IcedID[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

IcedID.zip
Size

26KB
MD5

29588684f0320748e56d0817caea172e
SHA1

ca502062d1f3395bbb9b29dc5faf020cd445b2f9
SHA256

382e2d490717e2e314f3abc2d04ce6e8644ddf262878bf71fce50caeaeb1036e
SHA512

d12ceb68abbddc5fc398fd48ffe31ff90dce074252cbe8f7a344f07e2e902a9f9f15071621d16fa0414bd90575eb4e1c21dc9d49d44d57e0e8beb9eb609c5337
SSDEEP

768:AWXLHXDp1Bx1kKSsDOEu9ASdDjixCVYDmxInwfiOLnwbznO:A0dq9HbYKIYiOcbznO

Score

1^/10

Malware Config

Signatures

Files

IcedID.zip
.zip

Password: infected
33cc3816f98fa22354559711326a5ce1352d819c180be4328a72618d20a78632.exe
.dll regsvr32 windows:6 windows x64 arch:x64

001d993cb52b06dd86f1aafa1c13bed8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:58:50:4e:79:71:86:9d:0a:ec:27:75:ff:fa:03:d5
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14-06-2021 00:00

Not After

14-06-2022 23:59

Subject

CN=Amcert LLC,O=Amcert LLC,L=Yerevan,C=AM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a1:49:31:ca:89:02:2f:87:a6:b2:ab:3b:85:17:fb:cb:e7:7c:ac:17
Signer

Actual PE Digest

a1:49:31:ca:89:02:2f:87:a6:b2:ab:3b:85:17:fb:cb:e7:7c:ac:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadPriority
GetCurrentThread
CreateThread
WaitForSingleObject
DuplicateHandle
ResumeThread

Exports

Exports

DfcidmAgqxxIybvoovbd
DllGetClassObject
DllRegisterServer
FbyouxodmaAmblxtzonyr
GhjrgreaggXyoydphfea
NrmqrpckejMlzraxTtfncwsvfmhs
PluginInit

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

001d993cb52b06dd86f1aafa1c13bed8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

a7:58:50:4e:79:71:86:9d:0a:ec:27:75:ff:fa:03:d5Certificate

Extended Key Usages

Key Usages

a1:49:31:ca:89:02:2f:87:a6:b2:ab:3b:85:17:fb:cb:e7:7c:ac:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 96B

.pdata Size: 512B - Virtual size: 204B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

a7:58:50:4e:79:71:86:9d:0a:ec:27:75:ff:fa:03:d5
Certificate

a1:49:31:ca:89:02:2f:87:a6:b2:ab:3b:85:17:fb:cb:e7:7c:ac:17
Signer

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 96B

.pdata
Size: 512B - Virtual size: 204B