75e435572f58da03e4d208a91b4d8eb1_icedid_quarian_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

75e435572f58da03e4d208a91b4d8eb1_icedid_quarian_JC.exe
Size

1.9MB
MD5

75e435572f58da03e4d208a91b4d8eb1
SHA1

98ddbd1fe58874c41cdb441b51c6cbfbd2630506
SHA256

924fa09c73226a3a4e3fab8888ee5577306eaa19908517bed61e245279ba31f3
SHA512

331305f711d4551f16e8ae8aab8b60c8522280f8fa803b6da6fdc15499fc1adf41a14a38e2875349789b1e3c343d84deb91887da9db7904255fffa03162b5e7a
SSDEEP

24576:zSAJwqAO1zuOFVlaqo76HV2oZ/NbzD/p6:zSArAO1Bjo6HQoZ/l/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75e435572f58da03e4d208a91b4d8eb1_icedid_quarian_JC.exe

Files

75e435572f58da03e4d208a91b4d8eb1_icedid_quarian_JC.exe
.exe windows x86

c5058b4401fcea0d5b0ec5ba80b6fd9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GetModuleFileNameW
VirtualQuery
SetLastError
FindClose
RemoveDirectoryW
CreateDirectoryW
FindNextFileW
FindFirstFileW
SetFilePointer
FlushFileBuffers
WriteFile
SetEndOfFile
SetupComm
GetCommState
SetCommState
GetCommTimeouts
SetCommTimeouts
FindResourceW
LoadResource
LockResource
SizeofResource
LocalReAlloc
GetLocalTime
LocalAlloc
lstrlenW
InterlockedExchange
CreateFileW
GetFileSize
ReadFile
WideCharToMultiByte
MultiByteToWideChar
CopyFileA
GetCurrentProcess
TerminateProcess
TryEnterCriticalSection
SetLocalTime
CreateThread
Sleep
ExitThread
DeleteCriticalSection
GetCurrentProcessId
CreateProcessW
FormatMessageW
LocalFree
CopyFileW
DeleteFileW
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
WaitForMultipleObjects
TerminateThread
CloseHandle
GetCurrentThreadId
InterlockedCompareExchange
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
lstrcmpA
lstrlenA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
TlsFree
GetProcAddress
GetModuleHandleW
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetVersion
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventW
lstrcmpW
GlobalFlags
CompareStringW
GetVersionExA
LoadLibraryA
LoadLibraryW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GetModuleHandleA
CompareStringA
LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
SetErrorMode
MoveFileW
GetStringTypeExW
lstrcmpiW
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
GetVersionExW
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoW
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

GetWindow
ClientToScreen
GetDesktopWindow
GetFocus
SetFocus
SetScrollPos
GetScrollPos
CheckDlgButton
CheckRadioButton
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
SendDlgItemMessageW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
IsWindow
SetWindowLongW
ScrollWindowEx
SetWindowPos
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcW
SetWindowPlacement
CopyRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
GetClassInfoW
GetClassInfoExW
GetMenu
ShowScrollBar
SetForegroundWindow
GetScrollRange
SetScrollRange
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetDlgCtrlID
GetActiveWindow
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
RegisterWindowMessageW
TabbedTextOutW
DrawTextExW
GrayStringW
GetWindowDC
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
SetCursor
ShowOwnedPopups
DeleteMenu
CharUpperW
DestroyIcon
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetCursorPos
UnregisterClassA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
GetSysColorBrush
GetSysColor
GetWindowTextW
GetDialogBaseUnits
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
GetTopWindow
CallNextHookEx
ValidateRect
UnregisterClassW
GetWindowTextLengthW
IsWindowVisible
EndDeferWindowPos
PeekMessageW
ReleaseDC
GetDC
LoadImageW
OffsetRect
FillRect
DrawTextW
wsprintfW
GetSystemMetrics
MonitorFromPoint
GetMonitorInfoW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassW
DefWindowProcW
PostQuitMessage
CreateWindowExW
UpdateWindow
BeginPaint
EndPaint
DestroyWindow
GetKeyState
GetClientRect
PostMessageW
IntersectRect
GetWindowRect
ShowWindow
ShowCursor
MoveWindow
IsRectEmpty
SetRect
InvalidateRect
FindWindowW

gdi32

SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
SetTextAlign
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetROP2
RemoveFontResourceW
AddFontResourceW
CreateDIBSection
SetStretchBltMode
SelectClipRgn
CreateRectRgnIndirect
GetClipRgn
GetRgnBox
MoveToEx
LineTo
CreatePen
RoundRect
SetBkColor
GetTextExtentPoint32W
SetPolyFillMode
RestoreDC
SaveDC
GetClipBox
GetDCOrgEx
CreateBitmap
CreateDCW
CopyMetaFileW
PolylineTo
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
GetDeviceCaps
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
DeleteObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
DeleteDC
SelectObject
SetDIBColorTable
StretchBlt
GetObjectW
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateFontIndirectW
GetTextMetricsW

advapi32

DeregisterEventSource
RegSetValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegisterEventSourceW
ReportEventW

ole32

CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

msimg32

AlphaBlend

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

gdiplus

GdipCloneImage
GdipDrawImageI
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipFree

ws2_32

inet_addr
connect
send
recv
WSAGetLastError
accept
setsockopt
inet_ntoa
WSAStartup
socket
gethostbyname
htons
bind
listen
closesocket
WSACleanup

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

shell32

SHGetFileInfoW
ExtractIconW

oleaut32

VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
VarBstrFromDate
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
SafeArrayPtrOfIndex

Sections

.text
Size: 844KB - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 892KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5058b4401fcea0d5b0ec5ba80b6fd9d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msimg32

shlwapi

gdiplus

ws2_32

oleacc

winspool.drv

comdlg32

shell32

oleaut32

Sections

.text Size: 844KB - Virtual size: 841KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 892KB - Virtual size: 896KB

.text
Size: 844KB - Virtual size: 841KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 892KB - Virtual size: 896KB