2023-08-26_a2be7879cc7180d0b524edacdcfa37c1_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_a2be7879cc7180d0b524edacdcfa37c1_icedid_JC.exe
Size

1.8MB
MD5

a2be7879cc7180d0b524edacdcfa37c1
SHA1

1d4615b56eaf74678af4c077b195cfdccf6e18a2
SHA256

3e5c921928f10ecaec9c7aa500a060a312653ac5e48dff3d3c49f492b8ccf79a
SHA512

a38db802f5874ed941fc253f19065858421f35d6427776225d282fa8f7ac9a256895382d715a53e3ad75ce6633cda5f8af4bf857b283c36b909ba32bbd6abf17
SSDEEP

49152:QeR7yhcWLMrLF/OOj6+xGiDXUfjk/2BDYLJx6RrdS2LF:QKOhZLMrZ/OOj6+xOjk/2KT61

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_a2be7879cc7180d0b524edacdcfa37c1_icedid_JC.exe

Files

2023-08-26_a2be7879cc7180d0b524edacdcfa37c1_icedid_JC.exe
.exe windows:5 windows x86

4e26364040d8fb7313d1f1ce2a62d5a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
InternetErrorDlg
FtpGetFileW
InternetOpenUrlW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpSendRequestW
InternetOpenW
FtpPutFileW
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetConnectW

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostname
gethostbyname

wtsapi32

WTSQueryUserToken

dynamicdll

?GetMultiKeyListInfo@CCdgExchg@@QAEHPAU_MultiKey_Policy@@@Z
?GetMultiMainKey@CCdgExchg@@QAEHPAD@Z
?GetCDGKey@CCdgExchg@@QAEXPAD@Z
?GetUserOperate@CCdgExchg@@QAEXAAUUserOperate@@@Z
?GetDyKey@CCdgExchg@@QAEXPAD@Z
??0CCdgExchg@@QAE@XZ
?GetDefaultUserNameAndPsw@CCdgExchg@@QAEXPAD00@Z
??1CCdgExchg@@UAE@XZ
?GetConnectSer@CCdgExchg@@QAEHXZ

kernel32

GetProfileIntW
LocalAlloc
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameW
GetAtomNameW
SetErrorMode
GetFileAttributesExW
LocalFileTimeToFileTime
GetFileSizeEx
GetFileTime
LocalUnlock
LocalLock
GetTempFileNameW
GetDiskFreeSpaceW
GetStartupInfoW
ResumeThread
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapReAlloc
SetStdHandle
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
FatalAppExitA
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpA
GetModuleHandleA
GetShortPathNameW
GetFullPathNameW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetStringTypeExW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
DeleteFileA
FormatMessageW
OutputDebugStringA
FileTimeToLocalFileTime
WTSGetActiveConsoleSessionId
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
ResetEvent
SetEvent
OpenEventW
lstrcpynW
FreeLibrary
SetUnhandledExceptionFilter
GetCurrentThreadId
ReleaseMutex
OpenMutexW
ExitProcess
CreateMutexW
GetLogicalDriveStringsW
GetVolumeInformationW
GlobalAlloc
GlobalFree
TerminateProcess
GetModuleFileNameA
OpenProcess
CreateProcessW
GetCurrentProcessId
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
RemoveDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileAttributesW
MoveFileW
MoveFileExW
OpenFileMappingW
GetProcessHeap
HeapAlloc
HeapFree
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
GetSystemTime
GetLocalTime
FileTimeToDosDateTime
FileTimeToSystemTime
WriteFile
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
Sleep
GetACP
GetVersion
GetTickCount
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
GlobalReAlloc
GetVersionExW
lstrcmpW
lstrcpyW
GetFileAttributesW
GetEnvironmentVariableW
CopyFileW
DeleteFileW
LocalFree
lstrlenW
GetFileSize
FindFirstFileW
FindNextFileW
FindClose
GetPrivateProfileIntW
GetModuleHandleW
LoadLibraryW
GetProcAddress
SetLastError
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateFileW
ReadFile
CloseHandle
GetLastError
GetPrivateProfileStringW
GetModuleFileNameW
GetComputerNameW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
CreateEventW
GetEnvironmentVariableA
SuspendThread
RtlUnwind

user32

SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageW
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
LoadMenuW
CharUpperW
GetWindowThreadProcessId
AppendMenuW
InsertMenuW
RemoveMenu
GetMenuStringW
DestroyMenu
GetMenuItemInfoW
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
RegisterClipboardFormatW
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetSubMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
ClientToScreen
WindowFromPoint
IsRectEmpty
IsWindowVisible
GetDoubleClickTime
GrayStringW
DrawTextExW
TabbedTextOutW
GetCapture
ReleaseCapture
SetCapture
ClipCursor
SetTimer
PtInRect
InvertRect
PostMessageW
GetFocus
GetSystemMetrics
IsClipboardFormatAvailable
GetCursorPos
KillTimer
GetDialogBaseUnits
GetSysColorBrush
SetRectEmpty
UnregisterClassW
DeleteMenu
WaitMessage
DestroyIcon
MessageBeep
GetTabbedTextExtentW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetMenuBarInfo
ReuseDDElParam
SetScrollRange
UnpackDDElParam
GetKeyState
IntersectRect
GetWindowRect
GetParent
GetClassInfoW
DefWindowProcW
IsWindow
SetRect
LoadCursorW
SetCursor
FrameRect
DrawEdge
InflateRect
GetDC
ReleaseDC
SystemParametersInfoW
CopyRect
GetSysColor
FillRect
DrawTextW
InvalidateRect
MessageBoxW
LoadBitmapW
SetParent
GetMessagePos
ScreenToClient
LoadIconW
EnableWindow
GetClientRect
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
SendMessageW
LockWindowUpdate
GetDCEx
GetDlgCtrlID
UnionRect
GetMenu

gdi32

SetRectRgn
CombineRgn
GetMapMode
DPtoLP
SetAbortProc
GetCharWidthW
StretchDIBits
GetTextColor
GetRgnBox
CreateHatchBrush
CreateSolidBrush
SetTextAlign
SetViewportExtEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
MoveToEx
ScaleViewportExtEx
CreateCompatibleBitmap
GetBkColor
GetDeviceCaps
GetCurrentObject
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
GetTextExtentPoint32W
CreateFontIndirectW
ExtCreatePen
CreateRectRgnIndirect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetTextMetricsW
PatBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontW
StartDocW
StartPage
EndPage
EndDoc
AbortDoc
GetObjectW
CreatePen
BitBlt
CreateCompatibleDC
SetTextJustification

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
GetUserNameA
RevertToSelf
RegDeleteValueW
RegDeleteKeyW
ImpersonateLoggedOnUser
RegSetValueExW
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
CreateProcessAsUserW
GetSecurityInfo
SetSecurityInfo
ConvertSecurityDescriptorToStringSecurityDescriptorW
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW

shell32

DragFinish
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
ShellExecuteExA
SHChangeNotify
SHGetFileInfoW
DragQueryFileW
CommandLineToArgvW
ExtractIconW

shlwapi

PathFileExistsW
PathIsDirectoryW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

CoInitialize
CoRegisterMessageFilter
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleRun
CoCreateInstance
CoCreateGuid
CoUninitialize
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoRegisterClassObject
StgOpenStorageOnILockBytes
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
StringFromGUID2
CLSIDFromString
CoInitializeEx
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
CreateILockBytesOnHGlobal

oleaut32

OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysFreeString
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysStringLen
SysAllocString
VariantInit
VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo

filelock

IsEncryptLockFile
DecodeAES
IsEncryptLockFileW
EncodeRC4
EncodeAES
DecodeRC4
EncryptLockFile
DecryptLockFile
CanFileDecrypted
EncryptLockFileBuffer

sqlite

sqlite3_column_text
sqlite3_prepare
sqlite3_step
sqlite3_data_count
sqlite3_exec
sqlite3_free
sqlite3_close
sqlite3_open16
sqlite3_column_int
sqlite3_finalize

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

iphlpapi

GetTcpTable
GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

MiniDumpWriteDump

Exports

Exports

??0CCdgExchg@@QAE@ABV0@@Z
??4CCdgExchg@@QAEAAV0@ABV0@@Z
??_7CCdgExchg@@6B@

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e26364040d8fb7313d1f1ce2a62d5a9

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

wtsapi32

dynamicdll

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

filelock

sqlite

psapi

iphlpapi

version

dbghelp

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 286KB - Virtual size: 285KB

.data Size: 18KB - Virtual size: 39KB

.rsrc Size: 102KB - Virtual size: 104KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 286KB - Virtual size: 285KB

.data
Size: 18KB - Virtual size: 39KB

.rsrc
Size: 102KB - Virtual size: 104KB