fef7e5295a2d2152c3c16fe90c6076fd_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fef7e5295a2d2152c3c16fe90c6076fd_icedid_JC.exe
Size

1.8MB
MD5

fef7e5295a2d2152c3c16fe90c6076fd
SHA1

7ba7bf1b629a249f051f29290258191b7323fd2a
SHA256

7e6c8a44481bbefb493bf552a21fff42a7997abc0c81aa7167e72dfa7fb98de3
SHA512

a30d714e4b6fadcf2000cbd95465eb2f2ca65ab0443017b1dc8f8bd8cf744489dfe9c83a8101e4ed169177c477790be5ace3eb580d46ee26f487022c0ec51308
SSDEEP

24576:DOOnGzMXQ8/CFyY4lqw5J6VZU4DgEyXTV6ZzT2ITjrmtJhYorLCWIxIzVRykXJ4t:jUiE6NyT2ITfmtjdrixIzVRykX6Tre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fef7e5295a2d2152c3c16fe90c6076fd_icedid_JC.exe

Files

fef7e5295a2d2152c3c16fe90c6076fd_icedid_JC.exe
.exe windows x86

15aa5c45b8f89b21c46bfb8fda5403ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lua51

lua_gettop
lua_tointeger
lua_isnumber
lua_getfield
lua_close
luaL_openlibs
luaL_newstate
lua_rawgeti
lua_type
lua_createtable
luaL_unref
luaL_ref
luaL_checkudata
lua_toboolean
lua_tonumber
lua_pushnil
lua_next
luaL_loadfile
lua_pushinteger
lua_pushnumber
lua_pushboolean
lua_pushstring
lua_tolstring
lua_settop
lua_settable
lua_pcall

xlgraphic

XL_UnInitGraphicLib
XL_InitGraphicLib
XL_PrepareGraphicParam
XL_SetFreeTypeEnabled

xlue

XLUE_UninitLuaHost
XLUE_Uninit
XLUE_LoadXAR
XLUE_AddXARSearchPath
XLUE_InitLoader
XLUE_UninitHandleMap

xlluaruntime

XLLRT_ErrorHandle
XLLRT_PushXLObject
XLLRT_ReleaseEnv
XLLRT_GetRuntime
XLLRT_GetLuaState
XLLRT_CreateChunkFromModule
XLLRT_PrepareChunk
XLLRT_GetEnv
XLLRT_ReleaseChunk
XLLRT_GetLastError
XLLRT_RegisterGlobalObj
XLLRT_ReleaseRunTime
XLLRT_LuaCall

xlfsio

XLFS_Init
XLFS_Uninit

wininet

InternetCloseHandle
FtpOpenFileA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionExA
InternetQueryDataAvailable
FtpSetCurrentDirectoryA
HttpOpenRequestA
InternetCombineUrlA
HttpQueryInfoA
InternetConnectA
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA

netapi32

Netbios

libcurl

curl_easy_perform
curl_global_cleanup
curl_easy_cleanup
curl_easy_setopt
curl_easy_init
curl_global_init
curl_easy_strerror
curl_easy_getinfo

crashrpt1402

ord8
ord16
ord17
ord9

kernel32

SetEvent
CreateEventA
WritePrivateProfileStringA
InitializeCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
RaiseException
DeleteCriticalSection
GlobalMemoryStatusEx
TerminateThread
GetCurrentThread
ResetEvent
GetCurrentProcess
GetExitCodeProcess
OpenProcess
OpenMutexA
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
CreateDirectoryA
ConnectNamedPipe
CancelIo
PostQueuedCompletionStatus
CreateNamedPipeA
GetQueuedCompletionStatus
CreateIoCompletionPort
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
SetLastError
LocalFree
FormatMessageA
lstrcmpA
SetThreadPriority
ResumeThread
SuspendThread
EnumResourceLanguagesA
ConvertDefaultLocale
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
LocalAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetDriveTypeA
ExitThread
CreateThread
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFullPathNameA
GetModuleFileNameA
FindNextFileA
GetFileSize
GetFileAttributesA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
GetTempPathA
GetTempFileNameA
HeapAlloc
ExitProcess
GetCurrentProcessId
HeapFree
FreeResource
GlobalFree
CreatePipe
CreateProcessA
ReadFile
TerminateProcess
DeleteFileA
DeviceIoControl
lstrcatA
WinExec
MulDiv
LoadLibraryExA
CreateFileA
WriteFile
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
BindIoCompletionCallback
lstrcpyA
CreateSemaphoreA
CloseHandle
ReleaseSemaphore
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetTickCount
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetDlgItem
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthA
SendDlgItemMessageA
RemovePropA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
WinHelpA
GetWindowDC
GetMenuState
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
CharNextA
GetActiveWindow
DestroyMenu
wsprintfA
ValidateRect
GetMessageA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
CopyAcceleratorTableA
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
SetPropA
MapWindowPoints
IsChild
GetFocus
IsWindowVisible
UpdateWindow
DrawEdge
IntersectRect
OffsetRect
IsRectEmpty
GetClipCursor
ClipCursor
GetClassInfoA
DrawTextExA
TabbedTextOutA
GetCapture
SetWindowRgn
SetRectEmpty
CopyIcon
EqualRect
RegisterClassExA
IsWindowEnabled
BeginPaint
EndPaint
DefWindowProcA
GetCursorPos
ScreenToClient
GetAsyncKeyState
ClientToScreen
SetTimer
KillTimer
TranslateMessage
DestroyWindow
SetFocus
SetWindowTextA
SetWindowPos
RedrawWindow
ShowWindow
SetScrollPos
SystemParametersInfoA
MoveWindow
SetScrollInfo
GetSysColorBrush
DrawFrameControl
CreateWindowExA
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetSysColor
CharUpperA
GetScrollBarInfo
GetWindowRect
PostMessageA
GetWindowTextA
GetSystemMetrics
DrawTextA
DrawFocusRect
InflateRect
SetRect
CopyRect
DrawStateA
FillRect
ReleaseCapture
LoadCursorA
SetCursor
DestroyCursor
LoadImageA
GetParent
SetCapture
ReleaseDC
GetDC
SendMessageA
PtInRect
IsWindow
EnableWindow
InvalidateRect
GetClientRect
GetPropA
PostQuitMessage
ScrollWindow
TrackPopupMenu
GetScrollRange
GetScrollPos
SetForegroundWindow
GetMenu
WindowFromPoint
AdjustWindowRectEx
GetClipboardData
GetDesktopWindow
UnregisterClassA
FlashWindow
SetActiveWindow
SetMenuDefaultItem
CreatePopupMenu
MessageBoxW
MessageBoxA
PeekMessageA
DispatchMessageA
IsDialogMessageA
SetLayeredWindowAttributes
DrawIconEx
GetSubMenu
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
AppendMenuA
MapVirtualKeyA
GetKeyNameTextA
RegisterClassA
GetDlgCtrlID
IsIconic
GrayStringA
GetWindowPlacement
FrameRect
InvalidateRgn
RegisterWindowMessageA
LoadIconA
ChildWindowFromPoint
GetClassNameA
DestroyIcon
CreateIconIndirect
GetIconInfo
GetMonitorInfoA
MonitorFromPoint
OpenClipboard
GetUserObjectInformationW
GetProcessWindowStation
GetWindow

gdi32

ExtSelectClipRgn
ScaleWindowExtEx
CreateRectRgnIndirect
SetWindowExtEx
GetObjectA
SetDIBColorTable
StretchBlt
GetDIBColorTable
SelectObject
DeleteDC
BitBlt
DeleteObject
CreateDIBSection
CreateSolidBrush
Rectangle
GetTextExtentPoint32A
CreatePen
RoundRect
SetTextColor
SetBkMode
CreateFontIndirectA
ExtCreatePen
SetDIBits
GetDIBits
GetDeviceCaps
SetBkColor
GetStockObject
CreateCompatibleBitmap
ExtTextOutA
GetTextExtentExPointA
GetTextMetricsA
GetRgnBox
LineTo
MoveToEx
SetTextAlign
CombineRgn
CreateRectRgn
CreateFontA
CreatePolygonRgn
GetCurrentObject
PtVisible
RectVisible
TextOutA
Escape
GetBkColor
SetViewportExtEx
SetViewportOrgEx
CreateBitmap
SetTextJustification
FrameRgn
SelectClipRgn
FillRgn
CreateRoundRectRgn
OffsetRgn
SetStretchBltMode
CreateDIBitmap
GetTextColor
PatBlt
SetMapMode
GetMapMode
DPtoLP
ExtCreateRegion
CreateICA
GetClipBox
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowOrgEx
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA
ChooseColorA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

ImageList_DrawIndirect
_TrackMouseEvent
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy
ord17
ImageList_GetIcon

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathAppendA
PathFileExistsA
StrToIntA
UrlUnescapeA

oledlg

ord8

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysAllocString
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SystemTimeToVariantTime
VariantChangeType

urlmon

URLDownloadToFileA

gdiplus

GdipDrawImageRectI
GdipFillRectangleI
GdipCreateSolidFill
GdipGetPropertyItem
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipCreateLineBrushFromRectI
GdipSetPenMode
GdipResetPath
GdipClosePathFigure
GdipAddPathArcI
GdipCreateFromHDC
GdipSetPageUnit
GdipDrawPath
GdipFillPath
GdipCloneBrush
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize

ws2_32

WSACleanup
getpeername
gethostname
WSASocketA
WSAGetLastError
setsockopt
inet_addr
listen
bind
htonl
htons
WSASend
WSARecv
WSAConnect
inet_ntoa
gethostbyname
WSAStartup
closesocket

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15aa5c45b8f89b21c46bfb8fda5403ae

Headers

File Characteristics

Imports

lua51

xlgraphic

xlue

xlluaruntime

xlfsio

wininet

netapi32

libcurl

crashrpt1402

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

ws2_32

mswsock

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 272KB - Virtual size: 271KB

.data Size: 52KB - Virtual size: 339KB

.rsrc Size: 132KB - Virtual size: 131KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 272KB - Virtual size: 271KB

.data
Size: 52KB - Virtual size: 339KB

.rsrc
Size: 132KB - Virtual size: 131KB