1278baba4c8f2040614b041996cba4c4_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1278baba4c8f2040614b041996cba4c4_icedid_JC.exe
Size

843KB
MD5

1278baba4c8f2040614b041996cba4c4
SHA1

a14f5109ee61e3d2e59f58b3d2d1c462dd8fb060
SHA256

b164b9373bb901dc6fdd98f127f2356d67e80dc4189706eef8ff494ad775214d
SHA512

bab8d66c8cb1782c2c36958c908dbcdb31a72441b5f570c51813b06c0a8d7bcb2f785bd1fedd12e64a34ddfadb1bcdfea2df50e00386161f054b60f15ddeb30b
SSDEEP

24576:K+4xt1/Yn6xW1fRvO4udU0JlAiyEbx/wkM8qgBbv6+GjZhqekQAXUK+:KHx7Yn6xWpka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1278baba4c8f2040614b041996cba4c4_icedid_JC.exe

Files

1278baba4c8f2040614b041996cba4c4_icedid_JC.exe
.exe windows x86

10da25acb19376f9fe3c2a241ba20d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeSetEvent
timeKillEvent

wininet

InternetConnectA
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA
InternetAutodialHangup
InternetGetConnectedState
InternetWriteFile
InternetGetLastResponseInfoA
InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetErrorDlg
InternetQueryOptionA
InternetAutodial
InternetAttemptConnect
InternetSetOptionA

urlmon

CreateURLMoniker

kernel32

GetTempFileNameA
CreateFileA
SetFileTime
SystemTimeToFileTime
GetLocalTime
GetVersionExA
GlobalAlloc
GlobalFree
lstrcpyA
GetProfileStringA
MulDiv
GetSystemTime
GetTickCount
FindFirstFileA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
FindClose
FindNextFileA
LocalFree
CreateProcessA
CloseHandle
GetTempPathA
LoadLibraryA
GetComputerNameA
SetLastError
DeleteFileA
GetCurrentProcess
FlushInstructionCache
CreateDirectoryA
ExpandEnvironmentStringsA
GetCurrentThreadId
CreateMutexA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
HeapSize
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
SetHandleCount
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStdHandle
HeapCreate
VirtualFree
LCMapStringW
LCMapStringA
GetLocaleInfoW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetEnvironmentStringsW
IsValidCodePage
GetACP
HeapReAlloc
GetStartupInfoA
LocalAlloc
TlsGetValue
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
LockResource
GetCurrentProcessId
ResumeThread
CompareStringA
GlobalGetAtomNameA
lstrcmpA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GlobalFlags
InterlockedExchange
GetLocaleInfoA
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesA
HeapAlloc
HeapFree
Sleep
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetCommandLineA

user32

ModifyMenuA
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
SystemParametersInfoA
GetMenu
GetDlgCtrlID
PtInRect
CopyRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
PostMessageA
SetForegroundWindow
SetMenu
GetMessagePos
GetMessageTime
DestroyWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
EnableMenuItem
ClientToScreen
GetSysColor
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ValidateRect
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
CheckMenuItem
GetWindowTextA
GetSystemMetrics
GetDC
ReleaseDC
CharNextA
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
CharNextW
LoadStringA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetWindowLongA
GetWindowLongA
GetClientRect
MessageBoxA
DestroyMenu
CallWindowProcA
DefWindowProcA
IsWindow
DialogBoxParamA
GetDlgItemTextA
GetDlgItem
SetFocus
SendDlgItemMessageA
EndDialog
SetDlgItemTextA
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
SetWindowPos
GetTopWindow
GetDesktopWindow
LoadIconA
CreateWindowExA
RegisterClassExA
PostQuitMessage
GetKeyState
LoadCursorA
GetClassInfoExA
SetWindowTextA
FindWindowA
IsIconic
ShowWindow
BringWindowToTop
GetLastActivePopup
SendMessageA
PostThreadMessageA

gdi32

SetMapMode
RestoreDC
SaveDC
ExtTextOutA
PtVisible
StartDocA
EndDoc
StartPage
CreateDCA
TextOutA
EndPage
DeleteDC
SelectObject
DeleteObject
GetTextExtentPointA
GetDeviceCaps
CreateFontA
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
EnumPrintersA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegCreateKeyA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoInitialize
CoUninitialize
CoSuspendClassObjects
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject

oleaut32

VarDateFromStr
VarBstrCat
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10da25acb19376f9fe3c2a241ba20d1a

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wininet

urlmon

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

oleacc

Sections

.text Size: 306KB - Virtual size: 306KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 19KB - Virtual size: 35KB

.rsrc Size: 447KB - Virtual size: 446KB

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 19KB - Virtual size: 35KB

.rsrc
Size: 447KB - Virtual size: 446KB