2024-01-09_26e11b4f239f5f6f7d9842f08aa6588a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-09_26e11b4f239f5f6f7d9842f08aa6588a_icedid
Size

9.7MB
MD5

26e11b4f239f5f6f7d9842f08aa6588a
SHA1

fab660c77620ada5a208ec3c17fc7797f3e7739e
SHA256

199adff512e0d3354f2cc93c921efb1b60421f6255356952b6764872dafe0a8c
SHA512

9a4547c7b611b5cf92c02d0aad94539dabd27927331df4e53caa186ee7ab3ecbd6091014aea52c0c1bd430320781421e47b6c550b011f102165b415f00f39c2e
SSDEEP

196608:aZFqni+oY8qeTGIEhjJwNjdZElOs+bZmbbgt6hYt30O:iFB4ZeaIEhjJwtQQZmfMqwkO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-09_26e11b4f239f5f6f7d9842f08aa6588a_icedid

Files

2024-01-09_26e11b4f239f5f6f7d9842f08aa6588a_icedid
.exe windows:5 windows x86 arch:x86

8f0f6b0be4a29517112f1962f6e4fcf9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
RtlUnwind
RaiseException
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
lstrlenA
CreateFileW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
WritePrivateProfileStringW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GetModuleHandleA
InterlockedDecrement
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
WideCharToMultiByte
InterlockedExchange
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
MultiByteToWideChar
GetVersionExA
lstrlenW
SetLastError
LoadLibraryW
GetModuleFileNameA
GetWindowsDirectoryA
GetPrivateProfileIntA
OutputDebugStringW
Sleep
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateProcessW
WaitForSingleObject
CloseHandle
GetTempPathW
MoveFileExW
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
HeapFree

user32

TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
GetMessageW
IsWindowVisible
UpdateWindow
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
EnableWindow
SendMessageW
MessageBoxW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
GetDC
CopyRect
IsWindow
GetSystemMetrics
LoadIconW
InvalidateRect
GetClientRect
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
SetCursor
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
PostThreadMessageW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
UnregisterClassW
CharUpperW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
SetWindowContextHelpId
MapDialogRect
SetForegroundWindow
GetDesktopWindow
GetCursorPos

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetClipBox
GetDeviceCaps
GetObjectW
SetBkColor
CreateRectRgnIndirect
CreateBitmap
SetTextColor

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey
InitializeSid
GetSidSubAuthority
GetSidLengthRequired
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
GetAclInformation
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
RegCreateKeyExW

shell32

DragQueryFileW
DragAcceptFiles
ShellExecuteExW

shlwapi

PathFileExistsW
PathFindFileNameA
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsA
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

VariantInit
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
VariantChangeType

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f0f6b0be4a29517112f1962f6e4fcf9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

version

oleacc

Sections

.text Size: 225KB - Virtual size: 225KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 225KB - Virtual size: 225KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 39KB - Virtual size: 39KB