4694e746622f3f96664be9fd4fe83a67_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4694e746622f3f96664be9fd4fe83a67_icedid_JC.exe
Size

2.8MB
MD5

4694e746622f3f96664be9fd4fe83a67
SHA1

00ada9d5bf72f5d9972c853e23820036f881914d
SHA256

f221f5e0fac1b24b2067b8d9d926c7db94849469a92567208ea5325cdd4f4332
SHA512

00499b5b903c9329bf82d92e1ba730addfa71b89d875de40aceda66bb2d7d5737d92ac4d9798f0b1f54d26b114c7bdf648dba87ed52ccd87fd3f2cb6710e0bf8
SSDEEP

12288:FSH7MCjt2+8immWzFbdAEpTPHVGhQeRuCnaX5ano9ajDXMXImYm85:Qv8bmWPAEpTPHheRXnapacanXMXI3J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4694e746622f3f96664be9fd4fe83a67_icedid_JC.exe

Files

4694e746622f3f96664be9fd4fe83a67_icedid_JC.exe
.exe windows x86

5b8d7a5fb20a91bea42d4af269ad2ed3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
CreateMutexA
UnhandledExceptionFilter
CreateThread
ExitThread
RaiseException
GetSystemTimeAsFileTime
RtlUnwind
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetModuleHandleW
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
FormatMessageA
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
SetLastError
GlobalAddAtomA
SetEvent
SetThreadPriority
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
GetDriveTypeA
GetVolumeInformationA
OpenMutexA
ReleaseMutex
LocalFree
GetExitCodeProcess
GetSystemDirectoryA
MultiByteToWideChar
GetCurrentThreadId
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
TryEnterCriticalSection
FreeLibrary
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcpyA
WriteFile
lstrlenA
EnterCriticalSection
GetTempFileNameA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
GetCurrentThread
GetVersionExA
GetModuleFileNameA
CreateFileA
lstrcatA
GetTempPathA
CreateProcessA
lstrcmpiA
SetFileAttributesA
DeleteFileA
CopyFileA
GetLastError
GetModuleHandleA
CreateEventA
WaitForSingleObject
GetCurrentProcess
TerminateProcess
Sleep
CloseHandle
VirtualFree

user32

CopyAcceleratorTableA
CharNextA
CharUpperA
GetSysColorBrush
ReleaseCapture
SetCapture
WindowFromPoint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
AdjustWindowRectEx
IsRectEmpty
EqualRect
CopyRect
PtInRect
CallWindowProcA
GetMenu
SetWindowLongA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
DestroyIcon
RegisterClassA
IsWindowVisible
FindWindowExA
GetWindowThreadProcessId
AttachThreadInput
GetFocus
FindWindowA
GetMessageA
TranslateMessage
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
DestroyMenu
DispatchMessageA
GetPropA
IsWindowEnabled
ScreenToClient
RegisterClipboardFormatA
PostThreadMessageA
GetClassInfoA
EnumChildWindows
RemovePropA
SetPropA
GetDlgCtrlID
SetWindowPos
SetWindowRgn
MoveWindow
SetForegroundWindow
SetFocus
RedrawWindow
InvalidateRect
OffsetRect
SetCursor
GetSysColor
LoadIconA
SendMessageA
KillTimer
SetTimer
EnumWindows
LoadImageA
DrawTextA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
BeginPaint
GetClientRect
EndPaint
DefWindowProcA
GetDesktopWindow
GetWindowRect
GetDC
FillRect
ReleaseDC
DestroyWindow
EnableWindow
GetParent
PostMessageA
wsprintfA
WaitForInputIdle

gdi32

GetBkColor
GetTextColor
GetRgnBox
CreateRectRgnIndirect
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetTextAlign
RestoreDC
SaveDC
GetClipBox
DPtoLP
GetMapMode
SetMapMode
CreateBitmap
ExtCreateRegion
GetDeviceCaps
Rectangle
GetObjectA
GetViewportOrgEx
SetViewportOrgEx
CreateFontIndirectA
SetTextColor
SetBkMode
GetPixel
SetBkColor
TextOutA
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupPrivilegeValueA
InitializeSecurityDescriptor
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
ControlService
ChangeServiceConfigA
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetNamedSecurityInfoA
SetSecurityDescriptorDacl
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA

comctl32

ord17
_TrackMouseEvent

shlwapi

StrCmpNIA
SHRegSetUSValueA
SHRegGetUSValueA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoDisconnectObject
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringByteLen
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
VariantClear
VariantCopy
VariantChangeType
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit
SysStringLen

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules
GetModuleBaseNameA

wininet

InternetSetFilePointer
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryOptionA
InternetReadFile

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

ws2_32

inet_ntoa
WSACleanup
gethostname
WSAStartup
gethostbyname

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b8d7a5fb20a91bea42d4af269ad2ed3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

wininet

rpcrt4

ws2_32

Sections

.text Size: 279KB - Virtual size: 278KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 13KB - Virtual size: 27KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.text
Size: 279KB - Virtual size: 278KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 13KB - Virtual size: 27KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB