2994fe0d2fd92399486f878e0644f739_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2994fe0d2fd92399486f878e0644f739_icedid_JC.exe
Size

1.2MB
MD5

2994fe0d2fd92399486f878e0644f739
SHA1

1b5122d65c4a4983883def763ffca262b359ddca
SHA256

9582c7a98777e0dd840e9991bb4e6287877af9295e401d571244c520f9be6a98
SHA512

167968cf388ccb5815c99344f82a487b2b447891896971bacb11ce189eaafebfa861604a234db0d4e9b042c24fb3ce62dceee879922b77b7cb3eb3ca392e7b42
SSDEEP

24576:7z0tS71F7ydR3Ph4nK5ZACuvnb0KnQk9uLJZy/HQ:7z0tSRF7yf3Z2K0tvnIEQk9u7y/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2994fe0d2fd92399486f878e0644f739_icedid_JC.exe

Files

2994fe0d2fd92399486f878e0644f739_icedid_JC.exe
.exe windows x86

fc265189488ecd2361430ea4df371df9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmGetOpenStatus

wsock32

setsockopt
inet_ntoa
WSAStartup
WSACleanup
connect
socket
ioctlsocket
htons
bind
htonl
gethostname
gethostbyname
inet_addr
listen
recv
send
shutdown
closesocket
select
accept
getsockname

ssce4332

SSCE_SetOption
SSCE_GetOption
SSCE_GetSid
SSCE_SetMainLexFiles
SSCE_GetMainLexFiles
SSCE_SetHelpFile
SSCE_GetHelpFile
SSCE_SetMainLexPath
SSCE_GetMainLexPath
SSCE_SetRegTreeName
SSCE_GetRegTreeName
SSCE_CloseBlock
SSCE_CheckBlockDlgTmplt
SSCE_CheckBlockDlg
SSCE_GetBlockInfo
SSCE_CheckBlock
SSCE_OpenBlock
SSCE_EditLexDlgTmplt
SSCE_EditLexDlg
SSCE_OptionsDlgTmplt
SSCE_OptionsDlg

kernel32

SetEvent
SuspendThread
InterlockedDecrement
SetLastError
InterlockedIncrement
CreateEventA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
MoveFileA
GetFullPathNameA
GetStringTypeExA
GetCurrentProcess
GetShortPathNameA
GetFileAttributesA
GetThreadLocale
SetFileTime
lstrcmpA
GlobalFlags
GetCurrentThread
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathA
SearchPathA
GetProcessVersion
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GetFileTime
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
GlobalHandle
FindResourceExA
SetErrorMode
RtlUnwind
HeapFree
GetACP
HeapReAlloc
HeapAlloc
RaiseException
SetEnvironmentVariableA
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapSize
TerminateProcess
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsGetValue
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetCurrentProcessId
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetStdHandle
lstrcatA
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
DeleteFileA
GetWindowsDirectoryA
WritePrivateProfileStringA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
MulDiv
GetModuleHandleA
GetTickCount
SetFileAttributesA
GetVersion
GetModuleFileNameA
GetVersionExA
WinExec
GlobalAddAtomA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
FindNextFileA
FindClose
FindFirstFileA
lstrlenW
SetCurrentDirectoryA
GetProfileIntA
GetProfileStringA
GetCurrentDirectoryA
lstrcpynA
GlobalReAlloc
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
GetCPInfo
GetOEMCP
GlobalSize
LocalSize
GetFileSize
CopyFileA
OpenFile
_lclose
ReadFile
GetLastError
LocalLock
LocalUnlock
FreeLibrary
WriteFile
SetEndOfFile
SetFilePointer
GetCurrentThreadId
GetEnvironmentStringsW
CreateFileA
LocalFree
LocalAlloc
SetThreadPriority
ResumeThread
Sleep
CreateThread
GetProcAddress
LoadLibraryA
GetTimeFormatA
GetDateFormatA
GetSystemTime
GetLocalTime
GetLogicalDrives
GetVolumeInformationA
QueryDosDeviceA
GetDriveTypeA
LocalFileTimeToFileTime
SystemTimeToFileTime
CompareFileTime
GlobalDeleteAtom
GlobalGetAtomNameA
lstrcpyA
ExitThread
CreateProcessA
GetTempFileNameA
LoadResource
FindResourceA
LockResource
GlobalFindAtomA
lstrcmpiA

user32

DrawMenuBar
IsCharAlphaW
SetClipboardData
WinHelpA
LoadIconA
SetMenuDefaultItem
GetDCEx
GetDesktopWindow
InflateRect
DispatchMessageA
GetMessageA
PtInRect
GetCapture
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
IsWindow
IsChild
TranslateMDISysAccel
TranslateAcceleratorA
GetSystemMenu
BringWindowToTop
SetWindowPos
RedrawWindow
IntersectRect
GetTopWindow
IsRectEmpty
GetMenuState
DestroyWindow
GetClassInfoA
IsWindowEnabled
GetDlgItem
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
GetNextDlgTabItem
GetWindowPlacement
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
CallNextHookEx
SetWindowsHookExA
GetWindowTextA
GetWindowTextLengthA
SetWindowPlacement
GetScrollRange
SetScrollInfo
GetScrollInfo
EqualRect
AdjustWindowRectEx
SetFocus
MapWindowPoints
SendDlgItemMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
wvsprintfA
LoadStringA
TranslateMessage
GetWindowDC
GrayStringA
DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
DefFrameProcA
DefMDIChildProcA
MapDialogRect
PostQuitMessage
ShowOwnedPopups
ModifyMenuA
GetMenuItemID
DestroyCursor
SetCursorPos
WaitMessage
GetWindowThreadProcessId
GetSysColorBrush
InvertRect
GetClipboardData
OemToCharBuffA
GetClassLongA
GetUpdateRect
BeginPaint
EndPaint
ScreenToClient
SetCapture
ClientToScreen
WindowFromPoint
GetClassNameA
GetTabbedTextExtentA
ValidateRect
ScrollWindow
HideCaret
DrawTextA
TabbedTextOutW
SetScrollPos
SetCaretPos
SetScrollRange
GetTabbedTextExtentW
CharNextA
SetClassLongA
DestroyCaret
CreateCaret
ShowCaret
SetCursor
ReleaseCapture
LoadCursorA
GetSysColor
GetCaretPos
OpenClipboard
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
GetWindow
LockWindowUpdate
PeekMessageA
UnregisterClassA
FindWindowA
SetForegroundWindow
RegisterClassA
CreateWindowExA
UpdateWindow
SetWindowLongA
GetWindowLongA
DefWindowProcA
RegisterWindowMessageA
SetParent
GetDlgCtrlID
GetWindowRect
OffsetRect
GetSystemMetrics
wsprintfA
SetRectEmpty
CreatePopupMenu
GetCursorPos
AppendMenuA
GetKeyState
GetParent
IsWindowVisible
MessageBoxA
PostMessageA
SetActiveWindow
IsIconic
GetClientRect
SetRect
FillRect
InvalidateRect
LoadAcceleratorsA
GetKeyboardState
DestroyAcceleratorTable
CreateAcceleratorTableA
MapVirtualKeyA
CopyAcceleratorTableA
KillTimer
SetTimer
IsZoomed
GetDC
ReleaseDC
EnableWindow
SendMessageA
RemoveMenu
LoadImageA
CallWindowProcA
TrackPopupMenu
SetKeyboardState
GetAsyncKeyState
ToAscii
LoadBitmapA
LoadMenuA
GetSubMenu
GetFocus
WindowFromDC
EnableScrollBar
ShowScrollBar
GetScrollPos
SystemParametersInfoA
GetDoubleClickTime
CopyRect
TabbedTextOutA
IsCharLowerW
CharUpperW
IsCharUpperW
CharLowerW
CharUpperA
CharLowerA
IsCharAlphaA
IsCharLowerA
IsCharUpperA
IsClipboardFormatAvailable
MessageBeep
GetMenu
DestroyIcon
EmptyClipboard
CloseClipboard
CharToOemBuffA

gdi32

GetWindowOrgEx
GetTextFaceA
GetROP2
GetBkMode
GetTextAlign
GetPolyFillMode
GetStretchBltMode
GetBkColor
LPtoDP
EnumFontFamiliesExA
BitBlt
CombineRgn
SetRectRgn
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
GetViewportOrgEx
Rectangle
CreateRectRgnIndirect
PatBlt
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
CreateDCA
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetCurrentPositionEx
GetCurrentObject
SetTextAlign
IntersectClipRect
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
ExtTextOutW
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateBitmap
GetNearestColor
ExtTextOutA
GetTextColor
DPtoLP
GetClipBox
SelectClipRgn
CreateRectRgn
TextOutA
MoveToEx
LineTo
GetTextMetricsA
GetTextExtentPoint32W
SetBkColor
SetTextColor
CreatePen
GetCharWidth32W
GetTextExtentPoint32A
GetTextExtentPointA
SelectObject
DeleteObject
GetCharWidthA
CreateSolidBrush
CreateFontIndirectA
GetObjectA
GetDeviceCaps
GetStockObject

comdlg32

CommDlgExtendedError
ChooseFontA
GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ReplaceTextA
FindTextA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
GetFileSecurityA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
SetFileSecurityA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
Shell_NotifyIconA
SHFileOperationA
ShellExecuteExA
ShellExecuteA
ExtractIconA

comctl32

CreatePropertySheetPageA
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
PropertySheetA
DestroyPropertySheetPage
ord17

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc265189488ecd2361430ea4df371df9

Headers

File Characteristics

Imports

imm32

wsock32

ssce4332

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 844KB - Virtual size: 844KB

.rdata Size: 152KB - Virtual size: 149KB

.data Size: 44KB - Virtual size: 93KB

.rsrc Size: 232KB - Virtual size: 232KB

.text
Size: 844KB - Virtual size: 844KB

.rdata
Size: 152KB - Virtual size: 149KB

.data
Size: 44KB - Virtual size: 93KB

.rsrc
Size: 232KB - Virtual size: 232KB