2024-01-10_ab20598a3fa95fe68416fa6bf3827538_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-10_ab20598a3fa95fe68416fa6bf3827538_icedid
Size

1.9MB
MD5

ab20598a3fa95fe68416fa6bf3827538
SHA1

758c347de2663ef444934195a3ad68d4b6cd6681
SHA256

6c5cef699640b19e92dd04f64f79255e78fd9e90c319a7b665a3eb68c24ee038
SHA512

8a4dcadf1ec8ca69597dc6428eb4545847e92797eb5a3260c7cb27122a87c0a6f93cd1e1b8d33772d256bb4b337236817d729738a354b62b21427c921affd45d
SSDEEP

49152:sz8+w8f+5nXZxHb2x3vyosUs7vquT+067fdyw:sAR8f+5nXZ5s36osBU067Yw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-10_ab20598a3fa95fe68416fa6bf3827538_icedid

Files

2024-01-10_ab20598a3fa95fe68416fa6bf3827538_icedid
.exe windows:5 windows x86 arch:x86

96fdd25324af4956af4b239d3fbb79f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA
EnumProcesses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
InternetReadFileExA

kernel32

InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFileSizeEx
SetErrorMode
ExitProcess
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleHandleW
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFileAttributesW
LoadLibraryW
GetFullPathNameW
GetThreadLocale
RaiseException
InterlockedDecrement
GetModuleFileNameW
CreateEventA
SuspendThread
SetEvent
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FreeResource
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
ResumeThread
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetFileSize
SetFilePointer
WriteFile
ReadFile
FileTimeToLocalFileTime
GetFileTime
CreateFileA
GetTimeZoneInformation
FileTimeToSystemTime
GetCurrentProcessId
GetProcAddress
Module32Next
Module32First
GetExitCodeProcess
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
CreateProcessA
CloseHandle
GetLongPathNameA
GetFullPathNameA
GetCurrentDirectoryA
GetModuleFileNameA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
GetTempFileNameA
GetSystemTime
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
MultiByteToWideChar
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
LocalFree
FormatMessageA
lstrlenA
LocalAlloc
GetUserDefaultUILanguage
FindResourceExA
LoadLibraryExA
FreeLibrary
EnumResourceLanguagesA
EnumResourceNamesA
LoadLibraryA
EndUpdateResourceA
UpdateResourceA
HeapAlloc
BeginUpdateResourceA
GetProcessHeap
HeapFree
WritePrivateProfileStringA
CreateMutexA
ReleaseMutex
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
SystemTimeToFileTime
GetLocalTime
GetTickCount
Sleep
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateFileW
GetTempPathW
LockFileEx
DeleteFileW
AreFileApisANSI
ResetEvent
HeapReAlloc

user32

DestroyMenu
GetMenuItemInfoA
WindowFromPoint
SetWindowRgn
IsRectEmpty
InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ReleaseDC
GetDC
RegisterWindowMessageA
WinHelpA
IsChild
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
GetScrollPos
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
GetWindowTextLengthA
CharUpperA
UnregisterClassA
CopyAcceleratorTableA
IsWindow
GetWindowTextA
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetKeyboardState
DrawIcon
IsIconic
AppendMenuA
CreatePopupMenu
AdjustWindowRectEx
ShowScrollBar
DrawEdge
ChildWindowFromPoint
GetCursorPos
CopyRect
SetRect
InvalidateRgn
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
PtInRect
GetWindow
UnpackDDElParam
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatA
SetWindowContextHelpId
SetScrollPos
CharNextA
SendMessageA
EnableWindow
SetTimer
UpdateWindow
KillTimer
RedrawWindow
MessageBoxA
MessageBoxExA
IsWindowVisible
GetClientRect
LoadIconA
PostMessageA
SetForegroundWindow
LoadStringA
wsprintfA
EnumWindows
IsWindowEnabled
GetWindowThreadProcessId
GetClassNameA
EnumChildWindows
GetWindowRect
ScreenToClient
InvalidateRect
SystemParametersInfoA
GetSystemMetrics
EnumDisplaySettingsA
GetShellWindow
GetParent
OffsetRect
SetClassLongA
GetCapture
ReleaseCapture
SetCapture
WaitForInputIdle
DialogBoxParamA
GetWindowLongA
GetDlgCtrlID
GetSysColor
GetSysColorBrush
EndDialog
SetCursor
LoadImageA
MapDialogRect
ClientToScreen
LoadCursorA
GetDlgItem
SetWindowTextA
SetWindowLongA
SetWindowsHookExA

gdi32

GetTextExtentPoint32A
GetRgnBox
GetBkColor
Ellipse
CreateEllipticRgn
LPtoDP
GetMapMode
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
CreateFontIndirectA
ExtTextOutA
GetObjectA
DeleteObject
GetStockObject
GetTextColor
SetBkColor
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
CreateRectRgnIndirect
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateSolidBrush
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
AdjustTokenPrivileges
GetLengthSid
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
RevertToSelf
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegOpenCurrentUser
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
OpenProcessToken

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
DragFinish
DragQueryFileA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathRenameExtensionA
PathFindExtensionA
PathCombineA
UrlEscapeA
SHDeleteEmptyKeyA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleUninitialize
CoInitializeSecurity
OleInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoCreateGuid
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
VariantInit
SysStringLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayCreateVector
OleCreateFontIndirect

urlmon

IsValidURL
URLDownloadToFileA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96fdd25324af4956af4b239d3fbb79f5

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 416KB - Virtual size: 415KB

.data Size: 24KB - Virtual size: 46KB

.rsrc Size: 250KB - Virtual size: 250KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 416KB - Virtual size: 415KB

.data
Size: 24KB - Virtual size: 46KB

.rsrc
Size: 250KB - Virtual size: 250KB