metasploit | 2024-12-19_f4102ac9676cf9513b6e973192c44fcb_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-19_f4102ac9676cf9513b6e973192c44fcb_icedid
Size

6.0MB
MD5

f4102ac9676cf9513b6e973192c44fcb
SHA1

1aecb87b298107a84f64bbd2240d2fba5e030d6b
SHA256

78df6b1bd10df9a7ce389288b6c2760e493016996a34f14fe96ffbb139188621
SHA512

4c58abb391ee3df9d6197433b428b4cf8c3fb4b9bb2d797d81bda72e1565963345390b8109afca9c9bd6dddc5977ee15291a263add790ec62381f267e0983d75
SSDEEP

98304:0pweKekgplcPS441tDElhjcbNlqbSo8dX0GzL:PeKekgpGvuDKGfpLdDzL

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.52.130:4444

Signatures

Metasploit family
metasploit

Files

2024-12-19_f4102ac9676cf9513b6e973192c44fcb_icedid
.exe windows:5 windows x86 arch:x86

ac591e4899b8929372acc64de79f9299

Code Sign

07:1d:b8:dd:ab:f2:3f:6d:d4:d4:52:af:40:12:77:eb
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22-10-2008 12:07

Not After

30-12-2025 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:6b:88:d8:3f:d4:0f:d7:f2:4e:1d:d2:22:85:f2:7e
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20-09-2011 11:04

Not After

20-09-2026 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:90:49:e1:73:e8:db:8b:eb:2b:16:98:66:e4:91:a5
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17-04-2014 08:26

Not After

16-04-2017 08:26

Subject

CN=geekuninstaller.com,O=geekuninstaller.com,C=BY,1.2.840.113549.1.9.1=#0c1b737570706f7274406765656b756e696e7374616c6c65722e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

26:0c:f8:65:cd:4c:70:74:67:5a:65:05:dd:ae:5b:d3:fc:07:5a:b9
Signer

Actual PE Digest

26:0c:f8:65:cd:4c:70:74:67:5a:65:05:dd:ae:5b:d3:fc:07:5a:b9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\Uninstall Tool\Ready\geek.pdb

Imports

kernel32

SetErrorMode
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
ExitProcess
GetModuleHandleExW
HeapQueryInformation
SetStdHandle
GetFileType
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetFileAttributesW
GetCPInfo
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetConsoleCP
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
FreeResource
GetSystemDirectoryW
EncodePointer
GetThreadLocale
LoadLibraryA
lstrcmpiW
LoadLibraryExW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FormatMessageW
GlobalFree
GetModuleHandleA
SetLastError
GetACP
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetPrivateProfileSectionNamesW
TerminateThread
lstrlenA
VirtualUnlock
VirtualLock
OutputDebugStringW
OutputDebugStringA
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
WriteFileEx
SignalObjectAndWait
WaitForMultipleObjectsEx
GetSystemInfo
GetSystemTimeAsFileTime
SetFilePointerEx
GetFileSizeEx
InterlockedIncrement
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
MoveFileExW
GetComputerNameW
SetFilePointer
lstrcmpW
ReadFile
ResetEvent
InterlockedExchangeAdd
InterlockedExchange
GetTickCount
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
HeapReAlloc
DecodePointer
lstrcpynW
DeleteCriticalSection
InitializeCriticalSection
DeleteFileW
GetLocalTime
WriteFile
GetVersionExW
LocalUnlock
LocalLock
LocalAlloc
InterlockedDecrement
VerifyVersionInfoW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
VerSetConditionMask
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
SetEvent
SearchPathW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
Sleep
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
LeaveCriticalSection
EnterCriticalSection
GetLastError
OpenProcess
LocalFree
WideCharToMultiByte
GetExitCodeThread
MultiByteToWideChar
CreateProcessW
GetUserDefaultLCID
GetUserDefaultUILanguage
FindNextFileW
FindFirstFileW
GetFileAttributesExW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
FindResourceW
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
FreeLibrary
FindClose
GetFileSize
SizeofResource
LoadResource
WaitForSingleObject
GetLongPathNameW
LockResource
CreateFileW
GetCurrentDirectoryW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
lstrcatW
lstrcpyW
GetNativeSystemInfo
GetSystemTime
CloseHandle
GetCurrentThreadId
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
VirtualProtect
GetVersion
GetProcAddress
GetOEMCP

user32

MessageBoxA
CopyIcon
ClientToScreen
GetMenuDefaultItem
TrackPopupMenu
IsWindowVisible
UnregisterClassW
EqualRect
SetClassLongW
CopyRect
AppendMenuW
CreatePopupMenu
EnumWindows
InflateRect
WinHelpW
IsDialogMessageW
LoadStringW
LoadIconW
GetLastActivePopup
GetClassNameW
MessageBeep
GetWindowTextW
SetWindowTextW
EndPaint
SetActiveWindow
ValidateRect
SetScrollRange
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
KillTimer
SetTimer
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
GetDlgItem
CreateDialogIndirectParamW
SetWindowPos
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
TranslateMessage
SystemParametersInfoW
GetWindow
SetWindowLongW
GetWindowLongW
IsRectEmpty
GetWindowRect
RedrawWindow
InsertMenuW
SendDlgItemMessageA
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
CharUpperW
ReleaseDC
GetForegroundWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadMenuW
UnhookWindowsHookEx
DrawTextExW
UpdateWindow
GrayStringW
TabbedTextOutW
GetWindowDC
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsChild
SetPropW
GetActiveWindow
RegisterWindowMessageW
SendMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
EnableWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
GetCapture
GetMenu
SetMenu
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
DestroyIcon
LoadImageW
DrawIconEx
GetIconInfo
GetDC
CreateIconIndirect
SetRectEmpty
GetMessageW
DefWindowProcW
CreateWindowExW
GetPropW
RemovePropW
GetWindowTextLengthW
AdjustWindowRectEx
GetClassLongW
GetTopWindow
SetWindowsHookExW
CallNextHookEx
MonitorFromWindow
GetMonitorInfoW
IsWindowEnabled
GetDesktopWindow
IntersectRect
GetKeyNameTextW
PostThreadMessageW
MapVirtualKeyW
RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
IsIconic
DeleteMenu
RealChildWindowFromPoint
GetSysColorBrush
SetWindowContextHelpId
WindowFromPoint
GetMenuItemInfoW
DestroyMenu
CharNextW
MapDialogRect
ShowWindow
GetSystemMetrics
WaitForInputIdle
SetFocus
SetForegroundWindow
CharLowerW
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
DispatchMessageW
MessageBoxW
FindWindowW
FindWindowExW
GetWindowThreadProcessId
EnumDisplaySettingsW
DrawStateW
FillRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateMDISysAccel
DefFrameProcW
DrawMenuBar
GetCursor
GetTabbedTextExtentA
SendMessageTimeoutW
GetDoubleClickTime
DrawEdge
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SetCursorPos
LookupIconIdFromDirectoryEx
SetWindowRgn
IsClipboardFormatAvailable
IsZoomed
MapVirtualKeyExW
MoveWindow
AttachThreadInput
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
MapWindowPoints
GetMessagePos
DrawFrameControl
CharLowerBuffW
GetDCEx
LockWindowUpdate
InvertRect
wsprintfW
SetParent
DrawFocusRect
UnionRect
CreateIconFromResourceEx
IsMenu
GetWindowRgn
HideCaret
ShowCaret
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
IsCharLowerW
GetKeyboardState

gdi32

SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetStretchBltMode
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
GetMapMode
RestoreDC
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetTextMetricsW
EnumFontFamiliesExW
GetRgnBox
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateBitmap
BitBlt
GetBitmapBits
CreateDIBSection
RoundRect
Rectangle
GetStockObject
CreatePen
SetTextColor
SetBkColor
GetTextExtentPoint32W
DeleteDC
SetPixel
Polygon
GetCurrentObject
StretchBlt
GetDIBits
PtInRegion
CreateFontW
Polyline
GetViewportOrgEx
StretchDIBits
ExtCreateRegion
Ellipse
GetCharWidthW
GetTextAlign
GetTextExtentPoint32A
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
CreatePolygonRgn
GetWindowOrgEx
RealizePalette
SetDIBitsToDevice
CreateDCW
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
PatBlt
Escape
CreateSolidBrush

msimg32

GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
LookupPrivilegeValueW
ConvertSidToStringSidW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
ExtractIconExW
SHGetFileInfoW
ShellExecuteW

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Draw
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetIconSize

shlwapi

StrFormatByteSizeW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathFileExistsW
PathStripPathW
PathAddBackslashW
PathRemoveArgsW
ord487
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathParseIconLocationW
PathIsDirectoryW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
IsAppThemed

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal

oleaut32

VarBstrFromDate
VarDateFromStr
VariantCopy
SafeArrayGetElemsize
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
VarUdateFromDate
OleLoadPicturePath

oledlg

OleUIBusyW
OleUIAddVerbMenuW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetGetLastResponseInfoW
InternetSetOptionExW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetStatusCallbackW

winmm

PlaySoundW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

ac591e4899b8929372acc64de79f9299

Code Sign

07:1d:b8:dd:ab:f2:3f:6d:d4:d4:52:af:40:12:77:ebCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:6b:88:d8:3f:d4:0f:d7:f2:4e:1d:d2:22:85:f2:7eCertificate

Extended Key Usages

Key Usages

60:90:49:e1:73:e8:db:8b:eb:2b:16:98:66:e4:91:a5Certificate

Extended Key Usages

Key Usages

26:0c:f8:65:cd:4c:70:74:67:5a:65:05:dd:ae:5b:d3:fc:07:5a:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

version

psapi

oleacc

wininet

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 499KB - Virtual size: 498KB

.data Size: 38KB - Virtual size: 60KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

07:1d:b8:dd:ab:f2:3f:6d:d4:d4:52:af:40:12:77:eb
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:6b:88:d8:3f:d4:0f:d7:f2:4e:1d:d2:22:85:f2:7e
Certificate

60:90:49:e1:73:e8:db:8b:eb:2b:16:98:66:e4:91:a5
Certificate

26:0c:f8:65:cd:4c:70:74:67:5a:65:05:dd:ae:5b:d3:fc:07:5a:b9
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 499KB - Virtual size: 498KB

.data
Size: 38KB - Virtual size: 60KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB