81cddcaf4faa3cb12020b2b932422009_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

81cddcaf4faa3cb12020b2b932422009_icedid_JC.exe
Size

1008KB
MD5

81cddcaf4faa3cb12020b2b932422009
SHA1

726986f45f13df6eb1231c14aa848264ae188cdd
SHA256

5b5e15d9fe8b3860e6a6d70e01a6b314fb510d541bb35aa00d94107a6be78f1d
SHA512

7877676ce1f61014f0464cd348c944bdb3c1ece4d3695f17011924bf6287f4ec5ee4a74e9e9e8b0c11adb205fae6dbee8a829c787133295b7ac0c173f8e54427
SSDEEP

24576:Lh3+pKHDDR2JOt934J7Z6bQaj1BvUm9J:8QHDDsJE3jM2ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81cddcaf4faa3cb12020b2b932422009_icedid_JC.exe

Files

81cddcaf4faa3cb12020b2b932422009_icedid_JC.exe
.exe windows x86

7b07fbee994861d89766f08ea2b8301b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathIsUNCA
SHDeleteKeyA
PathFileExistsA
PathAddBackslashA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA

mscms

EnumColorProfilesA

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
SetStdHandle
GetFileType
TerminateProcess
GlobalFlags
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedDecrement
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
MulDiv
GetSystemDirectoryW
SetLastError
WriteFile
GetFileSize
GlobalLock
ReadFile
GlobalUnlock
SetEndOfFile
GetFileAttributesA
LocalFree
LocalAlloc
CreateMutexA
CopyFileA
GetPrivateProfileIntA
CreateDirectoryA
ReleaseMutex
GetModuleHandleA
lstrcpynA
OpenMutexA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetSystemInfo
GetProfileStringA
WriteProfileStringA
GlobalReAlloc
SetFileAttributesA
GetModuleFileNameA
GetShortPathNameA
MoveFileExA
CreateFileA
FormatMessageA
Sleep
DeleteFileA
RemoveDirectoryA
FindNextFileA
OpenProcess
lstrcmpA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
WritePrivateProfileStringA
CreateProcessA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GlobalAlloc
GlobalFree
lstrcpyA
GetWindowsDirectoryA
lstrcatA
FindFirstFileA
FindClose
GetPrivateProfileStringA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
SetCursor
GetMessageA
GetCursorPos
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextA
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
IsWindowVisible
GetMenu
AdjustWindowRectEx
ScreenToClient
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindow
CopyRect
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadStringA
GetWindowLongA
SetWindowLongA
GetParent
GetSysColor
LoadIconA
SetForegroundWindow
GetFocus
SetActiveWindow
GetActiveWindow
RedrawWindow
InvalidateRect
UpdateWindow
GetClientRect
IsIconic
GetSystemMenu
PostMessageA
DrawFocusRect
DrawIcon
PeekMessageA
TranslateMessage
DispatchMessageA
SendMessageTimeoutA
FindWindowA
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
DestroyIcon
GetForegroundWindow
MessageBoxA
SendMessageA
EnableWindow
GetWindowRect
wsprintfA
CharUpperA
GetKeyState

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetStockObject
DeleteDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetTextExtentPoint32A
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

EnumPrintersA
GetPrinterDriverDirectoryA
EnumPrinterDriversA
DeleteMonitorA
SetPrinterA
ClosePrinter
GetPrinterA
OpenPrinterA
DeletePrinterConnectionA
DeletePrinterDriverA
DeletePrinter
GetPrinterDriverA
DocumentPropertiesA

advapi32

QueryServiceConfigA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
GetTokenInformation
OpenProcessToken
ControlService
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
EnumDependentServicesA
RegDeleteValueA
RegEnumValueA
RegSetValueExA
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerA
OpenServiceA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconExA

comctl32

ImageList_ReplaceIcon
ImageList_Draw
ImageList_Destroy
ImageList_Create
ord17

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b07fbee994861d89766f08ea2b8301b

Headers

File Characteristics

Imports

version

shlwapi

mscms

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 296KB - Virtual size: 292KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 60KB - Virtual size: 74KB

.rsrc Size: 596KB - Virtual size: 600KB

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 60KB - Virtual size: 74KB

.rsrc
Size: 596KB - Virtual size: 600KB