a0d594950a728ebbd322b313696cb904_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a0d594950a728ebbd322b313696cb904_icedid_JC.exe
Size

659KB
MD5

a0d594950a728ebbd322b313696cb904
SHA1

e4fe3c9c29943d94ad58d6f87708ba2327896f34
SHA256

1c8829afd2a3780be3ed62f7bd92b6ebf03782d6057d4aea8ac6c35ab0e5bdfe
SHA512

0cdb6146d5e897a3f35c7e1e5374491ad475c01a89caa523b445a07cd0a896ed439f7d4a83f1722bb7931e6b54c2e4ff5e3bae3e04682d6583e969db07c73528
SSDEEP

12288:XnnQV7IxNLhJi3XdVg/8mOGuxmz9mKJhJxX7PIZZW:3QELhJig/8mOGQfcBIZU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0d594950a728ebbd322b313696cb904_icedid_JC.exe

Files

a0d594950a728ebbd322b313696cb904_icedid_JC.exe
.exe windows x86

e92f839d2d058c638819023bc9a35873

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectRectI
GdipDrawImageI
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipDrawImageRectI
GdipDrawString
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdiplusShutdown
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetFontHeight
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipCreateLineBrushI
GdipFillRectangleI
GdipDrawRectangleI
GdipAlloc

kernel32

DefineDosDeviceA
FreeLibrary
SetEndOfFile
SetFilePointer
DeviceIoControl
SetFileTime
GetFileTime
ReadFile
GetStartupInfoA
GlobalFree
GlobalUnlock
WriteFile
CreateFileA
GlobalLock
GlobalAlloc
GetStdHandle
GetVersionExA
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateProcessA
GetCurrentProcess
CopyFileA
RemoveDirectoryA
GetSystemWindowsDirectoryA
lstrcmpW
InterlockedDecrement
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
InterlockedIncrement
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
MulDiv
GetModuleHandleA
LCMapStringA
GetLastError
SetLastError
GetCurrentDirectoryA
GetPrivateProfileIntA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetErrorMode
Sleep
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPriorityClass
CreateDirectoryA
CloseHandle
CreateThread
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetVolumeInformationA
GetShortPathNameA
LocalFileTimeToFileTime
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
RaiseException
DuplicateHandle
GetFileSize
UnlockFile
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapSize
GetACP
IsValidCodePage
CompareStringW
GetConsoleCP
GetConsoleMode
LCMapStringW
VirtualFree
HeapCreate
GetTimeZoneInformation
SetHandleCount
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
DeleteFileA
GetDriveTypeA
QueryPerformanceCounter
LockFile
FlushFileBuffers
lstrcmpiA
GetStringTypeExA
lstrlenA
lstrlenW
LocalFree
FormatMessageA
GlobalSize
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
lstrcmpA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetModuleFileNameW
GetTickCount
GetFileAttributesA
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
CreateMutexA
ReleaseMutex
GetModuleHandleW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetThreadLocale
SystemTimeToFileTime
MoveFileA
GetEnvironmentStringsW

user32

GetMenuState
GetWindow
GetWindowPlacement
IntersectRect
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
GetClassInfoExA
CreateWindowExA
IsWindowVisible
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
ScrollWindow
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
SetActiveWindow
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
BeginPaint
EndPaint
GetClientRect
SetWindowTextA
MoveWindow
GetMenuStringA
GetWindowThreadProcessId
CheckMenuItem
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetActiveWindow
WindowFromPoint
DestroyMenu
IsRectEmpty
DrawIcon
SetCapture
ReleaseCapture
PostQuitMessage
RegisterClipboardFormatA
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
TranslateAcceleratorA
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
CopyAcceleratorTableA
SetRect
InvalidateRgn
CharNextA
CharUpperA
DeleteMenu
UnregisterClassA
PostThreadMessageA
GetNextDlgGroupItem
MessageBeep
SendNotifyMessageA
GetWindowLongA
SendMessageA
PostMessageA
SetWindowPos
SetTimer
IsWindow
CreatePopupMenu
AppendMenuA
SetForegroundWindow
UpdateWindow
GetCursorPos
ScreenToClient
CopyRect
GetClassInfoA
InsertMenuA
RemoveMenu
SetWindowLongA
KillTimer
GetSystemMetrics
IsWindowEnabled
FillRect
EnableWindow
SetWindowRgn
OffsetRect
GetWindowRect
InvalidateRect
IsDialogMessageA
GetWindowDC
TrackPopupMenu
LoadMenuA
MessageBoxA
IsIconic
GetLastActivePopup
GetMonitorInfoA
MonitorFromPoint
PtInRect
wsprintfA
GetMenuItemInfoA
DrawIconEx
DrawEdge
SystemParametersInfoA
DestroyIcon
LoadBitmapA
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
InflateRect
GetSysColor
ShowWindow
LoadIconA
SetCursor
LoadCursorA
RedrawWindow
AnimateWindow
FindWindowA
ClientToScreen
ReleaseDC
GetDC
CloseWindow
RegisterClassA
GetParent
RegisterHotKey
GetDesktopWindow
BringWindowToTop
RegisterWindowMessageA

gdi32

MoveToEx
LineTo
GetStockObject
DeleteDC
CreateSolidBrush
GetDeviceCaps
SetBkColor
SetTextColor
CreateDIBitmap
PatBlt
CreateBitmap
CreateCompatibleBitmap
GetTextColor
DeleteObject
SelectObject
CreateFontIndirectA
SetMapMode
BitBlt
CreateFontA
CreateRoundRectRgn
StretchBlt
GetObjectA
CreateCompatibleDC
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreatePen
CreateEllipticRgn
LPtoDP
Ellipse
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetBkColor
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
CopyMetaFileA
GetTextExtentPoint32A
Rectangle

advapi32

RegQueryValueExA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA
CreateServiceA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
DeleteService
ControlService
CloseServiceHandle
StartServiceA

shell32

SHGetFileInfoA
ExtractIconA
DragQueryFileA
DragFinish
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHChangeNotify
ShellExecuteA

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

oledlg

ord8

ws2_32

inet_addr
closesocket
socket
sendto
htons
inet_ntoa
WSAStartup
htonl
bind
listen
accept
setsockopt
ioctlsocket
connect
select
send
recv
gethostbyname
WSACleanup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA
EnumProcessModules

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleGetClipboard
OleSetMenuDescriptor
CoUninitialize
CoInitializeEx
CoCreateInstance
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleSetContainedObject
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
OleLoad
OleCreateStaticFromData
OleLockRunning
OleSaveToStream
WriteClassStm
OleSave
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateStreamOnHGlobal
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoGetClassObject

Sections

.text
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e92f839d2d058c638819023bc9a35873

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

oleaut32

comctl32

shlwapi

oledlg

ws2_32

version

iphlpapi

psapi

oleacc

winspool.drv

comdlg32

ole32

Sections

.text Size: 497KB - Virtual size: 497KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 15KB - Virtual size: 30KB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 497KB - Virtual size: 497KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 15KB - Virtual size: 30KB

.rsrc
Size: 25KB - Virtual size: 24KB