f04af82464f956c0cb539de124fcd22d_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f04af82464f956c0cb539de124fcd22d_icedid_JC.exe
Size

800KB
MD5

f04af82464f956c0cb539de124fcd22d
SHA1

4f6e9decca989977cb0779f23f117f8cd809f0a0
SHA256

c3a07f4bac588abffde948ea50382f30fb1d81eb3049e122d16d19dceca03f96
SHA512

08808a637881beaf5f6e5fd2ae15c9525eb53978d29061958cf9939b45045e500a5d8b2f8fdb4b713e5f261db9501bf8f468ab55445537614ae9762121efa475
SSDEEP

12288:AXkEVg7MUYZPYllw50XgVe6oeh/UesjcryBu8uQph+v09itR:A0DMUYZ+lw5HVsehApXph+ii3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f04af82464f956c0cb539de124fcd22d_icedid_JC.exe

Files

f04af82464f956c0cb539de124fcd22d_icedid_JC.exe
.exe windows x86

0c2024f1e62795d7c7a79e9b53a44354

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
ExitProcess
VirtualAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
SetErrorMode
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
GetModuleHandleW
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
GlobalFree
GlobalUnlock
MulDiv
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
lstrlenA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
MultiByteToWideChar
lstrcmpW
LoadLibraryA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
InterlockedExchangeAdd
ReleaseSemaphore
CreateSemaphoreA
SetLastError
DebugBreak
OutputDebugStringA
lstrcpynA
GetTickCount
DeleteFileA
GetModuleHandleA
FreeResource
GetTempPathA
GetCurrentThread
SetThreadPriority
Sleep
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
LoadLibraryExA
FormatMessageA
FreeLibrary
LocalFree
CreateThread
GetCommState
SetCommState
GetCommTimeouts
SetCommTimeouts
WaitForSingleObject
InterlockedExchange
WriteFile
ReadFile
CreateFileA
GetLastError
GetCommConfig
GetCommProperties
GetConsoleMode
CloseHandle

user32

UnregisterClassA
LoadCursorA
DestroyMenu
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
LoadIconA
SendDlgItemMessageA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
WinHelpA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
FillRect
GetDC
ReleaseDC
GetSystemMetrics
LoadImageA
EnableWindow
KillTimer
SetTimer
IsWindowVisible
GetClientRect
SendMessageA
InflateRect
GetSysColorBrush
IsWindow
InvalidateRect
DestroyIcon
PostMessageA
GetWindowRect
OffsetRect
CopyRect
GetDlgItem

gdi32

ScaleWindowExtEx
DPtoLP
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateSolidBrush
AddFontResourceExA
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectA
GetClipBox
Ellipse
SetTextAlign
SetTextColor
SetBkColor
SetBkMode
TextOutA
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject
CreateFontIndirectA
DeleteObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shlwapi

PathFindExtensionA
PathAppendA
PathRemoveBackslashA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

wsock32

htons
htonl
socket
setsockopt
connect
recv
send
ioctlsocket
ntohl
gethostbyname
closesocket
WSAStartup
WSACleanup

winmm

timeGetTime

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c2024f1e62795d7c7a79e9b53a44354

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

wsock32

winmm

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 551KB - Virtual size: 550KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 551KB - Virtual size: 550KB