2024-10-03_9253b097e22885845e79f5dd888369cd_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-03_9253b097e22885845e79f5dd888369cd_icedid
Size

1.6MB
MD5

9253b097e22885845e79f5dd888369cd
SHA1

48fa04b4f4b5b05af1bbd68c5411f1f2a949ae6b
SHA256

e770c0bab4f72560703f7e4484e80c5144d973d82c6b2e45e022d6fceccbf125
SHA512

6fa668e5acd48f08e54fe5ef641d700037259d475af5ece0b9dc294dbceaf826bc35c4d1b1ee904230f8b8244f03bf5b91703c74ad1c54e3239576a382c3290f
SSDEEP

49152:DXGt2jjv2ZcrRjOZmbCdJT+7HwHcf7FJRnM5/RpuVz:D2t2f+WrRjOZYIT+7HwqpJhM5/Rpud

Score

1^/10

Malware Config

Signatures

Files

2024-10-03_9253b097e22885845e79f5dd888369cd_icedid
.exe windows:6 windows x86 arch:x86

9141dbce20a6031d36b69b30a862a990

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:c9:fa:8a:f7:94:dd
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

25/11/2013, 19:28

Not After

25/11/2016, 19:28

Subject

CN=Nuance Communications\, Inc.,O=Nuance Communications\, Inc.,L=Burlington,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:72:eb:96:f6:d0:15:6f:a0:48:63:3e:8d:46:3e:99:6d:ea:de:3e
Signer

Actual PE Digest

9c:72:eb:96:f6:d0:15:6f:a0:48:63:3e:8d:46:3e:99:6d:ea:de:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\main\bin\scr\uiasvrt.pdb

Imports

kernel32

LoadLibraryW
GlobalAddAtomW
GlobalFindAtomW
SetEvent
CreateEventW
SetThreadPriority
SuspendThread
ResumeThread
InterlockedExchange
GetModuleHandleA
CompareStringA
GetPrivateProfileIntW
WritePrivateProfileStringW
InterlockedDecrement
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
InterlockedIncrement
GlobalGetAtomNameW
FileTimeToSystemTime
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCurrentDirectoryW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
lstrcmpiW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetWindowsDirectoryW
SetErrorMode
SearchPathW
GetTickCount
GetProfileIntW
GetTempFileNameW
VirtualProtect
FindResourceExW
RaiseException
LoadLibraryA
GetCommandLineW
HeapFree
HeapAlloc
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
CreateThread
ExitThread
ExitProcess
GetModuleHandleExW
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualQuery
GetStdHandle
GetProcessHeap
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStringTypeW
GetTimeZoneInformation
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
FreeLibrary
GetSystemDirectoryW
GetVersion
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
OutputDebugStringA
lstrcmpA
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
lstrcmpW
GlobalDeleteAtom
LCMapStringW
LoadLibraryExW
InitializeCriticalSectionEx
GetTempPathW
CreateDirectoryW
GetPrivateProfileStringW
FormatMessageW
LocalFree
LocalAlloc
FreeResource
CreateMutexW
WriteFile
SetFileAttributesW
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesW
FindNextFileW
FindFirstFileW
CreateFileW
FindClose
DeleteFileW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetExitCodeProcess
GetCurrentProcessId
WaitForSingleObject
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetVersionExW
GetCurrentProcess
Sleep
GetLastError
CloseHandle
GetCurrentThread

user32

SetTimer
KillTimer
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
TrackMouseEvent
IsZoomed
GetAsyncKeyState
GetSystemMenu
SetWindowRgn
MessageBeep
SetRectEmpty
OffsetRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
UnregisterClassW
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
LoadImageW
UnpackDDElParam
ReuseDDElParam
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawIconEx
SetRect
RegisterClipboardFormatW
DrawEdge
DrawFrameControl
DrawFocusRect
SetClassLongW
SetParent
CharUpperBuffW
LockWindowUpdate
ModifyMenuW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetCursorPos
CopyIcon
FrameRect
PostThreadMessageW
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
IsClipboardFormatAvailable
GetDoubleClickTime
DestroyCursor
MapDialogRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
GetComboBoxInfo
DeleteMenu
GetUpdateRect
CreateMenu
SubtractRect
GetWindowRgn
CopyImage
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
RealChildWindowFromPoint
IntersectRect
InflateRect
LoadCursorW
GetSysColorBrush
InvalidateRect
DrawStateW
SendDlgItemMessageA
MapVirtualKeyW
GetKeyNameTextW
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageW
LoadMenuW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
wvsprintfW
wsprintfW
GetClientRect
DrawIcon
GetSystemMetrics
IsIconic
SendMessageW
EnableWindow
GetWindowPlacement

ole32

DoDragDrop
CoInitializeEx
CoCreateGuid
ReleaseStgMedium
CreateStreamOnHGlobal
CoTaskMemAlloc
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoUninitialize
CoTaskMemFree
OleDuplicateData
GetRunningObjectTable
CreateFileMoniker
StringFromGUID2
CoCreateInstance
CoInitialize

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegSetKeySecurity
SetSecurityDescriptorDacl
SetFileSecurityW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
EqualSid
OpenProcessToken

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetDesktopFolder

oleaut32

VariantChangeType
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
VariantTimeToSystemTime

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
StrFormatKBSizeW
PathStripToRootW

dbghelp

MiniDumpWriteDump

wintrust

WinVerifyTrust

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

uxtheme

OpenThemeData
GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
IsAppThemed
DrawThemeText
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeColor

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI

msimg32

TransparentBlt
AlphaBlend

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

gdi32

GetWindowOrgEx
LPtoDP
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
SetPixelV
GetSystemPaletteEntries
GetPaletteEntries
CreateFontIndirectW
CombineRgn
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
GetTextFaceW
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
DPtoLP
GetNearestPaletteIndex
CreatePalette
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetBkColor
Ellipse
CreateEllipticRgn
OffsetRgn
GetRgnBox
GetTextColor
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateDIBSection
CreateCompatibleBitmap
CreateRoundRectRgn
GetTextMetricsW
GetTextExtentPoint32W
SetRectRgn

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9141dbce20a6031d36b69b30a862a990

Code Sign

03:01Certificate

Key Usages

27:c9:fa:8a:f7:94:ddCertificate

Extended Key Usages

Key Usages

9c:72:eb:96:f6:d0:15:6f:a0:48:63:3e:8d:46:3e:99:6d:ea:de:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

advapi32

shell32

oleaut32

shlwapi

dbghelp

wintrust

oleacc

uxtheme

gdiplus

msimg32

imm32

gdi32

winspool.drv

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 319KB - Virtual size: 319KB

.data Size: 24KB - Virtual size: 61KB

.rsrc Size: 6KB - Virtual size: 6KB

03:01
Certificate

27:c9:fa:8a:f7:94:dd
Certificate

9c:72:eb:96:f6:d0:15:6f:a0:48:63:3e:8d:46:3e:99:6d:ea:de:3e
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 319KB - Virtual size: 319KB

.data
Size: 24KB - Virtual size: 61KB

.rsrc
Size: 6KB - Virtual size: 6KB