NEAS[.]2023-09-07_d44e7c70c911675cc6a2f264485f0f51_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-07_d44e7c70c911675cc6a2f264485f0f51_icedid_JC.exe
Size

348KB
MD5

d44e7c70c911675cc6a2f264485f0f51
SHA1

62079005a9389473125b41443d5e0a7b570a6060
SHA256

d32b9ff7cac8f2adca7668518ab9bf0fbd90838ed6cc5867286823f329560e8f
SHA512

37831900e3ccc8df7a8d07e3266ca9af7bb5f54a2461d7d7da45d3dbb204dbdeb5560241a77d5db5b9f956a4a14f1db101a7105ad16deeccc094b7d9c4e16c04
SSDEEP

6144:a5QaYMh+meFX9PiYL3nVmxvtN3Qpt8Fgt6cZbhIcY5Rmbn:nbMhJYpiYLUxVot8Fgt6GpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-07_d44e7c70c911675cc6a2f264485f0f51_icedid_JC.exe

Files

NEAS.2023-09-07_d44e7c70c911675cc6a2f264485f0f51_icedid_JC.exe
.exe windows:4 windows x86

d7ae4d11e695eb0eb4fcb523547df53f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetFileTime
GetCPInfo
GetOEMCP
GetTickCount
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
GetTimeZoneInformation
LCMapStringA
TlsFree
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
SetStdHandle
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
RaiseException
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
WritePrivateProfileStringA
FindNextFileA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
InterlockedDecrement
FreeResource
GetFullPathNameA
GetVolumeInformationA
UnlockFile
LockFile
SetLastError
GlobalFree
MulDiv
GlobalUnlock
lstrcpynA
GlobalAddAtomA
GetCurrentThread
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
CreateProcessA
TerminateProcess
GetCurrentThreadId
CreatePipe
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
GetExitCodeProcess
MultiByteToWideChar
GetFileSize
GetTempPathA
FormatMessageA
LocalFree
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTimeFormatA
GetDateFormatA
CreateFileW
GetFileAttributesW
SetFileAttributesW
SetFileTime
SetFileAttributesA
GetFileAttributesA
CreateFileA
FlushFileBuffers
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileInformationByHandle
GetLastError
CloseHandle
Sleep
LoadLibraryA
FreeLibrary
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
LCMapStringW
FileTimeToSystemTime

user32

PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsChild
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
PtInRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetWindowTextLengthA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
FindWindowA
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
LoadIconA
GetSystemMetrics
EnableWindow
LoadImageA
MessageBoxA
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
wsprintfA
GetMenuItemID
GetMenuItemCount
GetSubMenu
RegisterClipboardFormatA
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
MessageBeep
PeekMessageA
SetActiveWindow
SetForegroundWindow
GetForegroundWindow
GetWindowTextA
IsWindow
PostMessageA
CharUpperA
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
PtVisible
SelectObject
Escape
TextOutA
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
GetDeviceCaps
RectVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueA

shell32

ShellExecuteExA
FindExecutableA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc
OleInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7ae4d11e695eb0eb4fcb523547df53f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 76KB - Virtual size: 73KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 76KB - Virtual size: 73KB