NEAS[.]2023-09-08_5ed4a8fe93a62a031991e9588240a1b9_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-08_5ed4a8fe93a62a031991e9588240a1b9_icedid_JC.exe
Size

1.4MB
MD5

5ed4a8fe93a62a031991e9588240a1b9
SHA1

7246868b50c06f97606bae972f6c9a6c76af2708
SHA256

90d7d98aee5d20f2a131d48dac8dc89ada97fb821b6942fe6ba5fb6d4add98ce
SHA512

76a58675f31740278f9ba359661c60585631690b3f8fbfcf339a1ab79be859605398d63b1e3ebb1815f5cc4dbf22b938ab9699ae66b041607324e0621fbf1eb9
SSDEEP

24576:S9y4UxV/4MJFkAZchA9R5DFa6xZWnUjB/J3EIBPsB85bIOZoM0p/pzy:kyffJXFtFFZggJN1yxM0p/M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-08_5ed4a8fe93a62a031991e9588240a1b9_icedid_JC.exe

Files

NEAS.2023-09-08_5ed4a8fe93a62a031991e9588240a1b9_icedid_JC.exe
.exe windows:4 windows x86

e3e999654a8e343f58c5a8a6390b8d2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zlib1

uncompress

kernel32

GetVersion
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
FindNextFileW
GetFileTime
InterlockedDecrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
GlobalFlags
GetModuleHandleA
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
ExitThread
RaiseException
RtlUnwind
HeapReAlloc
VirtualAlloc
SetStdHandle
EnumResourceLanguagesW
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
LoadLibraryExW
CompareStringA
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
OutputDebugStringA
InterlockedExchangeAdd
ReleaseSemaphore
CreateThread
CreateSemaphoreW
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointer
GetACP
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetFileAttributesW
GetLogicalDriveStringsW
GetDriveTypeW
lstrcpyW
MoveFileW
CopyFileW
RemoveDirectoryW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetNativeSystemInfo
GetTickCount
SetLastError
SetConsoleCtrlHandler
lstrcmpiW
GetProcAddress
GetModuleHandleW
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
LocalFree
lstrcpynW
FormatMessageW
WaitNamedPipeW
SetNamedPipeHandleState
ReadFile
WriteFile
GetModuleFileNameW
SetEvent
InterlockedExchange
CreateEventW
CreateProcessW
HeapFree
WaitForSingleObject
GetProcessHeap
HeapAlloc
CancelIo
ResetEvent
CallNamedPipeW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
GetLastError
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
CreateFileW
Sleep
DeleteFileW
WaitForMultipleObjects
FindResourceW
LoadResource
CloseHandle
LockResource
SizeofResource
GetFileType
FindFirstFileA

user32

ClientToScreen
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
UnregisterClassW
DestroyMenu
GetTopWindow
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
PostMessageW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperW
GetSystemMetrics
PtInRect
SendMessageW
wsprintfW
GetForegroundWindow
GetDlgCtrlID

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
ExtTextOutW
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
RegisterEventSourceA
ReportEventA
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
UnlockServiceDatabase
LockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegDeleteKeyW
RegFlushKey
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
StartServiceCtrlDispatcherW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW

ws2_32

socket
htons
inet_addr
gethostbyname
inet_ntoa
WSACreateEvent
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
setsockopt
WSARecv
closesocket
ntohl
WSASend
WSAStartup
WSACleanup
WSACloseEvent
shutdown
ioctlsocket
ntohs
WSASetLastError
listen
bind
WSASocketW
htonl
getsockname
recv
send
select
connect
accept

odbc32

ord110
ord29
ord108
ord43
ord13
ord111
ord9
ord31
ord141
ord139
ord75
ord24

psapi

GetProcessImageFileNameW

ole32

IIDFromString
CoCreateInstance
CoUninitialize
CoGetClassObject
CLSIDFromString
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3e999654a8e343f58c5a8a6390b8d2f

Headers

File Characteristics

Imports

zlib1

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ws2_32

odbc32

psapi

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 340KB - Virtual size: 338KB

.data Size: 48KB - Virtual size: 73KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 340KB - Virtual size: 338KB

.data
Size: 48KB - Virtual size: 73KB

.rsrc
Size: 40KB - Virtual size: 39KB