2d9ee7c92cfeb9c5bc6271c5a0d47e94_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2d9ee7c92cfeb9c5bc6271c5a0d47e94_icedid_JC.exe
Size

2.1MB
MD5

2d9ee7c92cfeb9c5bc6271c5a0d47e94
SHA1

7fe05b5d5db7a3cee435d0532f1e177e4271c23f
SHA256

311f74565722ad2e8830ccf2dfb84625c7cc22de2fff416dbffa9fd7200df909
SHA512

54e1aa7d12cb5054ee21ed6161148ffcae73e18c92ba0ae62f49f1494a771330a251ac77a3e0afd5b174c05a69898952aed6c3e81dd53486a335021d0bea7b20
SSDEEP

49152:/VacYMbDo8D+oD6/FxmM/wsrQ4tPedHeLTKApv:87MbDo2+J/FxX/wsrtPedpAJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9ee7c92cfeb9c5bc6271c5a0d47e94_icedid_JC.exe

Files

2d9ee7c92cfeb9c5bc6271c5a0d47e94_icedid_JC.exe
.exe windows x86

e77fb06594b7f9d097772292b567fd29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libmysql

mysql_data_seek
mysql_fetch_row
mysql_ping
mysql_escape_string
mysql_close
mysql_init
mysql_real_connect
mysql_real_query
mysql_store_result
mysql_field_count
mysql_num_rows
mysql_num_fields
mysql_select_db
mysql_insert_id
mysql_error
mysql_errno
mysql_free_result

ws2_32

inet_addr
ntohs
htons
getservbyname
accept
connect
bind
listen
closesocket
shutdown
send
recv
sendto
recvfrom
getsockname
getpeername
setsockopt
getsockopt
ntohl
select
gethostname
WSAGetLastError
__WSAFDIsSet
ioctlsocket
gethostbyname
gethostbyaddr
WSAStartup
WSACleanup
socket

gdiplus

GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipAlloc
GdipFree
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage

kernel32

LocalFree
lstrlenA
FormatMessageA
lstrcmpA
LocalAlloc
GetSystemDirectoryA
QueryPerformanceCounter
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
GlobalUnlock
GlobalLock
FileTimeToSystemTime
InterlockedIncrement
InterlockedDecrement
CompareStringA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
GlobalFlags
SetFilePointer
FlushFileBuffers
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetFullPathNameA
GlobalAddAtomA
ResumeThread
GetCurrentThreadId
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
FileTimeToLocalFileTime
SetFileTime
GetLocaleInfoA
GetCPInfo
GetOEMCP
WriteConsoleW
GetFileType
ExitThread
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
HeapReAlloc
VirtualAlloc
GetSystemInfo
HeapSize
ExitProcess
SetConsoleCtrlHandler
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
CreateEventW
InterlockedExchange
GetCurrentProcessId
GetTickCount
FlushViewOfFile
UnmapViewOfFile
GetTempPathA
GetFileSize
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
ReleaseMutex
GetVersionExA
PurgeComm
WriteFile
ReadFile
ResetEvent
GlobalAlloc
WinExec
AllocConsole
GetStdHandle
SetConsoleScreenBufferSize
FindResourceExA
FreeLibrary
WritePrivateProfileStringA
CreateMutexA
OpenEventA
lstrcpyA
CreateProcessA
GetExitCodeProcess
TerminateProcess
LoadResource
LockResource
SizeofResource
FindResourceA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
CopyFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetExitCodeThread
MultiByteToWideChar
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalFree
LoadLibraryA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
FindFirstFileA
FindNextFileA
FindClose
CloseHandle
SetEvent
CreateThread
SetThreadPriority
CreateFileA
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
WideCharToMultiByte
WaitForSingleObject
Sleep
FindFirstChangeNotificationA
WaitForMultipleObjects
CreateEventA
GetPrivateProfileIntA
GetPrivateProfileStringA
TryEnterCriticalSection
GetFileAttributesExW
CreateMutexW
CreateFileW
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetProcessTimes
CreateProcessW
GetStartupInfoW
OpenProcess
GetCurrentDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExW
GetComputerNameW
FindFirstFileW
FindNextFileW
CreatePipe

user32

AdjustWindowRectEx
CopyRect
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CallNextHookEx
GetKeyState
PeekMessageA
ValidateRect
SetWindowPos
IsWindow
GetFocus
GetWindow
GetDlgCtrlID
GetClassNameA
PtInRect
SetWindowTextA
GetWindowThreadProcessId
GetForegroundWindow
GetLastActivePopup
GetClassInfoA
EnableWindow
UnhookWindowsHookEx
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextA
GetMenuState
GetMenuItemID
GetMenuItemCount
MessageBoxA
SendMessageA
GetSystemMetrics
wsprintfA
DialogBoxParamA
GetDesktopWindow
GetWindowRect
GetClientRect
ClientToScreen
MoveWindow
EndDialog
SetWindowLongA
KillTimer
GetCursorPos
LoadMenuA
GetSubMenu
SetForegroundWindow
TrackPopupMenu
DestroyMenu
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetWindowLongA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItemTextA
PostMessageA
ShowWindow
GetClassInfoExA
SetMenu
MapWindowPoints
GetDlgItem
SetDlgItemTextA
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
GetParent
RemovePropA
SetWindowsHookExA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
SetWindowExtEx
GetStockObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

ReportEventW
RegEnumKeyExA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ControlService
DeregisterEventSource
RegisterEventSourceW
QueryServiceConfigW
OpenServiceW
ChangeServiceConfigA
CreateServiceW
RegEnumValueW
RegQueryInfoKeyA
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetSecurityInfo
CreateServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
StartServiceCtrlDispatcherA
StartServiceA
DeleteService

shell32

SHBrowseForFolderA
SHParseDisplayName
Shell_NotifyIconA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantInit

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e77fb06594b7f9d097772292b567fd29

Headers

DLL Characteristics

File Characteristics

Imports

libmysql

ws2_32

gdiplus

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

oleacc

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 35KB - Virtual size: 65KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 35KB - Virtual size: 65KB

.rsrc
Size: 5KB - Virtual size: 5KB