2024-01-18_b36e92ce1f3c41addb239bd8181f71eb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_b36e92ce1f3c41addb239bd8181f71eb_icedid
Size

798KB
MD5

b36e92ce1f3c41addb239bd8181f71eb
SHA1

320c1e8b3c00f3b8d7cde66825a507f7dd8065c3
SHA256

f0a15fcea2b60718ca7a8b385f5849db32af0667a3d80f5f379284cba01a4bd3
SHA512

f31e010b4cfb4b77c585169c77beadad2fa4118a0fbccb3f02aaa5fc4a7953edc868e6987003fbdc021c3cf660c4dce13daffaeeedfb6466d791374bab64b6a3
SSDEEP

12288:nYsP5lM1x6706NidYPvGyMVcsdR9nGHvwvUIT/bMKnjiJy:nYy5l4MiMvGbVpLIvw1TzP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-18_b36e92ce1f3c41addb239bd8181f71eb_icedid

Files

2024-01-18_b36e92ce1f3c41addb239bd8181f71eb_icedid
.exe windows:4 windows x86 arch:x86

488de53f99d707de0704c19dd2b21e8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibOpen
DrawDibClose
DrawDibDraw

avifil32

AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileRelease
AVIStreamWrite
AVIStreamRelease

ws2_32

WSARecv
htonl
WSACleanup
closesocket
WSACreateEvent
WSACloseEvent
shutdown
WSAStartup
setsockopt
listen
bind
htons
WSASocketA
WSAAddressToStringA
accept
connect
inet_addr
WSAResetEvent
WSAGetOverlappedResult
WSAGetLastError
WSASend
socket
gethostname
recv
send

iphlpapi

GetAdaptersInfo

winmm

sndPlaySoundA
PlaySoundA

ddraw

DirectDrawCreateEx

liveclient

_ReleaseWebCam@4
_CreateWebCam@4

balancedll

_GetBalanceAccount@4
_UpdateBalanceStatus@4
_RegBalanceCallBack@4
_UpdateEvent@4
_LoginBalanceServer@4
_LogoutBalanceServer@0
_GetBalanceMessage@4

gvcomport

_RegGeoComPort@12
_CheckGeoComPort@12

gvlib

SetMutex
CloseCommPort
ReadID
WriteID
SendCommand
OpenCommPort

gvport

IsGeoPortEx

smsclientdll

_ConnectSMSServer@4
_SendSMSMessage@8
_DisconnectSMSServer@4
_RegSMSCallBack@4

webcamsingle

_wcsEnableFunction@8
_wcsSetCameraName@4
_wcsIsDialogExist@0
_wcsCreateSingleWebCamDlg@36
_wcsUpdateParam@28
_wcsDeleteDlg@0
_wcsRegCallBack@4

geokey

?xUsbRead@CGeoKey@@QAEHG@Z
??0CGeoKey@@QAE@XZ

kernel32

ConvertDefaultLocale
GetModuleHandleA
lstrcmpA
GlobalDeleteAtom
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomA
LocalFree
lstrcpynA
FormatMessageA
GetTickCount
SetLastError
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
InterlockedIncrement
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
VirtualProtect
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
FindResourceExA
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapReAlloc
ExitThread
GetStartupInfoA
GetCommandLineA
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
EnumResourceLanguagesA
IsBadWritePtr
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
ReleaseMutex
CreateMutexA
MoveFileExA
CreateProcessA
GetPrivateProfileIntA
FindNextFileA
CreateDirectoryA
Beep
FindFirstFileA
RemoveDirectoryA
GetPrivateProfileStringA
FindClose
GetDiskFreeSpaceExA
RaiseException
WritePrivateProfileStringA
WritePrivateProfileStructA
DeleteFileA
OutputDebugStringA
InterlockedDecrement
SetEvent
CreateEventA
InitializeCriticalSection
CreateThread
TerminateThread
CloseHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
WaitForMultipleObjects
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
LoadLibraryExA
GetProcAddress
FreeLibrary
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalFree
lstrcpyA
GetComputerNameA
LoadLibraryA
MulDiv
TerminateProcess
GetModuleFileNameA
GlobalAlloc
Sleep
CopyFileA
GetCurrentDirectoryA
GlobalUnlock
GlobalLock
GetPrivateProfileStructA
VirtualFree
ResetEvent

user32

MapDialogRect
SetWindowContextHelpId
CharNextA
wsprintfA
TabbedTextOutA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
DestroyMenu
GetAsyncKeyState
SetRectEmpty
GetSysColorBrush
IsRectEmpty
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
SetParent
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
TrackPopupMenu
SetForegroundWindow
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
WinHelpA
GetWindowPlacement
CopyRect
GetWindow
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetMenuState
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
MessageBoxA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
MessageBeep
FlashWindow
IsWindow
TranslateAcceleratorA
UpdateWindow
MapWindowPoints
FillRect
DrawFocusRect
DrawTextA
GetFocus
SetWindowTextA
SetCursor
SetRect
TranslateMessage
DispatchMessageA
GetSysColor
InflateRect
TrackMouseEvent
GetParent
WindowFromPoint
GetTopWindow
GetCapture
ReleaseCapture
SetCapture
IsZoomed
ModifyMenuA
AppendMenuA
GetWindowRect
DrawEdge
PtInRect
IsWindowVisible
InvalidateRect
UnregisterClassA
CloseWindow
GetCursorPos
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
GetDlgItemInt
CheckDlgButton
RegisterWindowMessageA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
SetTimer
LoadMenuA
GetSubMenu
EnableMenuItem
CheckMenuItem
DeleteMenu
LoadBitmapA
ShowWindow
PostThreadMessageA
GetMessageA
CharUpperA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
SystemParametersInfoA
IsChild
EnableWindow
GetClientRect
ClientToScreen
OffsetRect
GetDC
ReleaseDC
FindWindowA
IsIconic
PostMessageA
LoadAcceleratorsA
SetWindowPos
GetSystemMetrics
SetMenuItemBitmaps

gdi32

SelectClipRgn
CreateRectRgn
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
GetMapMode
StretchDIBits
CreateCompatibleBitmap
GetCharWidthA
GetRgnBox
EnumFontFamiliesExA
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetClipBox
CreateBitmap
GetTextExtentPoint32A
CreateFontA
SetBkColor
SetTextColor
DeleteObject
SelectObject
CreateFontIndirectA
GetObjectA
BitBlt
CreateCompatibleDC
GetDeviceCaps
GetViewportExtEx
GetStockObject
OffsetViewportOrgEx

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ord165

comctl32

ImageList_AddMasked
ImageList_Draw
ImageList_DrawEx
ord17
DestroyPropertySheetPage
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
PropertySheetA
CreatePropertySheetPageA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleFlushClipboard
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize

oleaut32

VarUdateFromDate
VarBstrFromDate
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SafeArrayDestroy
SysAllocString
GetErrorInfo
VariantInit
VariantCopy
SysFreeString

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

488de53f99d707de0704c19dd2b21e8c

Headers

File Characteristics

Imports

msvfw32

avifil32

ws2_32

iphlpapi

winmm

ddraw

liveclient

balancedll

gvcomport

gvlib

gvport

smsclientdll

webcamsingle

geokey

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 482KB - Virtual size: 482KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 9KB - Virtual size: 27KB

.rsrc Size: 199KB - Virtual size: 199KB

.text
Size: 482KB - Virtual size: 482KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 9KB - Virtual size: 27KB

.rsrc
Size: 199KB - Virtual size: 199KB