2024-10-17_be8ec60de57de547aba31ada1193fa40_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-17_be8ec60de57de547aba31ada1193fa40_icedid
Size

841KB
MD5

be8ec60de57de547aba31ada1193fa40
SHA1

2c73d46504752a6e1b1e214c78bec58df73396c5
SHA256

61cfa03ef8b1f2d240eb82d38f6358c2ae7b54574f33619714febd58e8bd6744
SHA512

9a803d552448709f6a49c748ac639e77f4d546dca6536a82b96cb36e8261775b636306788bbab6bd68f3ff9465e6f78ced15244735379896e1c87be633fb614a
SSDEEP

12288:huNClB22FzSAcGzrtdfx7EpX1blydOYeLnketXFTA3oPwAfvuGfZj30G6TLu:sNClbzq55yenkh3ewAvj2u

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_be8ec60de57de547aba31ada1193fa40_icedid
.exe windows:5 windows x86 arch:x86

c1fbbfbf5e9c357de59d2f58b4ade530

Code Sign

05:f5:1e:bf:e2:0c:2b:dc:a6:d3:6c:3e:5c:55:6e:b7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/08/2023, 00:00

Not After

27/08/2026, 23:59

Subject

CN=ElectraWorks Limited,O=ElectraWorks Limited,L=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:68:a1:52:2a:d7:91:9a:bb:00:8e:22:cc:c7:be:1f:62:af:1b:c8:bf:a0:1d:f4:e9:06:06:6c:93:17:28:82
Signer

Actual PE Digest

b4:68:a1:52:2a:d7:91:9a:bb:00:8e:22:cc:c7:be:1f:62:af:1b:c8:bf:a0:1d:f4:e9:06:06:6c:93:17:28:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Codebase\Release2019\core\vcclient\SmartInstaller\src\UnicodeRelease\SmartInstaller.pdb

Imports

zlib

ord81
ord82
ord83
ord80
ord84
ord61
ord62
ord67
ord68
ord72
ord65
ord66
ord64
ord63

kernel32

GetFileTime
GlobalReAlloc
TlsGetValue
ConvertDefaultLocale
CompareStringA
InterlockedExchange
GetFileSizeEx
GetStartupInfoW
SetEvent
SetThreadPriority
LocalAlloc
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
lstrcpynW
WaitForSingleObject
FindNextFileW
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetSystemInfo
GetTempPathW
GetTimeZoneInformation
GetCurrentProcessId
GlobalMemoryStatus
FindFirstFileW
FindClose
GetCurrentThread
GetVersion
EnumResourceLanguagesW
OpenProcess
HeapAlloc
GetACP
GetLocaleInfoW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
ExitThread
GetVersionExW
LoadLibraryW
CreateEventW
Sleep
ExitProcess
CreateFileW
SetFilePointer
ReadFile
CloseHandle
IsBadWritePtr
WriteFile
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
SetUnhandledExceptionFilter
LoadLibraryA
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
lstrlenA
lstrcmpA
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetProcAddress
VirtualProtect
GetCurrentProcess
FlushInstructionCache
FreeLibrary
SuspendThread
FreeResource
CreateThread
SetCurrentDirectoryW
GetExitCodeThread
TerminateThread
GetFileAttributesW
RemoveDirectoryW
MoveFileW
ResumeThread
OutputDebugStringW
GetPrivateProfileSectionW
InterlockedDecrement
GetProcessHeap
HeapFree
InterlockedIncrement
lstrlenW
GetTickCount
WideCharToMultiByte
lstrcmpiW
DeleteFileW
GetLastError
CopyFileW
GetPrivateProfileStringW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
WritePrivateProfileStringW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GlobalFree
LocalFree
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetDateFormatA
GetTimeFormatA
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
VirtualAlloc
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
GetDriveTypeA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
DeleteCriticalSection
InitializeCriticalSection

gdi32

RestoreDC
SaveDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
DeleteObject
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
CreateRectRgnIndirect
GetRgnBox
LPtoDP
DPtoLP
GetStockObject
GetDeviceCaps
GetTextExtentPointW
GetTextMetricsW
SelectObject
CreateFontW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetObjectW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateRectRgn
GetMapMode
GetViewportExtEx
GetWindowExtEx

user32

PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
MoveWindow
GetWindow
GetDlgCtrlID
GetDC
RegisterWindowMessageW
ReleaseDC
CharNextW
UnregisterClassW
SetTimer
IsWindowVisible
InvalidateRect
MessageBoxW
PostQuitMessage
UpdateWindow
GetClientRect
EnableWindow
GetParent
SendMessageW
PostMessageW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
FindWindowW
GetWindowThreadProcessId
GetClassLongW
WindowFromDC
GetSysColor
GetCursorPos
GetKeyState
GrayStringW
TabbedTextOutW
GetFocus
EqualRect
DrawTextW
FillRect
IsWindow
wvsprintfW
DrawTextExW
LoadCursorW
KillTimer
OffsetRect
SetCursor
ReleaseCapture
SetCapture
RedrawWindow
PtInRect
GetWindowLongW
SetWindowLongW
FindWindowExW
GetWindowRect
ShowWindow
GetDlgItem
GetClassNameW
GetWindowTextW
SetWindowTextW
ScreenToClient
CopyRect
BeginPaint
EndPaint
ClientToScreen
AdjustWindowRectEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
CharUpperW
GetWindowDC
GetWindowPlacement
IsIconic
IntersectRect
SetWindowPos
GetMenu
CallWindowProcW
DefWindowProcW
SetWindowPlacement
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
SetForegroundWindow
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthW
SetFocus
RemovePropW
GetPropW
SetPropW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
IsWindowEnabled
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetMessageW
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
DestroyMenu
SystemParametersInfoA

ole32

CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
CoRevokeClassObject
CLSIDFromProgID
OleInitialize
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicture
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
OleCreateFontIndirect
GetErrorInfo
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen

oledlg

ord3
OleUIBusyW
ord1

shell32

SHGetFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHChangeNotify
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
ord680
SHCreateDirectoryExW

comctl32

ord17

advapi32

MapGenericMask
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegCreateKeyW
RegEnumKeyExW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
IsValidSid
AccessCheck
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
RegDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathAppendW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
SHCopyKeyW

wsock32

inet_addr
WSACleanup
gethostname
WSAStartup
gethostbyname

wininet

InternetSetOptionW
InternetCloseHandle
InternetSetStatusCallbackW
InternetCrackUrlW
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFileExA
InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetReadFile
InternetGetConnectedStateExW
InternetCanonicalizeUrlW
HttpAddRequestHeadersW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetWriteFile

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1fbbfbf5e9c357de59d2f58b4ade530

Code Sign

05:f5:1e:bf:e2:0c:2b:dc:a6:d3:6c:3e:5c:55:6e:b7Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

b4:68:a1:52:2a:d7:91:9a:bb:00:8e:22:cc:c7:be:1f:62:af:1b:c8:bf:a0:1d:f4:e9:06:06:6c:93:17:28:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlib

kernel32

gdi32

user32

ole32

oleaut32

oledlg

shell32

comctl32

advapi32

version

shlwapi

wsock32

wininet

comdlg32

winspool.drv

Sections

.text Size: 560KB - Virtual size: 559KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 14KB - Virtual size: 54KB

.rsrc Size: 112KB - Virtual size: 112KB

05:f5:1e:bf:e2:0c:2b:dc:a6:d3:6c:3e:5c:55:6e:b7
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

b4:68:a1:52:2a:d7:91:9a:bb:00:8e:22:cc:c7:be:1f:62:af:1b:c8:bf:a0:1d:f4:e9:06:06:6c:93:17:28:82
Signer

.text
Size: 560KB - Virtual size: 559KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 14KB - Virtual size: 54KB

.rsrc
Size: 112KB - Virtual size: 112KB