2024-10-14_fabf80b0720623e4d546f0fdbf978611_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-14_fabf80b0720623e4d546f0fdbf978611_icedid
Size

695KB
MD5

fabf80b0720623e4d546f0fdbf978611
SHA1

89c9a180a0e5815869b4bdc849a38a7f9fa809e3
SHA256

5cdba9750908d767e746fb880799fb640eb7a14cf6ee59b00b5b48213b5d0d3d
SHA512

57ff224561d5e9d7bb2db1200768d20b1cdcec10dab4e4cc59a1c6484ce854890220e23977c88ed8708be82f6b92501ee24bb781c8f802d6c1b2c53e2187322d
SSDEEP

12288:mbZ1HQNN/QWMG6+xQkL2UXAJJVhUp1fNsGsSCrNfTVzoAk74q6i7:mbZ9DRnUuGsSiTVw6i7

Score

1^/10

Malware Config

Signatures

Files

2024-10-14_fabf80b0720623e4d546f0fdbf978611_icedid
.exe windows:5 windows x86 arch:x86

2d0d0571257d37723c059e97969ceddb

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:9f:a2:7f:21:2a:ff:03:d0:1e:63:48:b2:2e:bb:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29-03-2012 00:00

Not After

29-03-2013 23:59

Subject

CN=NIKON CORPORATION,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IMAGING COMPANY,O=NIKON CORPORATION,L=Chiyoda-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:5f:d4:35:37:d8:c8:bf:2e:8b:bd:d9:1b:8c:a2:94:56:60:fb:9f
Signer

Actual PE Digest

4a:5f:d4:35:37:d8:c8:bf:2e:8b:bd:d9:1b:8c:a2:94:56:60:fb:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
SHDeleteKeyW
PathIsUNCW
PathIsURLW

kernel32

SetEnvironmentVariableW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RaiseException
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetModuleFileNameW
GetFileAttributesA
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
FindResourceW
SizeofResource
LockResource
LoadResource
GetVersionExW
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateMutexW
CloseHandle
OpenMutexW
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
Sleep
lstrlenW
GetExitCodeProcess
OpenProcess
CreateProcessW
DeleteFileW
GetCurrentProcess
GetModuleHandleW
GetUserDefaultLangID
GetSystemDefaultLangID
GetLocaleInfoW
LocalFree
LocalAlloc
GetLastError
GetCurrentThread
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetSystemDirectoryW
GetPrivateProfileIntW
InitializeCriticalSection
DeleteCriticalSection
FreeResource
GlobalFree
GlobalUnlock
ExitProcess
GetSystemTimeAsFileTime
GlobalLock
GetVersionExA
lstrcmpW
SetLastError
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetErrorMode
WritePrivateProfileStringW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GlobalFlags
lstrlenA
GetModuleHandleA
MulDiv
InterlockedDecrement
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
LoadLibraryExW
CompareStringA
GlobalAlloc
FormatMessageW

user32

PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
UnregisterClassW
GetSysColorBrush
DestroyMenu
GetWindowThreadProcessId
SetWindowContextHelpId
MapDialogRect
GetMessageW
ValidateRect
CharUpperW
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
SetParent
ReleaseDC
SendMessageW
GetDC
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetSubMenu
GetWindowRect
LoadIconW
PostMessageW
SetTimer
KillTimer
SetWindowRgn
GetWindowRgn
GetFocus
InvalidateRect
EnableWindow
SetCursor
LoadCursorW
IsWindowVisible
RedrawWindow
SetRect
MessageBoxA
MessageBoxW
wsprintfW
LoadStringW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
DispatchMessageW
TranslateMessage
PeekMessageW
IsWindow
SystemParametersInfoW
SetCapture
GetParent
ReleaseCapture
GetActiveWindow
GetCursorPos
MsgWaitForMultipleObjects
ExitWindowsEx
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
DrawTextW

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
GetDeviceCaps
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
ExcludeClipRect
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
SetDIBColorTable
CreateFontIndirectW
CreateSolidBrush
GetCurrentObject
GetTextExtentPoint32W
GetDIBColorTable
GetObjectW
StretchBlt
CreateDIBSection
DeleteObject
DeleteDC
CreateRoundRectRgn
CreateRectRgn
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderLocation

comctl32

ord17

oledlg

OleUIBusyW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCloneImage
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipCreateSolidFill
GdipCloneBrush
GdipGraphicsClear
GdipDrawString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetSolidFillColor
GdipSetTextRenderingHint
GdipAlloc
GdipCreateFromHDC
GdipCreateStringFormat
GdipMeasureString
GdipDeleteStringFormat
GdipDeleteBrush
GdipDeleteFont
GdipFree
GdipDeleteGraphics

Sections

.text
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d0d0571257d37723c059e97969ceddb

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

40:9f:a2:7f:21:2a:ff:03:d0:1e:63:48:b2:2e:bb:ddCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4a:5f:d4:35:37:d8:c8:bf:2e:8b:bd:d9:1b:8c:a2:94:56:60:fb:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 427KB - Virtual size: 427KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 2.1MB

.rsrc Size: 156KB - Virtual size: 156KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

40:9f:a2:7f:21:2a:ff:03:d0:1e:63:48:b2:2e:bb:dd
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4a:5f:d4:35:37:d8:c8:bf:2e:8b:bd:d9:1b:8c:a2:94:56:60:fb:9f
Signer

.text
Size: 427KB - Virtual size: 427KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 2.1MB

.rsrc
Size: 156KB - Virtual size: 156KB