NEAS[.]2023-09-05_cab4b7e1dbc76639b5a9cc297a659262_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-05_cab4b7e1dbc76639b5a9cc297a659262_icedid_JC.exe
Size

2.8MB
MD5

cab4b7e1dbc76639b5a9cc297a659262
SHA1

d850ed12f03cebad0e7822007ae32e52b86a2c52
SHA256

794d4b88525f0c416ec59f2811ccde6c25e24dd8f33476748842bd0b4d061597
SHA512

20e347733ff6003c36c5f50244d8064dce40d4847ecec99fe38b3941d204e1a1d25da7fdf0698e1c67cd2fee376523b2d7b0c40ae2897306de7d571a73e4aaeb
SSDEEP

49152:0gY8xLXeiJIz1rXVb7U40Gu/dtJARvAbB3DcI5/Ve0gSOp84heh0AhhhezOCmJBl:0gxbeAITUwAbB3DcI5/Ve0gSOp84heh7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-05_cab4b7e1dbc76639b5a9cc297a659262_icedid_JC.exe

Files

NEAS.2023-09-05_cab4b7e1dbc76639b5a9cc297a659262_icedid_JC.exe
.exe windows:4 windows x86

389db56135394f59776bebf2503856a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
inet_ntoa
WSAStartup

d3d9

Direct3DCreate9

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileTime
SetErrorMode
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RemoveDirectoryA
GetStartupInfoA
TlsGetValue
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
InterlockedIncrement
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GlobalAddAtomA
SetLastError
MulDiv
FormatMessageA
lstrcpynA
LocalFree
WritePrivateProfileStringA
GlobalUnlock
FreeResource
GetCurrentThread
GetCurrentThreadId
GlobalLock
FreeLibrary
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryA
CreateFileA
GetTickCount
CompareStringW
CompareStringA
GetVersion
RaiseException
ReadFile
GetProcAddress
GlobalAlloc
GlobalFree
ResumeThread
GetModuleHandleA
GetModuleFileNameA
OpenMutexA
CreateMutexA
SetFileAttributesA
CopyFileA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
OpenProcess
TerminateProcess
Process32Next
DeleteFileA
FindNextFileA
lstrcpyA
lstrcmpA
SetCurrentDirectoryA
CreateProcessA
CreateDirectoryA
InitializeCriticalSection
CreateThread
CloseHandle
FindFirstFileA
FindClose
Sleep
DeleteCriticalSection
WaitForSingleObject
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCommandLineA

user32

RegisterClipboardFormatA
PostThreadMessageA
DestroyMenu
MessageBeep
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
LoadCursorA
EndPaint
BeginPaint
GetWindowDC
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PtInRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
PeekMessageA
ValidateRect
MessageBoxA
GetLastActivePopup
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostQuitMessage
GetCursorPos
GetNextDlgGroupItem
ClientToScreen
WindowFromPoint
GetDC
DrawEdge
GetCapture
UnregisterClassA
CharUpperA
ReleaseDC
GetWindowRect
SetWindowRgn
GetKeyState
ReleaseCapture
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetParent
SetCapture
InvalidateRect
LoadBitmapA
GetSysColor
DrawFocusRect
CopyRect
GetWindowLongA
SetWindowLongA
EnumDisplaySettingsA
GetSystemMetrics
LoadImageA
SetLayeredWindowAttributes
LoadIconA
EnableWindow
FindWindowA
KillTimer
SetTimer
GetClientRect
IsIconic
PostMessageA
SendMessageA
DrawIcon
GetFocus

gdi32

ExtSelectClipRgn
CreatePen
CreateSolidBrush
GetRgnBox
SetMapMode
SetBkMode
RestoreDC
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateBitmap
CreateFontIndirectA
SaveDC
GetTextColor
GetStockObject
CreateRectRgnIndirect
SetBkColor
Rectangle
CreateDIBSection
DeleteObject
BitBlt
GetObjectA
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
SetTextColor
GetClipBox
GetDeviceCaps
SelectClipRgn
StretchBlt
CombineRgn
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17
_TrackMouseEvent

oledlg

ord8

ole32

CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString
CreateILockBytesOnHGlobal
OleInitialize
CoFreeUnusedLibraries

oleaut32

VariantInit
SysFreeString
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
VariantChangeType
SysAllocStringByteLen
SysStringLen

wininet

InternetCrackUrlA
InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetQueryDataAvailable

wsock32

sendto
send
WSAAsyncSelect
recvfrom
connect
WSASetLastError
bind
closesocket
accept
socket
select
gethostbyname
htonl
htons
ioctlsocket
recv

gdiplus

GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipCloneImage

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

389db56135394f59776bebf2503856a9

Headers

File Characteristics

Imports

ws2_32

d3d9

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

wininet

wsock32

gdiplus

shlwapi

Sections

.text Size: 264KB - Virtual size: 260KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 16KB - Virtual size: 46KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 16KB - Virtual size: 46KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB