NEAS[.]2023-09-06_90b772e7588be1dcab618df52a7de685_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.2023-09-06_90b772e7588be1dcab618df52a7de685_icedid_JC.exe
Size

232KB
MD5

90b772e7588be1dcab618df52a7de685
SHA1

e737a4851f5c2bfbd37da7d834c413156ed63af6
SHA256

26a63a85271295a5688606a2890f738e6bebc28d24301f0ef8b01333b12cc0fa
SHA512

d249ef6598bb935805f15f16d8137e11a951ccc9557c76a5d5829504a9313e02b47b29d2b5b46adbdbd9c020953c616f0fb895a4e8a1ad7e9789dc66a17e0938
SSDEEP

3072:56UEG6jsTvhCy5y5QuyoXor7hxsxDNUnKgDtT4l9S+O446Fp4plm0tD:4HBjsDZYGqXsyAKMD+iAp4po

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-06_90b772e7588be1dcab618df52a7de685_icedid_JC.exe

Files

NEAS.2023-09-06_90b772e7588be1dcab618df52a7de685_icedid_JC.exe
.exe windows:4 windows x86

9be27df9c02bfca3b45c93e5590db466

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

WritePwrScheme
ReadGlobalPwrPolicy
SetActivePwrScheme
GetActivePwrScheme
ReadPwrScheme

kernel32

HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
SetStdHandle
SetErrorMode
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
GetModuleFileNameA
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
GlobalGetAtomNameA
GlobalAddAtomA
CloseHandle
WaitForSingleObject
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
WinExec
GetSystemPowerStatus
CreateProcessA
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadWritePtr

user32

LoadCursorA
GetSysColorBrush
GetMessageA
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
MessageBoxA
GetClientRect
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
RegisterClassA
DefWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
wsprintfA
DestroyMenu
GetClassNameA
GetSysColor
SetWindowPos
WinHelpA
SetFocus
GetActiveWindow
GetFocus
GetPropA
IsWindow
CallWindowProcA
GetMessagePos
UnregisterClassA
SetPropA
RemovePropA
SetWindowLongA
SetTimer
KillTimer
EqualRect
GetDlgItem
GetKeyState
GetDlgCtrlID
GetMenu
UnpackDDElParam
ReuseDDElParam
GetClassInfoA
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
IsIconic
InsertMenuItemA
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
GetWindowLongA
GetWindow
GetMenuItemID
GetSubMenu
LoadMenuA
SendMessageA
GetDC
ReleaseDC
GetDesktopWindow
EnableWindow
LoadIconA
SetMenuDefaultItem
GetSystemMetrics
LoadImageA
PostMessageA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
IsWindowEnabled
TranslateAcceleratorA
GetMenuState
GetMenuItemCount
UpdateWindow
RegisterWindowMessageA

gdi32

GetTextExtentPoint32A
CreateFontIndirectA
CreateSolidBrush
GetStockObject
CreatePatternBrush
ScaleViewportExtEx
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9be27df9c02bfca3b45c93e5590db466

Headers

File Characteristics

Imports

powrprof

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

oleacc

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 64KB - Virtual size: 61KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 64KB - Virtual size: 61KB