2024-09-27_888e2faa623e97424e553b69f25a73a8_hijackloader_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-27_888e2faa623e97424e553b69f25a73a8_hijackloader_icedid
Size

12.0MB
MD5

888e2faa623e97424e553b69f25a73a8
SHA1

bc4a6214ec77e83b773afbddc1ae1820429335a7
SHA256

117c30a161487a00590f7fdbb7b1cc016daf14fb595eb33c141dab102fe09543
SHA512

301a9359fdeec342f4e2e0b8e178191e3fbc75f21dd95d889b147901ca656a5d0ba525739820b5985dcb16158c35f4ba335acbdd436ca7afe10e19a9d32d465d
SSDEEP

196608:4bF/8lJBR4xo14SgggFggg1gggYgggghgggygggDXgggCgggcggggggPgggCggg/:4JUL0SgggFggg1gggYgggghgggygggDi

Score

1^/10

Malware Config

Signatures

Files

2024-09-27_888e2faa623e97424e553b69f25a73a8_hijackloader_icedid
.exe windows:6 windows x86 arch:x86

7b9d760568a0dac9c82f29a9a2079fa9

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB

Not Before

05/01/2024, 00:00

Not After

04/01/2027, 23:59

Subject

SERIALNUMBER=064194,CN=Xenarmor Global Security Solutions Private Limited,O=Xenarmor Global Security Solutions Private Limited,ST=Karnataka,C=IN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302494e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:71:f9:fc:77:29:43:48:70:3d:9c:95:47:9f:34:2c:86:da:37:25:01:e9:6c:6e:33:9c:2f:58:35:9b:c4:df
Signer

Actual PE Digest

c9:71:f9:fc:77:29:43:48:70:3d:9c:95:47:9f:34:2c:86:da:37:25:01:e9:6c:6e:33:9c:2f:58:35:9b:c4:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\windows\XenArmorEmailPasswordRecoveryPro\Release\EmailPasswordRecoveryPro.pdb

Imports

kernel32

TerminateProcess
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
GetStringTypeW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
SetUnhandledExceptionFilter
CompareStringW
GetStdHandle
SetStdHandle
HeapQueryInformation
GetCommandLineW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedPushEntrySList
RtlUnwind
QueryPerformanceFrequency
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTempFileNameA
GetProfileIntA
SearchPathA
GetWindowsDirectoryA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
SetErrorMode
FindResourceExW
VerifyVersionInfoA
lstrcpyA
GetACP
GetVolumeInformationA
GetThreadLocale
FileTimeToSystemTime
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
IsProcessorFeaturePresent
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetSystemDirectoryW
EncodePointer
SetLastError
MulDiv
GlobalFree
GlobalSize
DosDateTimeToFileTime
CreateDirectoryA
GetFileType
DuplicateHandle
GetCurrentDirectoryA
SetFileTime
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
LockFileEx
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
HeapValidate
GetCurrentThreadId
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
SetDllDirectoryA
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExA
MapViewOfFile
GetComputerNameExA
ExitProcess
GetFileSize
LocalFree
CreateFileMappingA
GetLocalTime
DeleteFileA
CreateFileA
CopyFileA
GetTickCount64
GetTempPathA
Sleep
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
FindClose
InitializeCriticalSectionAndSpinCount
FindNextFileA
FindFirstFileA
FindResourceW
SizeofResource
GetModuleFileNameA
FreeLibrary
lstrcpynA
MultiByteToWideChar
GlobalUnlock
CreateProcessA
VerifyVersionInfoW
lstrcmpiA
WideCharToMultiByte
VerSetConditionMask
GlobalLock
GetProcAddress
LoadResource
CloseHandle
GlobalAlloc
LockResource
GetVersionExA
LoadLibraryA
GetFileAttributesA
GetSystemWindowsDirectoryA
GetModuleHandleA
FindResourceA
GetDriveTypeA
GetCurrentProcess
GetLogicalDrives
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
HeapFree

user32

KillTimer
SetTimer
DeleteMenu
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
GetSysColorBrush
IntersectRect
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
CheckMenuItem
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
WaitMessage
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
TranslateAcceleratorA
GetMenu
GetKeyState
GetFocus
LoadMenuA
InsertMenuItemA
UnregisterClassA
SetClipboardData
GetSysColor
EmptyClipboard
CloseClipboard
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
InflateRect
PostMessageA
LoadCursorW
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IsRectEmpty
MessageBeep
TrackMouseEvent
LoadImageW
SetLayeredWindowAttributes
EnumDisplayMonitors
IsZoomed
SetWindowRgn
NotifyWinEvent
CreatePopupMenu
GetIconInfo
WindowFromPoint
OffsetRect
GetCapture
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
BringWindowToTop
GetWindowTextA
OpenClipboard
EnableWindow
SendMessageA
LoadImageA
GetCursorPos
ReleaseDC
InvalidateRect
UpdateWindow
EnableMenuItem
GetClientRect
AppendMenuA
LoadIconA
LoadIconW
LoadBitmapW
RegisterHotKey
GetActiveWindow
GetSubMenu
SetMenuItemBitmaps
IsWindowVisible
GetDC
GetWindowRect
LoadMenuW
UnregisterHotKey
GetSystemMenu
ReleaseCapture
PtInRect
GetParent
SetCursor
SetCapture
SetWindowLongA
RedrawWindow
LoadCursorA
DrawStateA
DrawEdge
GetNextDlgGroupItem
SetRectEmpty
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
DrawFocusRect
GetWindowLongA
ClientToScreen
LoadAcceleratorsA
DrawIconEx
HideCaret
InvertRect
SetClassLongA
SetParent
DrawFrameControl
SetCursorPos
CopyIcon
FrameRect
DrawIcon
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
LockWindowUpdate
CharUpperBuffA
ModifyMenuA
PostThreadMessageA
GetComboBoxInfo
IsCharLowerA
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
GetDoubleClickTime
SetMenu
MapVirtualKeyExA

gdi32

RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
RectVisible
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
LPtoDP
OffsetRgn
Rectangle
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceA
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
PatBlt
CreateRectRgnIndirect
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
BitBlt
SelectObject
SetDIBitsToDevice
SetStretchBltMode
CreateFontIndirectA
CreateCompatibleBitmap
CreateFontA
CreateCompatibleDC
StretchBlt
GetStockObject
GetObjectA
CreateDIBitmap
DeleteObject
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptGetHashParam
CryptImportKey
CryptSetKeyParam
RegOpenKeyExA
OpenProcessToken
CryptDestroyHash
CryptHashData
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
CredEnumerateA
CredFree
RegEnumValueA
RegEnumKeyExA
CryptDestroyKey
AdjustTokenPrivileges
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
CryptEncrypt
LookupPrivilegeValueA
GetUserNameA
CryptDecrypt
CryptCreateHash
CryptReleaseContext

shell32

SHGetFolderPathA
ord165
DragAcceptFiles
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragFinish
SHGetFileInfoA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw

shlwapi

PathFindExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA

uxtheme

GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent

ole32

CreateStreamOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
LoadTypeLi
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocStringLen
VariantInit

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree

userenv

ExpandEnvironmentStringsForUserA

crypt32

CryptUnprotectData

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b9d760568a0dac9c82f29a9a2079fa9

Code Sign

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c9:71:f9:fc:77:29:43:48:70:3d:9c:95:47:9f:34:2c:86:da:37:25:01:e9:6c:6e:33:9c:2f:58:35:9b:c4:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

userenv

crypt32

oleacc

imm32

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 461KB - Virtual size: 460KB

.data Size: 94KB - Virtual size: 130KB

.rsrc Size: 8.9MB - Virtual size: 8.9MB

a5:f9:38:91:2a:cf:4b:3f:d6:1c:16:ee:4a:9c:cb:59
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c9:71:f9:fc:77:29:43:48:70:3d:9c:95:47:9f:34:2c:86:da:37:25:01:e9:6c:6e:33:9c:2f:58:35:9b:c4:df
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 461KB - Virtual size: 460KB

.data
Size: 94KB - Virtual size: 130KB

.rsrc
Size: 8.9MB - Virtual size: 8.9MB