2cf257f0fd06c0418ec648f0f82cdf8c_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2cf257f0fd06c0418ec648f0f82cdf8c_icedid_JC.exe
Size

902KB
MD5

2cf257f0fd06c0418ec648f0f82cdf8c
SHA1

cc8e0876954c60e1be327fed375f4477e5331f5e
SHA256

baca77f33b09a26d3a6a0cacdf399e1808e8e1e27456df9d6aaf596646fbd172
SHA512

e6af258cb994fc9c2acd965439e5f8bfe7ca16572fff977d60fe99927d79a40b5d4b314dc86301f34fef99c787af71948317de530e8ce950f572d44efc577406
SSDEEP

12288:iA5/ksKIqhrwCMPd0eZyAK3BaDu1rIs4j0MOIi1KbB+dxxxxxdj:DBKIiUNPd0eZyrBr9rPH1Vxxxxxt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cf257f0fd06c0418ec648f0f82cdf8c_icedid_JC.exe

Files

2cf257f0fd06c0418ec648f0f82cdf8c_icedid_JC.exe
.exe windows x86

9661ec981047eee5b82a1f266d4f24d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FindResourceA
LoadResource
WideCharToMultiByte
SizeofResource
GetACP
LockResource
lstrlenW
GetLastError
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleHandleA
FindFirstFileA
FindClose
FindNextFileA
lstrlenA
MultiByteToWideChar
FreeResource
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GetCurrentThreadId
MulDiv
LocalFree
FormatMessageA
GlobalAlloc
GlobalFree
lstrcmpA
InterlockedExchange
HeapSize
ExitProcess
Sleep
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RaiseException
HeapReAlloc
RtlUnwind
HeapAlloc
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetLocaleInfoA
GetModuleFileNameA
GetProcessHeap
EnumResourceLanguagesA
TerminateProcess
HeapFree
GetTickCount
SetErrorMode
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetSystemDirectoryW
LoadLibraryW
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetModuleFileNameW
CreateFileA
GetShortPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ConvertDefaultLocale
WriteFile
ReadFile
lstrcmpiA
GetStringTypeExA
DeleteFileA
MoveFileA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DestroyIcon
GetMenuItemInfoA
DeleteMenu
GetSysColorBrush
InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
CharUpperA
SetCapture
SetWindowRgn
DrawIcon
IsRectEmpty
FillRect
LoadCursorA
DestroyCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
MoveWindow
SetWindowTextA
IsDialogMessageA
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
RegisterWindowMessageA
SendDlgItemMessageA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetClassNameA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
EqualRect
GetDlgItem
LoadIconA
SetCursor
PeekMessageA
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
IsWindowVisible
UpdateWindow
IsIconic
InsertMenuItemA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
GetClassInfoA
IntersectRect
GetMenu
GetLastActivePopup
BringWindowToTop
PostMessageA
SetMenu
GetDesktopWindow
GetWindow
ShowWindow
CreateMenu
PostThreadMessageA
GetTabbedTextExtentA
GetWindowLongA
TranslateAcceleratorA
RegisterClipboardFormatA
BeginDeferWindowPos
UnregisterClassA
SetWindowLongA
PtInRect
GetDC
ReleaseDC
SetRectEmpty
IsZoomed
IsWindow
DefWindowProcA
GetDlgCtrlID
GetKeyState
IsChild
GetCapture
KillTimer
SetTimer
ScreenToClient
ClientToScreen
CopyRect
SetRect
DeferWindowPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowRect
WindowFromPoint
OffsetRect
GetCursorPos
GetSystemMetrics
LoadImageA
DrawTextA
GetClientRect
InvalidateRect
GetSysColor
SendMessageA
EnableWindow
EndDeferWindowPos

gdi32

CreateDCA
GetViewportOrgEx
DPtoLP
Rectangle
PatBlt
GetStockObject
CreateEllipticRgn
LPtoDP
Ellipse
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
GetDeviceCaps
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
CreateFontIndirectA
GetMapMode
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
GetClipBox
SetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
DeleteDC
CreateFontA
GetCharWidthA
DeleteObject
GetBkColor
CreateBitmap
GetTextExtentPoint32A
CreatePen
GetTextMetricsA
GetObjectA
SetTextColor
TextOutA
SelectObject
SetBkMode

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
CoInitializeEx
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleRun
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleUninitialize

oleaut32

SysFreeString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantChangeType
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocStringLen

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9661ec981047eee5b82a1f266d4f24d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 480KB - Virtual size: 480KB

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 480KB - Virtual size: 480KB