2024-01-08_81848e561a1266fdaf20facf158b6bbf_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-08_81848e561a1266fdaf20facf158b6bbf_icedid
Size

2.1MB
MD5

81848e561a1266fdaf20facf158b6bbf
SHA1

6fb3474b760ebf847d698bfd7b3c80ff07a90dc1
SHA256

0afbcaa98554c8fbc5e5092b10b167c855d60ddf52dcbc28920ad8e1e90976b9
SHA512

1460a6d9111b322e14721e3920dfe26ed780ffe8ad91e21a91fd887532799d4559eb565f93594202db04af56b2f26aba322147f2cf928cc65af413cb8a3f7be9
SSDEEP

24576:Fao4wnhK+rwmLa/pYrEVxWs5w8tP1Nx0gfaxyNP4EV4e8kvJbMVx:Fr4+ZD8P1Nx0b8NgEV9bMVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-08_81848e561a1266fdaf20facf158b6bbf_icedid

Files

2024-01-08_81848e561a1266fdaf20facf158b6bbf_icedid
.exe windows:4 windows x86 arch:x86

61d373b516da16abb19ec1f2fd5c9d24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

DsGetDcNameA
NetApiBufferFree

ws2_32

gethostbyaddr
sendto
bind
inet_ntoa
connect
getsockname
gethostname
htons
inet_addr
WSASocketA
WSAGetLastError
setsockopt
recvfrom
gethostbyname
WSAStartup
WSACleanup
socket
closesocket

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreA
CertOpenStore
CertGetNameStringA
CertGetCertificateContextProperty

acauth

acCredGetEapFASTPacAID
acCredGetEapFASTPacIID
acCredGetEapFASTPacKey
acCredGetEapFASTPacOpaque
acEapFASTPacDestroy
acEapFASTPacCreate
acCredEapFASTPac
acCredGetEapFASTPacAIDInfo
acCredGetEapFASTPacType
acCredGetEapFASTPacLifeTime
acCredEapTTLSTunnelMethod
acCredEapFASTProvisionModes
acCredGetEapFASTAID
acCcxGetRadioCfg
acCredGetEapNotification
acCredUserCert
acCredServerVerifyChain
acCredServerVerifyCA
acCredServerVerifyDomain
acCredServerVerifyField
acCredServerVerified
acCredServerGetField
acCredPassword
acCredGetEapMethod
acCredGetEapFASTMode
acCredEapMethods
acCredMachineIdentity
acCredIdentity
acCredComplete
acCredEapSIM
acCredDeferred
acPortDisassociate
acIdentityCreate
acIdentityDestroy
acCertDestroy
acDebugEnable
acPortStop
acPortAssociate
acPortAuth
acCredRsnPsk
acPortAttach
acGetNextPortSymName
acPortDetach
acGetPortAttr
acCredSessionStart
acRsnPskCreate
acRsnBinPskCreate
acCredGetIdentityPrompt
acCredCcxRogueAP
acPasswordDestroy
acCredGetPasswordPrompt
acRsnPskDestroy
acCertCreate
acCertGetField
acCcxEnable
acCcxRadioCfg
acCredEapFASTPacTypes
acEventString
acExit
acIpDhcpRenew
acIpGetConfig
acIpDhcpIsEnabled
acIpIsConnected
acPortGetLinkState
acPortGetState
acPortGetStatus
acCcxInit
acEapInitAll
acRsnInit
ac8021xInit
acInit
acNetCallback
acCertUrlWin32String
acPasswordCreate
acCcxRogueApTimeout

shlwapi

PathFindFileNameA
StrToIntA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveExtensionA
PathFileExistsA
SHDeleteKeyA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

setupapi

SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

iphlpapi

IpReleaseAddress
GetInterfaceInfo
GetAdaptersInfo
IpRenewAddress
GetNetworkParams

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
RpcMgmtIsServerListening
RpcStringFreeA
RpcBindingFree
NdrClientCall2

kernel32

GetLocaleInfoA
GetLocalTime
GetDateFormatA
FileTimeToSystemTime
GetCurrentDirectoryA
GetCurrentProcess
GetVersionExA
DeviceIoControl
SetLastError
CreateEventA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
CreateNamedPipeA
ReadFile
WriteFile
GetModuleFileNameA
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
CreateDirectoryA
WinExec
lstrcpyA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
HeapFree
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
GetCurrentProcessId
WaitForSingleObject
SetThreadPriority
CreateThread
CreateMutexA
GetPrivateProfileIntA
CreateProcessA
lstrlenA
GetSystemDefaultLangID
InterlockedExchange
GetVersion
lstrlenW
CompareStringA
CompareStringW
lstrcmpiA
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
SetEvent
ExitThread
GetTimeZoneInformation
FileTimeToLocalFileTime
GetCPInfo
FreeResource
lstrcpynA
GetFileSize
MulDiv
LocalFree
FormatMessageA
GlobalSize
CopyFileA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
MoveFileA
DeleteFileA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
ResumeThread
SuspendThread
GetModuleFileNameW
InterlockedDecrement
lstrcmpA
CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
WaitForMultipleObjects
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetProfileIntA
GlobalFlags
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetOEMCP
GetAtomNameA
SetErrorMode
WritePrivateProfileStringA
LocalUnlock
LocalLock
GetTempFileNameA
GetDiskFreeSpaceA
RtlUnwind
GetTimeFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitProcess
HeapSize
GetACP
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetStdHandle
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GetPrivateProfileStringA
FindFirstFileA
FindClose
CreateFileA
Sleep
CloseHandle
GetLastError
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
OutputDebugStringA

user32

GetMessagePos
MessageBeep
IsCharAlphaA
SetParent
SetCapture
ReleaseCapture
RegisterClipboardFormatA
SetActiveWindow
EndDialog
IsWindowEnabled
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
GetMenuStringA
GetWindow
GetWindowPlacement
IntersectRect
GetDlgCtrlID
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA
CreateWindowExA
GetMenu
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
GetKeyState
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
GetMenuCheckMarkDimensions
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
ScrollWindowEx
GetWindowDC
BeginPaint
EndPaint
GetKeyNameTextA
MapVirtualKeyA
ValidateRect
GetMessageA
DestroyMenu
GetWindowThreadProcessId
MsgWaitForMultipleObjects
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
SetRectEmpty
IsClipboardFormatAvailable
GetDialogBaseUnits
UnregisterClassA
WaitMessage
GetTabbedTextExtentA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
PostThreadMessageA
TranslateAcceleratorA
SetMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
GetDCEx
GetSystemMenu
ScreenToClient
DrawFrameControl
UnionRect
TranslateMessage
DispatchMessageA
IsRectEmpty
DestroyCursor
LoadImageA
GetNextDlgGroupItem
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
FrameRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateA
IsMenu
GetMenuItemInfoA
DrawIconEx
DestroyIcon
GetSysColorBrush
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
ReleaseDC
RemoveMenu
ModifyMenuA
InsertMenuA
GetMenuState
GetMenuItemID
GetMenuItemCount
DeleteMenu
CreatePopupMenu
CreateMenu
DrawEdge
SetRect
FillRect
GetDC
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetSystemMetrics
IsIconic
PtInRect
RegisterHotKey
keybd_event
CallWindowProcA
UnregisterHotKey
PeekMessageA
RedrawWindow
LockWindowUpdate
UpdateWindow
GetClassInfoA
DefWindowProcA
GetFocus
IsWindowVisible
GetWindowLongA
SetWindowLongA
GetParent
GetDesktopWindow
OffsetRect
SetWindowPos
FindWindowA
EnumChildWindows
GetCursorPos
LoadIconA
SetForegroundWindow
BringWindowToTop
LoadMenuA
SetMenuItemBitmaps
GetSubMenu
EnableMenuItem
CheckMenuItem
AppendMenuA
GetClassNameA
GetClientRect
IsCharAlphaNumericA
MessageBoxA
SetCursor
LoadCursorA
LoadBitmapA
KillTimer
SetTimer
PostMessageA
IsWindow
InvalidateRect
CopyRect
GetSysColor
GetWindowRect
SendMessageA
wsprintfA
EnableWindow
TabbedTextOutA

gdi32

RealizePalette
CreateRectRgn
GetViewportOrgEx
GetWindowOrgEx
GetDIBColorTable
StretchBlt
SetBitmapBits
CreateDIBitmap
DeleteDC
CreateDCA
GetDCOrgEx
GetClipBox
CreatePalette
GetCurrentObject
GetTextColor
GetBkColor
CreateBitmap
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
GetTextExtentPoint32W
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
SaveDC
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetPixel
GetPixel
BitBlt
PatBlt
Rectangle
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreateHatchBrush
CreatePen
CreateSolidBrush
GetObjectA
GetTextExtentPoint32A
GetTextMetricsA
CopyMetaFileA
CreateFontIndirectA
EndDoc
AbortDoc
SetAbortProc
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
EndPage
StartPage
GetRgnBox
StretchDIBits
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateFontA
GetCharWidthA
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
StartDocA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateRectRgnIndirect
SetWindowOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
GetJobA
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
ChangeServiceConfigA
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegEnumKeyA
StartServiceA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
SetFileSecurityA
GetFileSecurityA
RegQueryValueExA

shell32

ShellExecuteExA
DragQueryFileA
DragFinish
ExtractIconA
Shell_NotifyIconA
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetFileInfoA

comctl32

ImageList_GetIconSize
ImageList_Create
_TrackMouseEvent

oledlg

ord8

ole32

OleRun
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
StringFromGUID2
CoDisconnectObject
OleGetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
ReadClassStg

oleaut32

LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
VariantClear
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61d373b516da16abb19ec1f2fd5c9d24

Headers

File Characteristics

Imports

netapi32

ws2_32

crypt32

acauth

shlwapi

version

setupapi

iphlpapi

rpcrt4

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 316KB - Virtual size: 312KB

.data Size: 24KB - Virtual size: 102KB

.rsrc Size: 512KB - Virtual size: 510KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 316KB - Virtual size: 312KB

.data
Size: 24KB - Virtual size: 102KB

.rsrc
Size: 512KB - Virtual size: 510KB