2024-01-09_18a7db663b699304b300a4ae6db5816c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-09_18a7db663b699304b300a4ae6db5816c_icedid
Size

158KB
MD5

18a7db663b699304b300a4ae6db5816c
SHA1

3dbc87899e91b187dafefdab8cbb90d1bc7ec77b
SHA256

168bd459b25265baf5ca1079b06bb5c0290b72edae3b99d5a4250ef4df564881
SHA512

46fba095867889410a4fa42101d6d5cf53396e83907c28db9adf8ea17a52018af9c2c61f746a8a69fc11497cf3275142191d527c8fc74a25ea86cf1907595bae
SSDEEP

3072:d6SE+GG6H/HiMkluEi8Bq/Y0Av8vF5pEIJ2:b9GGo/HizluEBBqQ0AUxEIJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-09_18a7db663b699304b300a4ae6db5816c_icedid

Files

2024-01-09_18a7db663b699304b300a4ae6db5816c_icedid
.exe windows:5 windows x86 arch:x86

98a6394cc83435b76fc6ee3989d8710f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetVersionExA
lstrcmpW
GlobalFindAtomA
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
GetCurrentProcess
VirtualAlloc
HeapReAlloc
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
WriteFile
GlobalAddAtomA
GlobalFlags
WritePrivateProfileStringA
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
Sleep
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
OpenProcess
GetLastError
ExpandEnvironmentStringsA
CloseHandle
GetWindowsDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
RaiseException
SizeofResource

advapi32

RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
CreateServiceA
CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA

shlwapi

PathFindExtensionA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

user32

LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
SetWindowLongA
IsWindow
GetDlgItem
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
DestroyMenu
GetMenu
RegisterWindowMessageA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorA
UnhookWindowsHookEx
GetCursorPos
ValidateRect
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
TextOutA
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
DeleteDC
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
ExtTextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98a6394cc83435b76fc6ee3989d8710f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

wtsapi32

userenv

user32

gdi32

winspool.drv

oleaut32

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 572B

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 572B