundRectRgn
OffsetViewportOrgEx
CreateSolidBrush
DPtoLP

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
DragAcceptFiles
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

RegisterDragDrop
OleIsCurrentClipboard
CoLockObjectExternal
RevokeDragDrop
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CreateStreamOnHGlobal

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
OleLoadPicture
OleCreateFontIndirect
SysAllocString
SysStringLen

wsock32

inet_ntoa
ioctlsocket
sendto
bind
socket
__WSAFDIsSet
inet_addr
connect
ntohl
gethostbyname
select
WSAGetLastError
htons
ntohs
setsockopt
recv
closesocket
send
getsockopt
getsockname
WSACleanup
accept
WSAStartup
listen
WSASetLastError
htonl

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d54d6dd342db2fb3ea0c2475ed099374

Code Sign

07Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

89:4b:f1:b2:53:c9:f8:5bCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

89:4b:f1:b2:53:c9:f8:5bCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0e:ae:ad:bf:42:bd:b4:6d:08:a1:c5:e4:86:0f:fc:53:df:a4:ca:09:7a:44:c4:12:91:ed:9f:c6:23:8c:fa:e9Signer

12:c4:40:81:06:61:ed:d5:e1:3b:8e:6d:1d:d3:fc:33:38:cc:0b:77Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ndplayer

ndrm_module

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 470KB - Virtual size: 469KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 17KB - Virtual size: 37KB

.rsrc Size: 72KB - Virtual size: 72KB

07
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

89:4b:f1:b2:53:c9:f8:5b
Certificate

07
Certificate

89:4b:f1:b2:53:c9:f8:5b
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0e:ae:ad:bf:42:bd:b4:6d:08:a1:c5:e4:86:0f:fc:53:df:a4:ca:09:7a:44:c4:12:91:ed:9f:c6:23:8c:fa:e9
Signer

12:c4:40:81:06:61:ed:d5:e1:3b:8e:6d:1d:d3:fc:33:38:cc:0b:77
Signer

.text
Size: 470KB - Virtual size: 469KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 17KB - Virtual size: 37KB

.rsrc
Size: 72KB - Virtual size: 72KB