2024-01-23_80add45db27eab1c66e67828e1b737cf_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_80add45db27eab1c66e67828e1b737cf_icedid
Size

856KB
MD5

80add45db27eab1c66e67828e1b737cf
SHA1

460c10b178735186ca4348518bda23cd42d6ce33
SHA256

e6117196f3471c9a8813c6aa84d1ae67631619f5997a573ea7998f29b086b892
SHA512

895c8c57e4b129660ae3a9b13c4e0230c64faa541becde39ce976dffb4b0204021f39a27755028130f90433ee3c387a738ddd6c0234a238d8168b25955a60aaa
SSDEEP

12288:9RerjD30MizJ4/aUgumGo++k7auXjySNKWd9kpMHwHRNCAZpeD0yU2NLtr0:9RJM02UGo++e3GpMkxwDLLtr0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-23_80add45db27eab1c66e67828e1b737cf_icedid

Files

2024-01-23_80add45db27eab1c66e67828e1b737cf_icedid
.exe windows:4 windows x86 arch:x86

e4f188d688596db9781afa1725aef664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
Netbios
NetQueryDisplayInformation
NetLocalGroupAddMembers
NetWkstaGetInfo
NetLocalGroupDelMembers
NetGroupAddUser
NetGroupDelUser
NetGroupEnum
NetLocalGroupEnum
NetGroupAdd
NetLocalGroupAdd
NetLocalGroupDel
NetGroupDel
NetUserGetGroups
NetServerGetInfo
NetGetDCName
NetUserGetLocalGroups
NetUserModalsGet
NetGetAnyDCName

winmm

timeGetTime

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wsock32

getpeername
listen
connect
sendto
recvfrom
socket
WSAAsyncSelect
recv
closesocket
accept
inet_ntoa
WSACleanup
setsockopt
htons
ioctlsocket
WSAStartup
WSASetLastError
WSAGetLastError
send
inet_addr
htonl
gethostbyname
bind

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetConnectionW

kernel32

VirtualProtect
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrcmpiA
WritePrivateProfileStringW
LocalUnlock
LocalLock
GlobalDeleteAtom
GetStringTypeExW
GlobalReAlloc
TlsSetValue
LocalReAlloc
MoveFileW
GetThreadLocale
GetProcessVersion
GetStartupInfoW
ExitProcess
RtlUnwind
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
GetSystemTime
ExitThread
SetStdHandle
HeapSize
UnhandledExceptionFilter
TlsGetValue
GlobalFlags
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
GetModuleHandleA
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetVersionExA
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableW
GetDriveTypeA
SetEnvironmentVariableA
FreeEnvironmentStringsW
LockFile
GetVersion
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetShortPathNameW
GetVolumeInformationW
GetDiskFreeSpaceW
FileTimeToDosDateTime
GetFileSize
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
SetFileTime
CreateFileW
GetFileTime
GetDriveTypeW
lstrcpyW
lstrlenA
Sleep
GetUserDefaultLCID
GetLocaleInfoW
LocalAlloc
LocalFree
lstrcmpiW
FreeLibrary
SetErrorMode
LoadLibraryW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
ClearCommError
lstrcatW
WaitCommEvent
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetCommMask
WriteFile
WaitForMultipleObjects
GetOverlappedResult
SetEvent
PurgeComm
WaitForSingleObject
TerminateThread
CloseHandle
GetFileType
OutputDebugStringW
GetCommState
GetCommProperties
SetupComm
GetCommMask
GetCommTimeouts
SetCommTimeouts
SetCommState
CreateEventW
GetLastError
GetCurrentThreadId
CreateThread
SetThreadPriority
GetCommModemStatus
RaiseException
lstrlenW
DeleteCriticalSection
SetEndOfFile
UnlockFile
DuplicateHandle
FlushFileBuffers
SetFilePointer
IsBadWritePtr
GetFullPathNameW
IsBadReadPtr
lstrcpynW
MulDiv
GlobalGetAtomNameW
GlobalAddAtomW
lstrcmpA
LoadLibraryA
InitializeCriticalSection
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
LocalSize
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
SetCurrentDirectoryW
GetCurrentProcessId
GetCurrentProcess
GetVersionExW
GetSystemInfo
GetModuleHandleW
ResumeThread
SuspendThread
OpenEventW
GetCurrentDirectoryW
GetComputerNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetFileAttributesW
GetExitCodeThread
MoveFileExW
CreateMutexW
CopyFileW
CreateProcessW
lstrcmpW
GetLocalTime
GetCurrentThread
GetThreadPriority
GetExitCodeProcess
TerminateProcess
GetTickCount
WinExec
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DefineDosDeviceW
DeviceIoControl
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
GetModuleFileNameW
GetTempPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
FormatMessageW
ReleaseMutex
DosDateTimeToFileTime
GetTempFileNameW
CreateDirectoryW
TlsAlloc
GetEnvironmentStringsW

user32

DestroyMenu
GetDesktopWindow
ReuseDDElParam
RedrawWindow
DefMDIChildProcW
DrawMenuBar
TranslateAcceleratorW
SetMenu
LoadAcceleratorsW
TranslateMDISysAccel
BringWindowToTop
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
DefFrameProcW
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
MapWindowPoints
SetActiveWindow
CheckMenuItem
AdjustWindowRectEx
EqualRect
SetFocus
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsWindowEnabled
IsChild
GetCapture
GetClassInfoW
RegisterClassW
GetMenuItemCount
GetMenu
TrackPopupMenu
GetDlgItem
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetLastActivePopup
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
SetWindowPos
RegisterWindowMessageW
LoadStringW
EnumDesktopWindows
OpenInputDesktop
GetUserObjectInformationW
GetAsyncKeyState
SetDoubleClickTime
mouse_event
DeferWindowPos
UnionRect
SetCursorPos
CreateIconIndirect
CreateCursor
MapVirtualKeyW
IsIconic
UnpackDDElParam
IntersectRect
GetUpdateRect
ShowWindow
DestroyCursor
InvertRect
GetCursor
DlgDirListW
DlgDirSelectExW
AppendMenuW
GetClipboardData
GetForegroundWindow
GetActiveWindow
OpenDesktopW
CloseDesktop
GetWindowPlacement
DefWindowProcW
LoadIconW
GetDC
ReleaseDC
GetKeyboardType
SetWindowLongW
GetWindowTextLengthW
DeleteMenu
GetSystemMenu
MapDialogRect
DestroyIcon
LockWindowUpdate
GetDCEx
GetSysColorBrush
GetClassNameW
IsClipboardFormatAvailable
GetWindowTextW
UpdateWindow
CharToOemBuffW
CharLowerW
GetWindow
WinHelpW
GetMessageW
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
CloseClipboard
MessageBoxW
GetClipboardOwner
WaitForInputIdle
CharNextW
GetMenuItemID
GetKeyState
IsWindowVisible
PostQuitMessage
GetCursorPos
SetForegroundWindow
IsWindow
SystemParametersInfoW
LoadMenuW
ExitWindowsEx
DestroyWindow
LoadImageW
OffsetRect
ScreenToClient
EnumWindows
GetWindowThreadProcessId
GetSubMenu
RemoveMenu
MessageBeep
GetParent
CharToOemW
LoadCursorW
SetCursor
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
PostThreadMessageW
wvsprintfW
GetSystemMetrics
FindWindowW
GetWindowRect
PostMessageW
EnableWindow
ReleaseCapture
PtInRect
SetCapture
InvalidateRect
IsRectEmpty
InflateRect
ClientToScreen
ValidateRect
CharUpperW
ShowOwnedPopups
WindowFromPoint
WaitMessage
IsZoomed
SetParent
keybd_event
GetTabbedTextExtentW
DrawTextExW
GetMessagePos
GetSysColor
CopyRect
FillRect
DrawFocusRect
DrawTextW
SetRectEmpty
GetClientRect
SendMessageW
SetRect
GetWindowLongW
KillTimer
SetTimer
GetFocus
CreateWindowExW
UnregisterClassW

gdi32

CreateRectRgnIndirect
UnrealizeObject
CreateCompatibleBitmap
CreatePalette
SetBrushOrgEx
RealizePalette
GetObjectW
GetBitmapBits
GetDeviceCaps
CreateCompatibleDC
CreateBitmap
StretchDIBits
BitBlt
MaskBlt
SetPixel
ExtTextOutW
Polyline
GetSystemPaletteUse
SetSystemPaletteUse
StrokePath
EndPath
CloseFigure
BeginPath
CreateDCW
ExtEscape
DeleteDC
ExtTextOutA
DeleteObject
CreateFontIndirectW
SelectObject
RemoveFontResourceW
AddFontResourceW
EnumFontsW
EnumFontFamiliesA
GetStockObject
CreatePen
SetPaletteEntries
CreatePatternBrush
SetDIBits
CreateDIBPatternBrushPt
CreateBrushIndirect
CreateHatchBrush
SetBitmapBits
Polygon
FillPath
Rectangle
CreateSolidBrush
GetDIBits
CombineRgn
GetNearestColor
CreateDIBitmap
CreateDIBSection
GetTextFaceW
GetCharacterPlacementW
GetFontLanguageInfo
GetRgnBox
GetClipRgn
CreateRectRgn
ExtCreatePen
ResizePalette
GetSystemPaletteEntries
SelectPalette
GetPaletteEntries
StartPage
StartDocW
EndDoc
EndPage
AbortDoc
CreateScalableFontResourceW
EnumFontFamiliesW
SetTextAlign
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
CreatePenIndirect
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextCharacterExtra
ExtSelectClipRgn
PtVisible
RectVisible
Escape
PatBlt
TextOutW
LPtoDP
DPtoLP
GetTextExtentPointW
SetAbortProc
GetCharWidthW
GetTextMetricsW
SetRectRgn
SetDIBitsToDevice

comdlg32

CommDlgExtendedError
GetFileTitleW
ReplaceTextW
PrintDlgW
GetOpenFileNameW
FindTextW
GetSaveFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyExW
GetUserNameW
RegSetKeySecurity
RegSetValueW
RegCreateKeyW
RegQueryValueW
RegOpenKeyW
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExA
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
LsaOpenPolicy
LookupAccountSidW
DuplicateToken
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegSetValueExW
FreeSid
ControlService
GetTokenInformation
PrivilegeCheck
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExA
RegDeleteValueW
RegFlushKey
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
CreateServiceW
RegQueryValueExW
ImpersonateLoggedOnUser
LogonUserW
RevertToSelf
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
CreateProcessAsUserW
RegDeleteKeyW

shell32

DragAcceptFiles
ShellExecuteW
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFileInfoW
Shell_NotifyIconW
ExtractIconW

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Destroy
ord17

ole32

CoDisconnectObject

oleaut32

LoadTypeLi
VariantCopy
SysAllocString
VariantClear
VariantChangeType
SysAllocStringLen
SysFreeString
SysStringLen

Exports

Exports

??0CCommBase@@QAE@XZ
??0CCommNetbios@@QAE@PAVCSession@@@Z
??0CCommNetbios@@QAE@XZ
??0CCommSocket@@QAE@PAVCSession@@@Z
??0CCommSocket@@QAE@XZ
??0CPageIpx@@QAE@XZ
??0CPageNetbios@@QAE@XZ
??0CPageTcpIp@@QAE@XZ
??1CCommBase@@UAE@XZ
??1CCommNetbios@@UAE@XZ
??1CCommSocket@@UAE@XZ
??1CPageIpx@@UAE@XZ
??1CPageNetbios@@UAE@XZ
??1CPageTcpIp@@UAE@XZ
??_7CCommBase@@6B@
??_7CCommNetbios@@6B@
??_7CCommSocket@@6B@
??_7CPageIpx@@6B@
??_7CPageNetbios@@6B@
??_7CPageTcpIp@@6B@
?AddNames@CCommNetbios@@QAEXXZ
?AtoH@@YAXPAD0H@Z
?AwaitCommunicationAttempt@CCommNetbios@@UAEHXZ
?AwaitCommunicationAttempt@CCommSocket@@UAEHXZ
?Browse@CCommBase@@UAEHXZ
?Browse@CCommNetbios@@UAEHXZ
?Browse@CCommSocket@@UAEHXZ
?BtoH@@YAED@Z
?Close@CCommNetbios@@UAEXXZ
?Close@CCommSocket@@UAEXXZ
?ConvertToString@CCommSocket@@QAEHH@Z
?GetAddrString@@YAXPAUsockaddr_ipx@@PAD@Z
?GetConfigPage@CCommBase@@QAEPAVCPropertyPage@@H@Z
?GetConfigPage@CCommSocket@@QAEPAVCPropertyPageProtocol@@H@Z
?GetConnectPage@CCommBase@@QAEPAVCPropertyPage@@H@Z
?GetConnectPage@CCommSocket@@QAEPAVCPageBase@@H@Z
?GetInactivityTimer@CCommNetbios@@UAEHXZ
?GetInactivityTimer@CCommSocket@@UAEHXZ
?GetMessageMap@CPageIpx@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CPageNetbios@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CPageTcpIp@@MBEPBUAFX_MSGMAP@@XZ
?GetProfileIntRP32@@YAIPBG0H@Z
?GetProfileStringRP32@@YA?AVCString@@PBG00@Z
?GetRemoteAddress@CCommSocket@@QAEHAAVCString@@@Z
?GetRuntimeClass@CCommBase@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CCommNetbios@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CCommSocket@@UBEPAUCRuntimeClass@@XZ
?HtoA@@YAXPAD0H@Z
?HtoB@@YADE@Z
?IsDataAvailable@CCommNetbios@@UAEHXZ
?IsDataAvailable@CCommSocket@@UAEHXZ
?OnButtonCopybrowse@CPageNetbios@@MAEXXZ
?OnClose@CCommNetbios@@QAEXXZ
?OnConnect@CCommDial@@QAEXH@Z
?OnConnect@CCommNetbios@@QAEXH@Z
?OnConnect@CCommSocket@@QAEXH@Z
?OnReceive@CCommSocket@@QAEXH@Z
?OnSelchangeList2@CPageNetbios@@MAEXXZ
?Open@CCommNetbios@@UAEHPBDIH@Z
?Open@CCommSocket@@UAEHPBDIH@Z
?OutputEvent@CCommBase@@QAAXHZZ
?OutputEvent@CCommBase@@QAAXPBGZZ
?OutputEventError@CCommBase@@QAEXHH@Z
?RP32InitializeGlobalSettings@@YAXPAUHINSTANCE__@@@Z
?ReConnect@CCommNetbios@@UAEHXZ
?ReConnect@CCommSocket@@UAEHXZ
?Read@CCommNetbios@@UAEIPAXI@Z
?Read@CCommSocket@@UAEIPAXI@Z
?ReceivedBrowseResponse@CCommBase@@UAEXPBG@Z
?ReceivedBrowseResponse@CCommSocket@@UAEXPBG@Z
?Rp32GetChatTemplate@@YAPAVCMultiDocTemplate@@XZ
?Rp32GetConnectTemplate@@YAPAVCMultiDocTemplate@@XZ
?Rp32GetFileTemplate@@YAPAVCMultiDocTemplate@@XZ
?Rp32GetGuestTemplate@@YAPAVCMultiDocTemplate@@XZ
?Rp32GetHostTemplate@@YAPAVCMultiDocTemplate@@XZ
?Rp32GetNFileTemplate@@YAPAVCMultiDocTemplate@@XZ
?Rp32LoadFrameWindow@@YAPAVCMainFrame@@HPAG@Z
?Rp32SetGuestTemplate@@YAPAVCMultiDocTemplate@@IPAUCRuntimeClass@@00@Z
?Rp32SetHostTemplate@@YAPAVCMultiDocTemplate@@IPAUCRuntimeClass@@00@Z
?SockerrToResourceID@CCommSocket@@QAEHXZ
?Write@CCommNetbios@@UAEXPBXI@Z
?Write@CCommSocket@@UAEXPBXI@Z
?WriteProfileIntRP32@@YAHPBG0H@Z
?WriteProfileStringRP32@@YAHPBG00@Z
?_messageEntries@CPageIpx@@0PBUAFX_MSGMAP_ENTRY@@B
?_messageEntries@CPageNetbios@@0PBUAFX_MSGMAP_ENTRY@@B
?_messageEntries@CPageTcpIp@@0PBUAFX_MSGMAP_ENTRY@@B
?classCCommBase@CCommBase@@2UCRuntimeClass@@B
?classCCommNetbios@CCommNetbios@@2UCRuntimeClass@@B
?classCCommSocket@CCommSocket@@2UCRuntimeClass@@B
?g_bEnableSiteLicenseVersion@@3HA
?messageMap@CPageIpx@@1UAFX_MSGMAP@@B
?messageMap@CPageNetbios@@1UAFX_MSGMAP@@B
?messageMap@CPageTcpIp@@1UAFX_MSGMAP@@B
RP32EnumHostNodes
RP32EstablishRecordingSession
RP32RecorderExit
RP32RecorderInit
RP32TerminateRecordingSession

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4f188d688596db9781afa1725aef664

Headers

File Characteristics

Imports

netapi32

winmm

version

wsock32

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 660KB - Virtual size: 659KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 59KB - Virtual size: 80KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 660KB - Virtual size: 659KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 59KB - Virtual size: 80KB

.rsrc
Size: 2KB - Virtual size: 2KB