2024-10-05_1a3ae1d7975c464a10b049bed1a37088_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-05_1a3ae1d7975c464a10b049bed1a37088_icedid
Size

606KB
MD5

1a3ae1d7975c464a10b049bed1a37088
SHA1

b20a042d910ae398c59cc968e2903c2df2887025
SHA256

d8de2e2a29dd6aa37d717018aa65d83f5a8b5c104e48875c38e3c02f2ff5deef
SHA512

139ad97de869b5b7659b2df4db2f236aa7aec0b191904d2a1156de81629b0948f5e127ea6930225435f2d5103e0c3d06e13dc0d42c0fd967bc95014644eb3eb3
SSDEEP

12288:b2q5pazxU8VY2CYimZ9lGOtKgM4ckSanDw:au8NCYp9lGiKNeSanDw

Score

1^/10

Malware Config

Signatures

Files

2024-10-05_1a3ae1d7975c464a10b049bed1a37088_icedid
.exe windows:4 windows x86 arch:x86

c7cabccb31dd6dac7dfb0d5c945f2adb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:40:63:74:73:df:85:50:76:8d:bf:c7:19:29:0f:17
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

16/04/2015, 00:00

Not After

14/04/2016, 23:59

Subject

CN=深圳市汉维高新技术有限公司,O=深圳市汉维高新技术有限公司,L=Shenzhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\3.5.4\Development\Web1800\Release_Baseline\RTSSet\NetChecker.pdb

Imports

wsock32

gethostbyaddr
htons
gethostname
ioctlsocket
WSACleanup
recv
socket
WSAStartup
send
connect
closesocket
gethostbyname
inet_addr

kernel32

TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapFree
HeapAlloc
HeapReAlloc
LocalReAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitThread
GetDriveTypeA
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
CreateEventA
SetEvent
SetThreadPriority
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
SuspendThread
CreateThread
CreateFileA
GetPrivateProfileIntA
GetCurrentThreadId
GetLocalTime
GetExitCodeThread
TerminateThread
ResumeThread
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetCurrentThread
LocalAlloc
GetCurrentProcess
GetModuleHandleA
CreateProcessA
LoadLibraryA
GetProcAddress
FreeLibrary
WritePrivateProfileStringA
lstrcmpA
GetPrivateProfileStringA
GetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
MultiByteToWideChar
GetVersion
CompareStringA
CompareStringW
InterlockedExchange
FreeResource
GetProcessId
OpenProcess
Process32First
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
CloseHandle
lstrcatA
GetVersionExA
FindClose
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetModuleFileNameA
DeleteFileA
GetFileAttributesA
GetCurrentProcessId
TerminateProcess
lstrcpyA
GetLastError
CopyFileA
CreateDirectoryA
GetExitCodeProcess
Process32Next
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
Sleep
GetCommandLineA
CreateFileW

user32

GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetMenuState
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
DestroyMenu
GetSysColorBrush
UnregisterClassA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowPlacement
GetWindow
UpdateWindow
PtInRect
SystemParametersInfoA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
LoadBitmapA
CharUpperA
LoadCursorA
SetForegroundWindow
DrawIcon
SetWindowLongA
GetSystemMetrics
SetWindowRgn
IsIconic
SetWindowPos
PostMessageA
LoadIconA
GetWindowRect
ClientToScreen
GetSysColor
SetCapture
DrawStateA
InflateRect
GetCapture
DrawFocusRect
FrameRect
GetActiveWindow
CopyRect
EnableWindow
InvalidateRect
RedrawWindow
OffsetRect
ScreenToClient
GetCursorPos
LoadImageA
GetClientRect
SendMessageA
FillRect
PeekMessageA
SetCursor
GetParent
SetRect
DestroyCursor
ReleaseCapture
GetWindowLongA
WindowFromPoint

gdi32

GetDeviceCaps
CreatePen
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectObject
DeleteObject
CreateCompatibleDC
GetObjectA
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
GetTextMetricsA
GetCurrentObject
CreateFontIndirectA
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateFontA
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
BitBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
UrlUnescapeA
PathIsUNCA

ole32

CoCreateGuid

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

ws2_32

WSAEventSelect
WSACloseEvent
WSASetLastError
WSACreateEvent
WSAGetLastError
setsockopt
ioctlsocket

gdiplus

GdipDeleteBrush
GdipCreatePen1
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawPath
GdipAddPathArcI
GdipAlloc
GdipFree
GdipDeletePath
GdipCreateSolidFill
GdipCreatePath
GdipDeletePen
GdipCloneBrush
GdiplusStartup
GdipAddPathLineI

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
InitializeSecurityContextA
CompleteAuthToken
FreeCredentialsHandle

aesencryption

??0AESWrapper@@QAE@XZ
?RestoreKey@AESWrapper@@QAEHHQBE@Z
?GenerateKey@AESWrapper@@QAEHHQBE@Z
??1AESWrapper@@QAE@XZ

showmaticencryptiondll

?InitEncryptionClient@@YA_NIPAD0@Z
?InitEncryptionServer@@YA_NIPAD0@Z

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7cabccb31dd6dac7dfb0d5c945f2adb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:40:63:74:73:df:85:50:76:8d:bf:c7:19:29:0f:17Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

gdiplus

wininet

secur32

aesencryption

showmaticencryptiondll

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 108KB - Virtual size: 105KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:40:63:74:73:df:85:50:76:8d:bf:c7:19:29:0f:17
Certificate

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 108KB - Virtual size: 105KB