2024-09-28_372317169dd18fca14d11ec4e43a56dd_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-28_372317169dd18fca14d11ec4e43a56dd_icedid
Size

553KB
MD5

372317169dd18fca14d11ec4e43a56dd
SHA1

52d9fccc03fc43b3535bbf8f9b0f5a948d2af8a3
SHA256

2e63bea49383c955226ece008ce214c992ac287ac238f849ec2d3c08ed3dbe92
SHA512

3f684532b089cabebc3806bfdda9b1dabc7abaec7f03551b72852011c272eff3d128f52a6490b266e099b48ca0c6b0964d469bcf776f71164a515d7be5982560
SSDEEP

12288:sSVZO8c1Zig3MeJpjcz9zN2vysEO5uzRGxGmDCtoogfo:sH3LJpj+2vD4zRGEmDCP

Score

1^/10

Malware Config

Signatures

Files

2024-09-28_372317169dd18fca14d11ec4e43a56dd_icedid
.exe windows:4 windows x86 arch:x86

25e5b9c8c3e657b419ef413428e33b9a

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2011, 00:00

Not After

18/05/2013, 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

11:88:94:bd:bd:03:f4:ad:f1:36:a0:8b:72:fe:25:a7:ac:2a:a9:e4
Signer

Actual PE Digest

11:88:94:bd:bd:03:f4:ad:f1:36:a0:8b:72:fe:25:a7:ac:2a:a9:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\zfz\4399Pro\4399_svn\Build\4399Panel.pdb

Imports

kernel32

SetEndOfFile
CloseHandle
GetLastError
CreateMutexA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetTickCount
MultiByteToWideChar
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
CreateThread
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrlenW
lstrlenA
CompareStringA
CompareStringW
GetStringTypeExA
EnterCriticalSection
LeaveCriticalSection
SetEvent
WriteFile
CreateFileA
WaitForSingleObject
Sleep
GetFileSize
InterlockedDecrement
InterlockedIncrement
TerminateThread
DeleteFileA
UnmapViewOfFile
WaitForMultipleObjects
ResetEvent
CreateEventA
WritePrivateProfileStringA
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
LoadLibraryA
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetProcAddress
GetModuleHandleA
lstrcmpA
GlobalDeleteAtom
FreeLibrary
GlobalAlloc
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomA
lstrcpynA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GetPrivateProfileIntA
SetFileTime
GetFileTime
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
LocalFree
FormatMessageA
GlobalSize
MulDiv
CopyFileA
SetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
LocalFileTimeToFileTime
SystemTimeToFileTime
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
MoveFileA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
lstrcmpiA
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetShortPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
lstrcpynW
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OutputDebugStringA
GetCurrentDirectoryA
GetPrivateProfileStringA

user32

BeginDeferWindowPos
GetWindowTextA
GetWindowTextLengthA
IsChild
SetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
wsprintfA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
InvalidateRect
TranslateAcceleratorA
SetMenu
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
GetDC
ReleaseDC
RemoveMenu
InsertMenuA
GetMenuStringA
InflateRect
GetMenuItemInfoA
ClientToScreen
SetCapture
SetCursorPos
DestroyCursor
LoadCursorA
IsRectEmpty
DeleteMenu
GetSystemMenu
SetParent
IsZoomed
FillRect
DrawIcon
SetWindowRgn
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
MessageBeep
SetRect
IsClipboardFormatAvailable
CountClipboardFormats
GetSysColorBrush
DestroyIcon
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
EndDeferWindowPos
WindowFromPoint
GetDCEx
LockWindowUpdate
SendNotifyMessageA
ScrollWindow
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetKeyState
ValidateRect
GetLastActivePopup
ShowOwnedPopups
SetCursor
PostQuitMessage
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SendMessageA
BringWindowToTop
UpdateWindow
FindWindowA
SetForegroundWindow
EnableWindow
SetWindowLongA
DeferWindowPos
GetWindowLongA
CreatePopupMenu
AppendMenuA
GetClientRect
SetTimer
KillTimer
ScreenToClient
GetCursorPos
IsWindow
SendMessageTimeoutA
PostMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PostThreadMessageA
MapWindowPoints
GetForegroundWindow
GetClassInfoA
GetClassNameA
GetLastInputInfo
CharUpperA
UnregisterClassA
RedrawWindow
IsWindowVisible
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos

gdi32

Ellipse
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
LPtoDP
CreateBitmap
PtVisible
BitBlt
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
DPtoLP
CreateEllipticRgn
GetTextMetricsA
CreateFontA
GetCharWidthA
DeleteObject
StretchDIBits
DeleteDC
SelectObject
GetTextExtentPoint32A
GetPixel
ExtTextOutA
CreateFontIndirectA
CreateSolidBrush
GetStockObject
CreateDCA
CopyMetaFileA
GetDeviceCaps
PatBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
RectVisible
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode

advapi32

RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegSetValueA
RegDeleteKeyA

shell32

DragFinish
DragQueryFileA
DragAcceptFiles
ExtractIconA
SHGetFileInfoA
SHGetFolderPathA

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateFileMoniker
OleSave
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
OleLockRunning
CoGetClassObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
GetHGlobalFromILockBytes
OleSetMenuDescriptor
OleGetClipboard
CoDisconnectObject
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleSetContainedObject

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen

brun

ord1
ord14
ord13
ord27
_BOX_GetPeerInfo@16
_BOX_GetPeerCount@16
_BOX_GapDump@4
ord12
_BOX_SetHttpNumPerTask@8
ord11
_BOX_GetGapList@12
ord2
ord24
ord9
ord19
ord18

comctl32

ord17
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Draw

shlwapi

PathFileExistsA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord11
ord4
ord3
ord8

wininet

InternetSetStatusCallback
HttpQueryInfoA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

ChooseFontA
ReplaceTextA
FindTextA
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25e5b9c8c3e657b419ef413428e33b9a

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2Certificate

Extended Key Usages

Key Usages

11:88:94:bd:bd:03:f4:ad:f1:36:a0:8b:72:fe:25:a7:ac:2a:a9:e4Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

brun

comctl32

shlwapi

oledlg

wininet

oleacc

winspool.drv

comdlg32

Sections

.text Size: 396KB - Virtual size: 394KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 44KB - Virtual size: 42KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

11:88:94:bd:bd:03:f4:ad:f1:36:a0:8b:72:fe:25:a7:ac:2a:a9:e4
Signer

.text
Size: 396KB - Virtual size: 394KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 44KB - Virtual size: 42KB