6719aa1ab5bbc958f8046f1e611c4f7c_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6719aa1ab5bbc958f8046f1e611c4f7c_icedid_JC.exe
Size

10.8MB
MD5

6719aa1ab5bbc958f8046f1e611c4f7c
SHA1

0af167849ada314cfb6d31db7e26ecef0f6ee791
SHA256

cda74dceef1b441842abcb8d9df5da6d81744d5523012b6c42b5f1c612757dba
SHA512

72f601ab9b13acbe444cfc511cdaeaf192cc02c740e0e7898a7b20bbea4c76613253b1d1f86edf9a7ec02c83c20581d73482148c052fde71387a055be9d52e46
SSDEEP

98304:GQtTC0yfYQtTC0yfVNr/RQbOzYYOdjjZBRUO:RtTCpXtTCpzTRcqfOdnSO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6719aa1ab5bbc958f8046f1e611c4f7c_icedid_JC.exe

Files

6719aa1ab5bbc958f8046f1e611c4f7c_icedid_JC.exe
.exe windows x86

fd85f7d157e245967e15a66312afa1cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
FileTimeToLocalFileTime
SetFileAttributesA
GetFileSizeEx
GetFileTime
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetDriveTypeA
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
ExitThread
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
DuplicateHandle
HeapDestroy
VirtualFree
FatalAppExitA
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetShortPathNameA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
GetStringTypeExA
MoveFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FileTimeToSystemTime
GetThreadLocale
GetAtomNameA
GetOEMCP
GetCPInfo
InterlockedIncrement
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
EnumSystemLocalesA
GetVolumeInformationA
GetCurrentProcessId
GetModuleFileNameA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
MulDiv
lstrlenA
SetLastError
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetExitCodeThread
TerminateThread
GetComputerNameA
WaitForSingleObject
GetExitCodeProcess
Sleep
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringA
HeapAlloc
CreateThread
GetProcessHeap
HeapFree
GetVersionExA
GetSystemInfo
GetModuleHandleA
GetProcAddress
SetCurrentDirectoryA
GetFullPathNameA
FindNextFileA
CreateProcessA
GetLastError
GetTempFileNameA
SearchPathA
FindFirstFileA
FindClose
GetCurrentProcess
GetTickCount
WriteFile
SetFileTime
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
SetFilePointer
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
WinExec
DeleteFileA
GetTempPathA
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
HeapCreate
SizeofResource

user32

DestroyIcon
WaitMessage
DeleteMenu
DestroyMenu
GetMenuItemInfoA
UnregisterClassA
GetSysColorBrush
GetDialogBaseUnits
WindowFromPoint
MapVirtualKeyA
GetKeyNameTextA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
PostMessageA
GetClassInfoExA
CharUpperA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
InsertMenuItemA
CopyRect
SetWindowPlacement
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetWindowPos
ScrollWindowEx
SetFocus
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetWindow
EndPaint
BeginPaint
FillRect
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnregisterDeviceNotification
RegisterDeviceNotificationA
RegisterClassExA
DefWindowProcA
CopyAcceleratorTableA
IsRectEmpty
LockWindowUpdate
GetDCEx
PostThreadMessageA
UnionRect
SetParent
GetSystemMenu
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
GetClassInfoA
LoadAcceleratorsA
PostQuitMessage
ShowWindow
CharUpperBuffA
CharLowerBuffA
CharNextA
GetDesktopWindow
wsprintfA
RegisterWindowMessageA
SetWindowLongA
CopyIcon
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
SetRectEmpty
GetNextDlgGroupItem
InvalidateRgn
SetScrollInfo
SetRect
DestroyCursor
MessageBeep
GetMessagePos
GetParent
KillTimer
SetTimer
ScreenToClient
InflateRect
GrayStringA
DrawTextExA
TabbedTextOutA
RedrawWindow
EqualRect
ClientToScreen
GetCapture
SetCapture
CreateWindowExA
GetCursorPos
GetSysColor
DrawTextA
LoadCursorA
SetCursor
GetWindowLongA
ReleaseCapture
PtInRect
GetWindowDC
MessageBoxA
GetSystemMetrics
EnableWindow
GetKeyState
IsWindow
LoadIconA
InvalidateRect
UpdateWindow
ReleaseDC
GetDC
GetClientRect
GetWindowRect
IsIconic
SendMessageA
DrawIcon
LoadBitmapA
CallWindowProcA

gdi32

PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
GetDCOrgEx
CreateRectRgnIndirect
SelectPalette
CombineRgn
CreateDIBPatternBrushPt
PatBlt
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthA
StretchDIBits
SetRectRgn
CreatePatternBrush
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
GetMapMode
GetObjectA
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetStockObject
CreateSolidBrush
Escape
TextOutA
RectVisible
PtVisible
CreateRectRgn
SetBkMode
ExtTextOutA
CreateBitmap
SetBkColor
CreateFontA
SelectObject
GetTextExtentPoint32A
GetTextMetricsA
DeleteDC
SetTextColor
CreateFontIndirectA
DeleteObject
StretchBlt
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetColorAdjustment

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CryptReleaseContext
CryptDestroyHash
CryptDecrypt
CryptGetKeyParam
CryptEncrypt
CryptSetKeyParam
CryptImportKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
CryptAcquireContextA
CryptDestroyKey

shell32

SHGetSpecialFolderPathA
SHFileOperationA
ExtractIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrFormatByteSizeA
PathRemoveFileSpecW

oledlg

ord8

ole32

ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleRegGetUserType
WriteClassStg
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoInitializeEx
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SysAllocStringLen
VariantCopy
VariantInit
VariantClear
VariantChangeType
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor

ws2_32

send
ntohl
shutdown
recv
WSACleanup
WSAStartup
closesocket
htonl

wininet

HttpAddRequestHeadersA
HttpSendRequestA
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
HttpEndRequestA
InternetWriteFile
InternetCrackUrlA
HttpSendRequestExA
InternetCloseHandle

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

gdiplus

GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateHICONFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageFlags
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight

iphlpapi

GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 783KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd85f7d157e245967e15a66312afa1cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

setupapi

gdiplus

iphlpapi

version

Sections

.text Size: 783KB - Virtual size: 783KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 14KB - Virtual size: 226KB

.rsrc Size: 9.9MB - Virtual size: 9.9MB

.text
Size: 783KB - Virtual size: 783KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 14KB - Virtual size: 226KB

.rsrc
Size: 9.9MB - Virtual size: 9.9MB