2023-08-25_44eaded10ff81e029a71b00127e26ad0_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-25_44eaded10ff81e029a71b00127e26ad0_icedid_JC.exe
Size

2.3MB
MD5

44eaded10ff81e029a71b00127e26ad0
SHA1

e33fc7b024374833ba15581cba42d7ea88062699
SHA256

cc830d0e098a26034570fafc75e6bdda188f20a507735b8bc2ed256f90d6673c
SHA512

e85a4de0634d73456ed344d5936c2c1a2300d1c9e6542ce31dd62a992442edd1a3000c81dc353e25c9dcbbdbeaeff6b81ecef4fed0a6f482b508a1b5d04b274d
SSDEEP

49152:nb/ez7L2VJDo5Hir1VAHBnAHBDAHBiAHB1AHBEAHBNAHBnAHBxAHBMBgLfElQMri:b/ez7L+25Hir1VAHBnAHBDAHBiAHB1Ak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-25_44eaded10ff81e029a71b00127e26ad0_icedid_JC.exe

Files

2023-08-25_44eaded10ff81e029a71b00127e26ad0_icedid_JC.exe
.exe windows:4 windows x86

f8081b0f8a3e3a444c4d50b6b6f2425e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_GetImageInfo
ImageList_Draw
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Destroy
ImageList_Create
PropertySheetW
ImageList_ReplaceIcon

crypt32

CertVerifyCRLTimeValidity
CertFindCertificateInCRL
CertCreateCRLContext
CertDuplicateCRLContext
CertFreeCRLContext
PFXExportCertStoreEx
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
PFXImportCertStore
PFXIsPFXBlob
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertCloseStore
CertSaveStore
CertOpenStore
CertCompareCertificateName
CertGetCertificateContextProperty
CertGetNameStringW
CertRDNValueToStrW
CertFreeCertificateContext
CertFindRDNAttr
CryptDecodeObject
CertCreateCertificateContext
CertDuplicateCertificateContext
CertVerifyTimeValidity

wldap32

ord208
ord27
ord36
ord216
ord88
ord14
ord145
ord46
ord118
ord79
ord41
ord16
ord142
ord26

kernel32

LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
CreateFileA
IsBadReadPtr
IsBadCodePtr
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedExchange
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
TerminateProcess
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
SetStdHandle
RtlUnwind
ExitProcess
HeapReAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
WideCharToMultiByte
GetLastError
lstrlenA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
ResumeThread
GetExitCodeThread
FreeLibrary
LoadLibraryW
GetProcAddress
GetLocalTime
FileTimeToSystemTime
GetWindowsDirectoryW
lstrcpyW
lstrcatW
WinExec
FormatMessageW
LoadLibraryExW
LocalFree
GetPrivateProfileStringW
WritePrivateProfileStringW
DeleteFileW
GetTempFileNameW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
GetStartupInfoW
FindResourceExW
GetCurrentDirectoryW
GlobalFlags
GetSystemTime
FormatMessageA
SetErrorMode
GetFileTime
GetFileAttributesW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
GetCurrentThread
ConvertDefaultLocale
CloseHandle
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
FileTimeToLocalFileTime
FindNextFileW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
SetThreadPriority
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
FreeResource
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
lstrcmpiW
SetLastError
GlobalFree
MulDiv
lstrcpynW
LocalAlloc
Sleep
GetFileSize
MapViewOfFile
CreateFileMappingW
SetEndOfFile
SetFilePointer

user32

PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
RegisterWindowMessageW
WinHelpW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetAsyncKeyState
SendDlgItemMessageA
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
MessageBoxW
SetForegroundWindow
IsWindowVisible
GetMenu
AdjustWindowRectEx
RegisterClassW
GetDlgCtrlID
CallWindowProcW
SetWindowPos
SystemParametersInfoA
IsIconic
MapDialogRect
DestroyMenu
SendDlgItemMessageW
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetCapture
WindowFromPoint
ClientToScreen
ReleaseCapture
SetCapture
DefWindowProcW
GetClassInfoW
AnimateWindow
GetWindowLongW
SystemParametersInfoW
RegisterClassExW
GetSysColorBrush
GetClassInfoExW
LoadIconW
DrawMenuBar
GetSystemMenu
InsertMenuW
LoadBitmapW
CreateIconIndirect
GetIconInfo
MessageBoxIndirectW
PostMessageW
UpdateWindow
FillRect
GetFocus
TrackMouseEvent
DrawFocusRect
OffsetRect
DrawIconEx
DrawFrameControl
CopyIcon
LoadCursorW
InflateRect
ReleaseDC
GetDC
IsWindow
SetCursor
InvalidateRect
PtInRect
ScreenToClient
GetMessagePos
MessageBeep
GetClientRect
SetWindowLongW
wsprintfW
GetParent
KillTimer
RedrawWindow
SetTimer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UnregisterHotKey
RegisterHotKey
DrawTextW
DrawStateW
GetSysColor
GetSystemMetrics
DrawEdge
CopyRect
GetWindowRect
EnableWindow
GetKeyState
SendMessageW
LoadImageW
UnregisterClassW

gdi32

CreatePatternBrush
CreateSolidBrush
EnumFontFamiliesExW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
MoveToEx
LineTo
SelectObject
CreateFontW
GetStockObject
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
GetCurrentObject
CreateCompatibleDC
CreateBitmap
GetPixel
SetPixel
DeleteObject
DeleteDC
PatBlt
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetMapMode

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptGetProvParam
CryptAcquireContextA
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
CryptReleaseContext
RegOpenKeyW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegSetValueExA
GetUserNameA

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
PathIsSameRootW
PathRemoveBackslashW
PathAddBackslashW
PathMatchSpecW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathRelativePathToW

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

WSAGetLastError
inet_ntoa
gethostbyname
WSACleanup
WSAStartup

wininet

InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetOpenUrlW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW

sqlite

sqlite_libversion
sqlite_last_insert_rowid
sqlite_free_table
sqlite_get_table_vprintf
sqlite_close
sqlite_freemem
sqlite_open

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8081b0f8a3e3a444c4d50b6b6f2425e

Headers

File Characteristics

Imports

comctl32

crypt32

wldap32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

ws2_32

wininet

sqlite

version

Sections

.text Size: 628KB - Virtual size: 626KB

.rdata Size: 396KB - Virtual size: 393KB

.data Size: 40KB - Virtual size: 58KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 628KB - Virtual size: 626KB

.rdata
Size: 396KB - Virtual size: 393KB

.data
Size: 40KB - Virtual size: 58KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB