2024-09-28_053223d11cefd8a1892a4b5cf1934180_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-28_053223d11cefd8a1892a4b5cf1934180_icedid
Size

9.1MB
MD5

053223d11cefd8a1892a4b5cf1934180
SHA1

7ade572b7cf24fb834744d8ecdcc698c0d0e220e
SHA256

9e2721b79d1166aaa4c27395e37a7cd0e9b8df231772aa9f2decf88cf63866b5
SHA512

bbb8ac59dccccd236df05e69a8ff50bb58135765aa58e55181a1362b03f47ac10f3f471fd372bd6d0d232390d3de8bd9a3645a490d83d4d41d10cb3cdf1d2b58
SSDEEP

196608:PvYtaSiE/5hNpHwAVtNCkdp4zRiUMDBH+UggJ6M8YY4:iiE/5hbVt8kdpMRiUMDBHL78YY4

Score

1^/10

Malware Config

Signatures

Files

2024-09-28_053223d11cefd8a1892a4b5cf1934180_icedid
.exe windows:5 windows x86 arch:x86

723ace535a7cfa4650043cd33bd28f49

Code Sign

1c:cf:9d:67:cd:e2:19:ff:12:d9:9a:ff:36:82:e5:a7
Certificate

Issuer

CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

07/03/2019, 19:35

Not After

03/03/2034, 19:35

Subject

CN=SSL.com Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:60:63:d7:c1:31:a0:0c:05:61:e0:65:4b:ec:d3:d2
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

13/03/2024, 06:26

Not After

13/03/2027, 06:26

Subject

CN=Esumsoft,O=Esumsoft,L=Loveland,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:6a:5d:58:7d:03:49:3c:6c:d8:b3:cf:a4:9c:a9:87:eb:e0:87:bd:f0:65:0d:45:d6:18:b8:df:69:b6:4b:7d
Signer

Actual PE Digest

8d:6a:5d:58:7d:03:49:3c:6c:d8:b3:cf:a4:9c:a9:87:eb:e0:87:bd:f0:65:0d:45:d6:18:b8:df:69:b6:4b:7d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioRead
PlaySoundA
mmioAscend
mmioClose
mmioOpenA
mciSendStringA
mmioDescend

psapi

EnumProcesses
GetModuleFileNameExA

kernel32

FindResourceExA
LoadLibraryW
GetSystemDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
VirtualQuery
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
GlobalHandle
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
InitializeCriticalSectionAndSpinCount
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GlobalReAlloc
TlsGetValue
GetModuleHandleW
GetFileSizeEx
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
VirtualProtect
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
InterlockedExchange
lstrcmpA
GetUserDefaultLCID
GetModuleFileNameW
SuspendThread
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetStringTypeExA
FileTimeToLocalFileTime
FindNextFileA
FreeResource
WritePrivateProfileStringA
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
lstrlenA
SetThreadPriority
GetThreadPriority
GetDiskFreeSpaceExA
GetVolumeInformationA
DeviceIoControl
GetVolumePathNameA
TerminateProcess
GetProcessId
OpenProcess
FileTimeToSystemTime
GetTimeZoneInformation
LocalAlloc
ResetEvent
GetFileTime
CreateFileA
GetCurrentProcess
GetNumberFormatA
GetCurrentDirectoryA
CreateProcessA
GetExitCodeProcess
GetFileAttributesA
GetCurrentThread
GlobalUnlock
GlobalLock
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
GetTimeFormatA
GetDateFormatA
GetVersion
GetSystemInfo
CreateEventA
SetEvent
GetTempPathA
GetTempFileNameA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Beep
ExitProcess
GetSystemTimeAsFileTime
GetWindowsDirectoryA
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
MoveFileA
OutputDebugStringA
GlobalAlloc
FindClose
FindFirstFileA
CreateDirectoryA
GetLocaleInfoA
GetCurrentThreadId
ResumeThread
MulDiv
GetCurrentProcessId
GetVersionExA
FreeLibrary
WaitForMultipleObjects
TerminateThread
ExpandEnvironmentStringsA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
SetLastError
lstrcpynA
GetModuleHandleA
RemoveDirectoryA
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
GetLastError
GetTickCount
CopyFileA
GetModuleFileNameA
DeleteFileA
GlobalFree
Sleep
LocalFree
FormatMessageA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TlsSetValue
TlsAlloc
InterlockedCompareExchange
GetACP

user32

DrawTextExA
TabbedTextOutA
MapDialogRect
MoveWindow
GetMenuCheckMarkDimensions
GetMessageA
TranslateMessage
ValidateRect
CharUpperA
CreateDialogIndirectParamA
EndDialog
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
SetScrollPos
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
SetWindowPlacement
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
IntersectRect
GetWindowPlacement
GetMenuStringA
DrawStateA
ShowWindow
GetSysColorBrush
CopyImage
DrawFocusRect
GetMenuBarInfo
SendInput
GetWindowDC
SetWindowTextA
CloseClipboard
SetClipboardData
OpenClipboard
SetMenuItemBitmaps
TrackPopupMenu
PostThreadMessageA
UnregisterHotKey
RegisterHotKey
IsZoomed
GetDoubleClickTime
DrawIcon
PostQuitMessage
GetActiveWindow
FindWindowA
GetClassInfoA
EnumDisplaySettingsA
CopyIcon
GetMessagePos
EnumChildWindows
GetMenuItemInfoA
GetKeyNameTextA
MapVirtualKeyA
GetIconInfo
CreateIconIndirect
DrawTextA
RegisterWindowMessageA
CreateMenu
UnionRect
WindowFromPoint
CreateWindowExA
LoadIconA
DrawMenuBar
EqualRect
AllowSetForegroundWindow
SetActiveWindow
GetWindowThreadProcessId
IsWindowEnabled
BringWindowToTop
GetMenu
SetFocus
FindWindowExA
IsChild
IsDialogMessageA
DrawEdge
InflateRect
PeekMessageA
SetForegroundWindow
MonitorFromPoint
GetDesktopWindow
OffsetRect
GetWindow
SetWindowPos
GetDlgCtrlID
HideCaret
SetCursor
LoadCursorA
IsIconic
IsWindowVisible
GetDlgItem
SetMenuDefaultItem
EnableMenuItem
LoadMenuA
GetSubMenu
ModifyMenuA
BeginPaint
EndPaint
DestroyMenu
SetRect
CharNextA
SetWindowContextHelpId
RegisterClipboardFormatA
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
RemoveMenu
InsertMenuA
ScreenToClient
LoadBitmapA
MessageBeep
keybd_event
UnregisterClassA
FillRect
LoadImageA
GetKeyState
GetForegroundWindow
GetNextDlgTabItem
GetFocus
ReleaseDC
GetDC
UpdateWindow
ChildWindowFromPointEx
ChildWindowFromPoint
ReleaseCapture
SetCapture
GetCursorPos
CheckMenuItem
DeleteMenu
AppendMenuA
GetMenuItemID
ClientToScreen
PtInRect
IsRectEmpty
DrawFrameControl
CreatePopupMenu
SetRectEmpty
GetMenuItemCount
CopyRect
GetMonitorInfoA
MonitorFromRect
GetSystemMetrics
SystemParametersInfoA
GetClientRect
GetWindowRect
RedrawWindow
TranslateAcceleratorA
GetParent
DestroyAcceleratorTable
CreateAcceleratorTableA
EnableWindow
InvalidateRect
DestroyIcon
GetAsyncKeyState
IsWindow
PostMessageA
KillTimer
SetTimer
MessageBoxA
GetSysColor
SendMessageA
GetMenuState
LoadStringA
EmptyClipboard
GrayStringA

gdi32

ExtSelectClipRgn
GetMapMode
DPtoLP
GetCharWidthA
StretchDIBits
GetBkColor
GetRgnBox
RestoreDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
IntersectClipRect
SetBkMode
SelectObject
CreateFontIndirectA
ExcludeClipRect
GetObjectA
DeleteObject
SaveDC
CreateRectRgnIndirect
SetBkColor
GetClipBox
GetPixel
GetTextColor
SetBitmapBits
GetBitmapBits
GetDIBits
SetTextColor
RoundRect
CreateBitmap
GetTextCharset
GetTextMetricsA
EnumFontFamiliesExA
CreateFontA
EndDoc
EndPage
StartPage
StartDocA
SetMapMode
DeleteDC
GetDeviceCaps
GetTextExtentPoint32A
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
Polygon
Rectangle
CreatePen
CreateSolidBrush
GetStockObject
SetPixel
SetStretchBltMode

msimg32

TransparentBlt

comdlg32

GetFileTitleA
FindTextA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptAcquireContextA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegCloseKey
RegQueryValueA
RegOpenKeyA
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
CryptDestroyHash
RegEnumValueA
AccessCheck
MapGenericMask
OpenThreadToken
ImpersonateSelf
GetFileSecurityA
RegOpenKeyExA

shell32

SHBrowseForFolderA
SHFileOperationA
ExtractIconExA
DragQueryFileA
SHChangeNotify
DragQueryPoint
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent
ord17
ord8

shlwapi

PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathStripToRootA
UrlUnescapeA

oledlg

ord8

ole32

CoUninitialize
StgCreateDocfile
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize

oleaut32

SystemTimeToVariantTime
LoadTypeLi
SafeArrayDestroy
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
VariantInit
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantCopy
SysAllocString
VariantTimeToSystemTime

wsock32

WSACleanup
WSAStartup
WSASetLastError
gethostbyname
WSAGetLastError
htons
socket
connect
closesocket
send
recv
setsockopt
shutdown
select

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipAlloc
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipFree

httpapi

HttpSendHttpResponse
HttpCreateHttpHandle
HttpAddUrl
HttpReceiveHttpRequest
HttpTerminate
HttpRemoveUrl
HttpInitialize

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringA
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenSystemStoreA
CertEnumCertificatesInStore

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersInfo

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetReadFile
HttpSendRequestA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetQueryOptionA
InternetDial
InternetCloseHandle
InternetSetOptionA
InternetGetConnectedState
InternetAutodialHangup
InternetAutodial

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

723ace535a7cfa4650043cd33bd28f49

Code Sign

1c:cf:9d:67:cd:e2:19:ff:12:d9:9a:ff:36:82:e5:a7Certificate

Extended Key Usages

Key Usages

0b:60:63:d7:c1:31:a0:0c:05:61:e0:65:4b:ec:d3:d2Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

8d:6a:5d:58:7d:03:49:3c:6c:d8:b3:cf:a4:9c:a9:87:eb:e0:87:bd:f0:65:0d:45:d6:18:b8:df:69:b6:4b:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

psapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

gdiplus

httpapi

crypt32

version

wintrust

iphlpapi

wininet

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 527KB - Virtual size: 526KB

.data Size: 26KB - Virtual size: 57KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

1c:cf:9d:67:cd:e2:19:ff:12:d9:9a:ff:36:82:e5:a7
Certificate

0b:60:63:d7:c1:31:a0:0c:05:61:e0:65:4b:ec:d3:d2
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

8d:6a:5d:58:7d:03:49:3c:6c:d8:b3:cf:a4:9c:a9:87:eb:e0:87:bd:f0:65:0d:45:d6:18:b8:df:69:b6:4b:7d
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 527KB - Virtual size: 526KB

.data
Size: 26KB - Virtual size: 57KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB