2023-08-22_8a5f5eb75668a5110003a6718414a891_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-22_8a5f5eb75668a5110003a6718414a891_icedid_JC.exe
Size

1.7MB
MD5

8a5f5eb75668a5110003a6718414a891
SHA1

639ccc6ac891a678100c240ac4bf965b853cd086
SHA256

1372445af5da7b3ddc6bf6b318c0bc8e1a1a15a84f13180e036fc9fa88f00d4a
SHA512

910689748a1bf7d43ff20400fd943cce1a4c08c733098e27eb2e8d2b48029a275f4549324dd5e5ad7a456149bdba47280bd09d89e6161fcaa3261164b6989858
SSDEEP

24576:tlKrjyiU1/nMJ/PG5oTy16MN3gMwa6TV7rxv5WV7xEeWqOweTXx5qfNjt8JcO00c:XwJTy8MGT6++hBuU/dcTwws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-22_8a5f5eb75668a5110003a6718414a891_icedid_JC.exe

Files

2023-08-22_8a5f5eb75668a5110003a6718414a891_icedid_JC.exe
.exe windows x86

706f697a1e49e6de77c6eadf75f86c55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
ExitThread
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetTimeFormatA
GetDateFormatA
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
SetHandleCount
GetStartupInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FlushFileBuffers
VerSetConditionMask
VerifyVersionInfoA
GetCommandLineA
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
InterlockedExchange
RaiseException
HeapReAlloc
GetFileAttributesA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
MoveFileA
GetCurrentThreadId
GetModuleFileNameA
GetFileAttributesExA
GetDiskFreeSpaceExA
CreateProcessA
GetExitCodeProcess
GetLocalTime
GetComputerNameExA
lstrcatA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
ReadFile
GlobalMemoryStatus
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetComputerNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetQueuedCompletionStatus
CreateIoCompletionPort
ProcessIdToSessionId
GetVersionExA
HeapAlloc
HeapFree
GetVersionExW
lstrcpyW
LoadLibraryW
SetLastError
WriteFile
GetCurrentProcessId
DuplicateHandle
GetCurrentThread
GetThreadSelectorEntry
MapViewOfFile
UnmapViewOfFile
GetLogicalDrives
GetVolumeInformationA
LocalFree
LocalAlloc
LocalReAlloc
FindClose
FindNextFileA
lstrcpyA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateDirectoryA
GetModuleHandleA
GetProcessHeap
CreateThread
SetThreadPriority
ResumeThread
CreateToolhelp32Snapshot
LoadLibraryA
GetProcAddress
Process32First
GetWindowsDirectoryA
GetLongPathNameA
Process32Next
FreeLibrary
EnterCriticalSection
GetOEMCP
GetCPInfo
GlobalFlags
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GetThreadLocale
GlobalGetAtomNameA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
OpenProcess
TerminateProcess
GetLogicalDriveStringsA
QueryDosDeviceA
GetDriveTypeA
DeviceIoControl
CreateFileA
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSection
GetComputerNameExW
OutputDebugStringA
GetCurrentProcess
GlobalAlloc
GlobalFree
lstrcmpA
GetSystemInfo
CreateEventA
WaitForSingleObject
lstrlenA
CompareStringW
CompareStringA
lstrlenW
CloseHandle
GetTickCount
Sleep
SetEvent
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
FormatMessageA
GlobalUnlock
GlobalLock
SuspendThread
SetErrorMode
GlobalDeleteAtom
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
TlsFree

user32

SystemParametersInfoA
SetWindowPos
SetWindowLongA
CallWindowProcA
GetDlgCtrlID
PtInRect
CopyRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
IsIconic
WinHelpA
LoadIconA
RegisterWindowMessageA
SetWindowTextA
ShowWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
UnregisterClassA
DestroyMenu
GetSubMenu
DispatchMessageA
TranslateMessage
PeekMessageA
IsWindowEnabled
EnableWindow
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetLastActivePopup
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
GetWindowThreadProcessId
GetParent
GetWindowLongA
wsprintfA
GetSystemMetrics
DefWindowProcA
EndPaint
BeginPaint
GetMessageA
CreateWindowExA
RegisterClassExA
SetCursor
LoadCursorA
SendMessageA
wsprintfW
MessageBoxA
GetMenuItemID
GetMenuState
ValidateRect
GetMenuItemCount

psapi

GetModuleFileNameExA
EnumProcessModules

netapi32

NetUserGetInfo
NetUserModalsGet
NetUserGetLocalGroups
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetLocalGroupGetInfo
NetGroupGetInfo
DsEnumerateDomainTrustsA
NetApiBufferFree
NetShareGetInfo
NetShareEnum
NetShareAdd
NetShareDel

advapi32

EqualSid
CloseServiceHandle
DeleteService
ControlService
OpenServiceA
OpenSCManagerA
StartServiceA
CreateServiceA
ChangeServiceConfigA
AdjustTokenPrivileges
LookupPrivilegeValueA
InitializeSid
GetSidIdentifierAuthority
GetSidLengthRequired
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
EnumServicesStatusA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
SetEntriesInAclA
LookupAccountNameA
RegCloseKey
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
GetSidSubAuthorityCount
GetSidSubAuthority
InitializeSecurityDescriptor
InitializeAcl
LogonUserW
RegDeleteValueA
SetFileSecurityA
RegDeleteKeyA
RegOpenKeyA
DuplicateTokenEx
SetServiceStatus
QueryServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
CreateProcessAsUserA
SetTokenInformation
IsValidSid
ConvertSidToStringSidA
GetLengthSid
ConvertStringSidToSidW
RegQueryValueA
RegEnumKeyA
ConvertStringSidToSidA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
VarBstrCat
SysStringLen
SysAllocString
SysAllocStringLen
VariantChangeType

ws2_32

gethostbyname
WSAStartup
shutdown
WSACleanup
gethostname
inet_addr
ioctlsocket
ntohs
select
inet_ntoa
socket
getservbyport
closesocket
__WSAFDIsSet
WSAGetLastError
ntohl
accept
recv
send
setsockopt
bind
connect
htons
htonl
listen

iphlpapi

GetAdaptersInfo
SendARP
GetIpNetTable
GetTcpTable
GetUdpTable

wtsapi32

WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSSendMessageA
WTSDisconnectSession
WTSEnumerateSessionsA
WTSQueryUserToken
WTSQuerySessionInformationA
WTSFreeMemory

confdrv

Redwall_GetInPolicy
Redwall_SetInPolicy
Redwall_SetOutPolicy
Redwall_Stop
Redwall_SetFilter
Redwall_GetFilter
Redwall_IsStarted
Redwall_Start
Redwall_SetRules
ord1
ord2
Redwall_IsInstalled
Redwall_GetShareEnum
Redwall_GetOutPolicy

librcs2o

Init_ITopManList
cmdfunc
RemoveAll_ITopsNode

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

libeay32

ord82
ord2708
ord3212
ord246
ord66
ord395
ord641

libpki32

ord55

libpkiut

ord37
ord30

activeds

ord5
ord6
ord4
ord18
ord9
ord3

ssleay32

ord87
ord1
ord8
ord15
ord176
ord24
ord30
ord235
ord6
ord12
ord111
ord170
ord117
ord114
ord48
ord96
ord58
ord35
ord75
ord78
ord108
ord43
ord183

shlwapi

PathFindExtensionA
PathFindFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetWindowExtEx
GetStockObject
DeleteDC
ScaleWindowExtEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
GetDeviceCaps
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

InitSecureLog
SaveSecureLog

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706f697a1e49e6de77c6eadf75f86c55

Headers

File Characteristics

Imports

kernel32

user32

psapi

netapi32

advapi32

ole32

oleaut32

ws2_32

iphlpapi

wtsapi32

confdrv

librcs2o

version

libeay32

libpki32

libpkiut

activeds

ssleay32

shlwapi

userenv

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 328KB - Virtual size: 326KB

.data Size: 16KB - Virtual size: 3.7MB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 328KB - Virtual size: 326KB

.data
Size: 16KB - Virtual size: 3.7MB

.rsrc
Size: 4KB - Virtual size: 1KB