089a26a4cd4429ce9874c035a14b30e5_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

089a26a4cd4429ce9874c035a14b30e5_icedid_JC.exe
Size

920KB
MD5

089a26a4cd4429ce9874c035a14b30e5
SHA1

20ce595080a16908ed78f3d6c0c917ea12734f45
SHA256

34e5d3753b8f058932c46ca231bff015b2d04ffc3a9dc486a229528bafe3a465
SHA512

cd78b1957dccbf263ebeeacff4992b0e69ab77c6539a936cba7a0f1daebe3eefc302200985a1684f4d38f5a95db2b58b7fe90395353cf710c92d8aebadac2403
SSDEEP

24576:y8BFFHzdWyZFzYCUmC/NFsJrj6iX7autJ:y8PWyZFz8v/PsJrj6+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
089a26a4cd4429ce9874c035a14b30e5_icedid_JC.exe

Files

089a26a4cd4429ce9874c035a14b30e5_icedid_JC.exe
.exe windows x86

fd4c067acdc2b57573b783af120cb672

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
HeapReAlloc
ExitThread
HeapSize
SetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetFileTime
SetHandleCount
GetStdHandle
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
LocalAlloc
FileTimeToLocalFileTime
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
FileTimeToSystemTime
InterlockedDecrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
CreateEventA
SuspendThread
SetEvent
GetCurrentThreadId
ResumeThread
SetThreadPriority
FreeResource
lstrcmpA
SetLastError
GlobalFree
MulDiv
lstrcpynA
WritePrivateProfileStringA
GetPrivateProfileStringA
TerminateThread
GetExitCodeThread
WaitForSingleObject
GlobalAlloc
GetLogicalDrives
GlobalLock
GlobalUnlock
FindFirstFileA
FindNextFileA
FindClose
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetVersion
RaiseException
Module32First
Module32Next
GetCommandLineA
GetCurrentProcess
CreateMutexA
OpenProcess
TerminateProcess
GetVolumeInformationA
GetLastError
GetFileAttributesA
FormatMessageA
LocalFree
CreateFileA
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
lstrcatA
WinExec
lstrcpyA
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Thread32First
Thread32Next
Process32Next
DeleteFileA
CreateDirectoryA
GetTickCount
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
CreateThread
CloseHandle
Sleep
ReadProcessMemory
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeW
InterlockedExchange

user32

TranslateAcceleratorA
InvalidateRgn
CopyAcceleratorTableA
SetRect
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
WindowFromPoint
IsRectEmpty
FindWindowA
DestroyMenu
GetMenuItemInfoA
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
SetMenu
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
ClientToScreen
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
SetForegroundWindow
UnregisterClassA
GetMenu
IsWindowVisible
SetWindowRgn
IsIconic
GetSystemMenu
GetMenuItemID
GetMenuItemCount
EnableMenuItem
CheckMenuItem
AppendMenuA
CreatePopupMenu
DrawIcon
CharUpperA
EnumWindows
GetWindowLongA
MessageBoxA
PostThreadMessageA
RegisterClipboardFormatA
GetNextDlgGroupItem
GetWindowThreadProcessId
GetWindowTextA
GetWindow
GetDesktopWindow
SetWindowLongA
MessageBeep
CopyIcon
LoadCursorA
GetSysColor
ReleaseCapture
SetCapture
ReleaseDC
GetDC
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
GetDlgCtrlID
BringWindowToTop
SetCursor
IsWindow
AdjustWindowRectEx
CopyRect
wsprintfA
GetForegroundWindow
FlashWindow
KillTimer
SetTimer
LoadBitmapA
GetSystemMetrics
DrawIconEx
LoadIconA
FrameRect
InflateRect
RedrawWindow
ScreenToClient
LoadMenuA
GetSubMenu
FillRect
InvalidateRect
UpdateWindow
SendMessageA
GetCursorPos
PtInRect
EnableWindow
GetParent
GetClientRect
GetWindowRect
PostMessageA
DefWindowProcA

gdi32

CreateRectRgnIndirect
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetRgnBox
GetBkColor
GetTextColor
MoveToEx
LineTo
CreateSolidBrush
GetViewportExtEx
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
CreateFontA
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
RoundRect
CreateRoundRectRgn
CreateBitmap
StretchBlt
SetBkColor
SetTextColor
DeleteDC
GetObjectA
CreateFontIndirectA
CreatePen
GetTextExtentPoint32A
GetStockObject
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetWindowExtEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

ChooseColorA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegCloseKey
RegOpenKeyA
RegDeleteKeyA

shell32

ShellExecuteA
Shell_NotifyIconA
DragQueryFileA
DragFinish

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionW

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocStringLen

urlmon

URLDownloadToFileA

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry
InternetQueryDataAvailable
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipDisposeImage

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
closesocket
shutdown
__WSAFDIsSet
WSAGetLastError
inet_ntoa
send
recv
connect
htons
inet_addr
socket
sendto
bind
ntohs
recvfrom
accept
listen
select

Sections

.text
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd4c067acdc2b57573b783af120cb672

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

psapi

version

iphlpapi

wininet

gdiplus

ws2_32

Sections

.text Size: 644KB - Virtual size: 642KB

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 12KB - Virtual size: 94KB

.rsrc Size: 148KB - Virtual size: 144KB

.text
Size: 644KB - Virtual size: 642KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 12KB - Virtual size: 94KB

.rsrc
Size: 148KB - Virtual size: 144KB