2024-01-08_0aed47644d94880a4ed5b3711dce84e9_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-08_0aed47644d94880a4ed5b3711dce84e9_icedid
Size

1.5MB
MD5

0aed47644d94880a4ed5b3711dce84e9
SHA1

fcb8e260c8028275e34ad2449cfb53954f9d2821
SHA256

82cfa8d90f052d1674e2088377468336260e27fe9416dff3be7c2124b032262e
SHA512

72ef1299a0005069c6c208ce81e36032098784441d36762a405937cc2cfc98cb2374d6a5d7e1ebf6e92512a03ea6cf064ff477441e3003669a83c4273185a8fb
SSDEEP

24576:arkkthPX/oyCYv7OsSLZdgHTgoDYD/iXklNtLs6UT8VA8k6mcN:w9rCiOHD/iXkldUTGkS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-08_0aed47644d94880a4ed5b3711dce84e9_icedid

Files

2024-01-08_0aed47644d94880a4ed5b3711dce84e9_icedid
.exe windows:5 windows x86 arch:x86

0a40aad5cff3d3dd90b6d64e26d81bcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rt-usb

ord6
ord43
ord8
ord2
ord61
ord13
ord16
ord17
ord23
ord3
ord4
ord10
ord12
ord29
ord40
ord41
ord18
ord35
ord14
ord1
ord76
ord7
ord70
ord11
ord71
ord75
ord22

winmm

PlaySoundA
timeBeginPeriod
timeGetDevCaps
timeEndPeriod

hid

HidD_GetAttributes
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetPreparsedData

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

kernel32

lstrcmpA
InterlockedExchange
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GlobalFlags
SystemTimeToFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleW
InterlockedIncrement
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
MoveFileA
DeleteFileA
GlobalAddAtomA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
LocalFileTimeToFileTime
GetFileSizeEx
SetErrorMode
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetDriveTypeA
CreatePipe
GetTimeZoneInformation
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FindFirstFileA
PeekNamedPipe
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
LocalFree
MulDiv
GlobalFree
CancelIo
WaitForMultipleObjects
ResetEvent
GetOverlappedResult
CreateEventA
TerminateThread
SetEvent
PurgeComm
GetCommTimeouts
ReadFile
SetCommTimeouts
SetCommState
WriteFile
ClearCommBreak
FormatMessageA
EscapeCommFunction
SetCommBreak
GetCommState
ClearCommError
SetupComm
GetFileTime
GetExitCodeThread
SetFileTime
WaitForSingleObject
ExitProcess
SetThreadPriority
GetVersionExA
GetProcessId
GlobalAlloc
InterlockedDecrement
lstrlenA
CloseHandle
CreateFileA
FreeResource
GetFileAttributesA
CreateThread
ReleaseMutex
QueryPerformanceFrequency
CreateMutexA
GetCurrentProcess
SetPriorityClass
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
MultiByteToWideChar
lstrcpyA
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
GetLastError
GetModuleFileNameA
GetExitCodeProcess
Sleep
QueryPerformanceCounter
GetTickCount
LockResource
GlobalUnlock
SizeofResource
WideCharToMultiByte
GlobalLock
LoadResource
FindResourceA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetModuleFileNameW
GetCurrentProcessId
GetFileInformationByHandle
GlobalGetAtomNameA
CreateProcessA
SetFilePointer

user32

DestroyMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
WinHelpA
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
ScreenToClient
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetWindow
GetMenuItemID
GetSubMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetParent
ModifyMenuA
GetMenuState
CheckMenuItem
CloseClipboard
SetForegroundWindow
EnumWindows
EmptyClipboard
OpenClipboard
SetClipboardData
GetWindowThreadProcessId
SendDlgItemMessageA
GetKeyState
IsIconic
DrawIcon
wsprintfA
MessageBoxA
SetActiveWindow
SetFocus
DrawFocusRect
FillRect
ClientToScreen
SetWindowRgn
RegisterClassExA
MonitorFromPoint
SetCapture
DrawIconEx
CallNextHookEx
SetRectEmpty
GetIconInfo
GetCapture
InflateRect
OffsetRect
InvalidateRect
SetWindowsHookExA
PostQuitMessage
RedrawWindow
GetSysColor
CharUpperA
UnregisterClassA
ValidateRect
SetWindowPos
EnableWindow
IsWindowVisible
SetTimer
LoadImageA
GetSystemMetrics
DispatchMessageA
PeekMessageA
TranslateMessage
SendMessageA
GetFocus
KillTimer
GetWindowRect
GetMessageA
LoadCursorA
ReleaseDC
GetDC
LoadIconA
SetCursor
MonitorFromRect
CopyRect
GetCursorPos
GetMonitorInfoA
PtInRect
GetSysColorBrush
EqualRect
UnhookWindowsHookEx
SystemParametersInfoA
ReleaseCapture
DrawFrameControl
IsRectEmpty
GetMenuItemCount
UpdateWindow
GetSystemMenu
EnableMenuItem
AppendMenuA
PostMessageA
GetClientRect
AdjustWindowRectEx

gdi32

GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
DeleteDC
SetBkColor
SaveDC
RestoreDC
SelectObject
DPtoLP
GetStockObject
Rectangle
CreatePolygonRgn
FrameRgn
StretchBlt
DeleteObject
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
OffsetRgn
CreateRoundRectRgn
CreateRectRgn
GetObjectA
EqualRgn
CreateSolidBrush
EndPage
StartPage
StartDocA
GetTextMetricsA
EndDoc
GetTextExtentPoint32A
SetBkMode
CreateFontIndirectA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectClipRgn
SetTextAlign
ExcludeClipRect
SetMapMode
SetStretchBltMode

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegCloseKey
RegEnumValueA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime
SysAllocString
VariantClear
SysFreeString
VariantChangeType
VariantInit

wintrust

WinVerifyTrust

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo

ws2_32

recv
bind
socket
WSAGetLastError
WSACleanup
listen
accept
htons
getsockname
ioctlsocket
connect
WSAStartup
recvfrom
gethostbyname
inet_addr
setsockopt
closesocket
sendto
send

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionExA

Sections

.text
Size: 997KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 166.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a40aad5cff3d3dd90b6d64e26d81bcb

Headers

DLL Characteristics

File Characteristics

Imports

rt-usb

winmm

hid

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wintrust

version

iphlpapi

ws2_32

wininet

Sections

.text Size: 997KB - Virtual size: 996KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 124KB - Virtual size: 166.1MB

.rsrc Size: 250KB - Virtual size: 249KB

.text
Size: 997KB - Virtual size: 996KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 124KB - Virtual size: 166.1MB

.rsrc
Size: 250KB - Virtual size: 249KB