4e2c922763c62cace87af99c7ecabf97_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4e2c922763c62cace87af99c7ecabf97_icedid_JC.exe
Size

4.3MB
MD5

4e2c922763c62cace87af99c7ecabf97
SHA1

2cfdd604a4fb419e7643c27e0bc17486bdd76fef
SHA256

643813b63d47ce37bdc7ff76cce95fe71b6a799dd57f21335f2e676f6c422e09
SHA512

01c18b523a6a919a408890e0234d2909a02eb8a380c0df30551bb298596e1d700503899a9a5b3546285eb1f2badd93278c9ca61d0145b7b003a0abb1c7448f19
SSDEEP

98304:dqyWoKlJLKjZhPJD0ZRXpuJXqq6Iz/ClfnxsBOdB8+MuV6PtRjqAweqCiHKiQV23:kXCrHOrgjq2qCiqiQQyr/de

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e2c922763c62cace87af99c7ecabf97_icedid_JC.exe

Files

4e2c922763c62cace87af99c7ecabf97_icedid_JC.exe
.exe windows x86

1942425f3dddd3270de4a1f4825620a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
setsockopt
shutdown
WSAGetLastError
recv
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
select
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSASetLastError
WSARecv
WSASend
WSASocketW
gethostname
socket
closesocket
WSACleanup
ntohs
connect
WSAStartup

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW

winhttp

WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpCloseHandle

kernel32

SetEnvironmentVariableW
GetCurrentProcess
GetProcessId
IsDebuggerPresent
DebugBreak
OutputDebugStringW
SetLastError
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetModuleFileNameA
GetModuleHandleExW
SetFilePointer
VirtualFree
GetEnvironmentVariableW
MoveFileA
GetWindowsDirectoryW
GetStartupInfoW
CreateFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetFileTime
CreateProcessA
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
GetSystemTimeAsFileTime
GetModuleHandleA
CreateDirectoryW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetDriveTypeW
GetLogicalDrives
GetTempPathW
SetEvent
ResetEvent
WaitForMultipleObjects
GetComputerNameW
GetCurrentDirectoryA
CreateDirectoryA
FindNextFileA
GetFileSizeEx
RemoveDirectoryA
SetEndOfFile
DuplicateHandle
CreateMutexA
GetProcessTimes
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameW
DeviceIoControl
DefineDosDeviceA
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
CreateEventW
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
GetSystemDirectoryA
VerifyVersionInfoA
GetModuleFileNameW
OutputDebugStringA
GetVolumeInformationW
GetSystemDirectoryW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
MulDiv
SetThreadPriority
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
DeleteFileW
GetFullPathNameW
SetErrorMode
GetFileAttributesExW
SetFileAttributesW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetFileAttributesW
GetDiskFreeSpaceW
OpenMutexW
InitializeCriticalSection
GlobalFree
LocalUnlock
LocalLock
LocalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindFirstFileA
ExitThread
FlushFileBuffers
GetCommandLineW
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryExW
GetVersionExW
MoveFileExW
CreateFileW
SetConsoleTitleW
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
AllocConsole
GetStdHandle
Beep
VirtualAlloc
GetSystemInfo
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
GetLastError
FindFirstFileExW
GetFileInformationByHandle
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetStringTypeW
LCMapStringEx
RaiseException
DecodePointer
ResumeThread
SuspendThread
GetCurrentThread
CreateThread
QueryDosDeviceA
GetProfileStringA
FindNextFileW
FindFirstFileW
FindClose
CopyFileW
GetModuleHandleW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateProcessW
GetExitCodeProcess
CreatePipe
WriteFile
ReadFile
GetACP
CopyFileA
GetLocalTime
CreateSemaphoreA
WaitForMultipleObjectsEx
ReleaseSemaphore
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
CreateEventA
GetProcessHeap
HeapFree
HeapAlloc
CloseHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
MultiByteToWideChar
GetCurrentThreadId
GlobalMemoryStatusEx
MoveFileExA
LoadLibraryA
GetTickCount
GetSystemTime
VerifyVersionInfoW
GetProcAddress
VerSetConditionMask
Sleep
ExitProcess
FindResourceW
SizeofResource
LockResource
LoadResource
GetCurrentProcessId
LoadLibraryW
FreeLibrary
CompareStringEx
GetCPInfo
OpenEventA
CreateWaitableTimerA
RtlUnwind
InterlockedPushEntrySList
GetFileType
PeekNamedPipe
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
FreeLibraryAndExitThread
GetCommandLineA
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
RemoveDirectoryW
EncodePointer

user32

GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
IsWindowEnabled
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ValidateRect
EndPaint
BeginPaint
SetActiveWindow
UpdateWindow
DrawTextExW
GetCapture
SetFocus
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
GetMenuCheckMarkDimensions
SetRectEmpty
SendDlgItemMessageA
wsprintfA
GetSubMenu
GetMenu
DispatchMessageW
SendNotifyMessageW
DrawFrameControl
DrawEdge
GetWindowWord
GetActiveWindow
RegisterClassExW
DefWindowProcW
GetForegroundWindow
GetMenuStringA
GrayStringW
TabbedTextOutW
GetWindowDC
SetRect
GetMessageW
IsZoomed
DrawFocusRect
NotifyWinEvent
PostQuitMessage
RealChildWindowFromPoint
GetSysColorBrush
UnionRect
WindowFromPoint
GetWindowThreadProcessId
GetWindowTextA
AppendMenuA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CharUpperW
PeekMessageW
LoadImageW
MessageBoxA
UnregisterClassW
IsWindowVisible
SystemParametersInfoW
SetWindowTextA
GetMenuItemRect
SetMenuItemInfoW
SetMenuItemBitmaps
DeleteMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
ShowWindow
IsWindow
ClientToScreen
SetWindowPos
LoadCursorW
PtInRect
IsRectEmpty
OffsetRect
IntersectRect
CopyRect
SetCursor
SetCursorPos
MessageBoxW
SetScrollRange
GetScrollPos
SetScrollPos
GetMenuItemInfoW
TrackPopupMenu
ReleaseCapture
SetCapture
GetFocus
GetSysColor
SetForegroundWindow
GetDlgItem
FillRect
InflateRect
FrameRect
DrawTextW
RedrawWindow
LoadIconW
ScreenToClient
GetCursorPos
KillTimer
GetDesktopWindow
GetSystemMetrics
EnumWindows
GetWindowTextW
ReleaseDC
GetDC
InvalidateRect
GetKeyState
GetWindowRect
GetClientRect
SetWindowTextW
GetParent
SetWindowLongW
GetWindowLongW
EnableWindow
SetTimer
GetDlgCtrlID
CallWindowProcW
SendMessageW
PostMessageW
FindWindowA
TranslateMessage

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetCharWidthW
StretchDIBits
DeleteDC
Ellipse
LineTo
SetBkColor
GetLayout
SetLayout
SetMapMode
RectVisible
PtVisible
IntersectClipRect
GetClipBox
ExcludeClipRect
SetTextColor
MoveToEx
RestoreDC
CreateBitmap
EndDoc
StartDocA
Escape
CreateDCA
SetROP2
TextOutW
SetPixelV
LineDDA
GetPixel
CreateFontW
Rectangle
SetPixel
StretchBlt
SetDIBits
SelectPalette
RealizePalette
GetDIBits
CreatePalette
CreateDIBitmap
GetStockObject
ExtTextOutW
GetTextMetricsW
GetTextColor
GetBkColor
GetObjectW
GetTextExtentPoint32W
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteObject
SaveDC
SelectObject
BitBlt
CreateFontIndirectW
CreatePen

msimg32

TransparentBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteKeyW
SetSecurityDescriptorDacl
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
InitializeSecurityDescriptor
RegGetValueW
OpenSCManagerW
EnumServicesStatusW
RegQueryValueExA

shell32

ShellExecuteW
DragQueryFileW
DragQueryPoint
DragFinish
DragQueryFileA
ShellExecuteExW
ShellExecuteExA
GetCurrentProcessExplicitAppUserModelID
SHChangeNotify
SHGetDesktopFolder
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderPathA
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_GetImageCount
ImageList_Replace
ImageList_Remove
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW

uxtheme

DrawThemeParentBackground
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantClear

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

gdiplus

GdipAlloc
GdipCloneImage
GdiplusStartup
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

exportedHeapusageDiagnostic
printerStatusCleanup

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1942425f3dddd3270de4a1f4825620a5

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

setupapi

winhttp

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

mpr

gdiplus

oleacc

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 613KB - Virtual size: 612KB

.data Size: 56KB - Virtual size: 3.3MB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 613KB - Virtual size: 612KB

.data
Size: 56KB - Virtual size: 3.3MB

.rsrc
Size: 44KB - Virtual size: 44KB