2024-01-23_e3984a6598c37dc69f3cafc4ca85fafc_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_e3984a6598c37dc69f3cafc4ca85fafc_icedid
Size

520KB
MD5

e3984a6598c37dc69f3cafc4ca85fafc
SHA1

c981861964cf2d1ce1a55e7e883f88f55bc7ebe2
SHA256

c68e8a4c6b9494ceb00c95495dd22d0f0bb431b39f44a6c045b7c7681f1c04f3
SHA512

fc7e0baee811d727cc097f0472933e7a2a979a7f25204b3aee297c18530851c651a132debc383e0c4bb537c56d247d1cadd4564a9d1b431d225c83c71dc770e7
SSDEEP

6144:SxnGZvqKweAC5Ix3bQyFUvvO7eqy2OAFwt0cMdMfx76CtjA9Oj2yZTFd:w9KrpyrQy7eqyd0cMdceCtsW5j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-23_e3984a6598c37dc69f3cafc4ca85fafc_icedid

Files

2024-01-23_e3984a6598c37dc69f3cafc4ca85fafc_icedid
.exe windows:4 windows x86 arch:x86

3183ba3d3a0c65cce204213622647563

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tradosbasis

?n_GetMinorVersion@CT_AppVersion@@QBEIXZ
??0CT_AppVersion@@QAE@XZ
?n_GetBuild@CT_AppVersion@@QBEIXZ
?n_GetMajorVersion@CT_AppVersion@@QBEIXZ
?n_GetMaintenance@CT_AppVersion@@QBEIXZ
??1CT_AppVersion@@QAE@XZ

shw32

ord265
ord264
ord94
ord250
ord251
ord252
ord253
ord254
ord255
ord256
ord263
ord257
ord258
ord259
ord260
ord261
ord262

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc80

ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4232
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord1545
ord2086
ord587
ord605
ord310
ord354
ord3182
ord4262
ord5203
ord4244
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4580
ord4890
ord4212
ord5182
ord1892
ord1794
ord3641
ord4735
ord5833
ord2657
ord1123
ord2321
ord297
ord1185
ord304
ord3952
ord1489
ord2902
ord299
ord6703
ord6118
ord1482
ord1091
ord1903
ord3229
ord4237
ord1570
ord2091
ord4099
ord1484
ord1933
ord6266
ord1397
ord657
ord1793
ord907
ord911
ord744
ord5563
ord3997
ord2272
ord6180
ord6174
ord5346
ord555
ord6310
ord3406
ord4353
ord1452
ord4104
ord4035
ord2176
ord1308
ord3056
ord5491
ord3057
ord3304
ord730
ord3038
ord2322
ord6120
ord6067
ord5795
ord2617
ord5630
ord3098
ord1031
ord677
ord1191
ord1187
ord3441
ord2306
ord1181
ord6286
ord1211
ord2259
ord1084
ord3210
ord1934
ord2368
ord3204
ord1280
ord2371
ord2372
ord865
ord2271
ord444
ord589
ord1968
ord6065
ord4125
ord3401
ord330
ord6282
ord4749
ord1395
ord758
ord6037
ord5731
ord5642
ord567
ord301
ord305
ord5320
ord1159
ord5677
ord3514
ord1198
ord3161
ord3286
ord1279
ord5637
ord313
ord629
ord5644
ord347
ord602
ord620
ord3195
ord1009
ord563
ord6255
ord3684
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord591
ord1851
ord6119
ord3761
ord3588
ord5173
ord4591
ord3244
ord2094
ord4100
ord1955
ord1283
ord1063
ord3883
ord5868
ord340
ord4273
ord1361
ord3344
ord5151
ord3974
ord4861
ord4864
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4777
ord4172
ord4980
ord4781
ord4204
ord1600
ord4443
ord4444
ord596
ord2867
ord5705
ord6144
ord3799
ord2370
ord651
ord1969
ord1565
ord416
ord4306
ord3681
ord715
ord741
ord3466
ord6281
ord6283
ord5165
ord4342
ord2430
ord4041
ord5927
ord3077
ord5859
ord6090
ord4952
ord4250
ord3109
ord6305
ord751
ord742
ord740
ord635
ord562
ord553
ord552
ord395
ord4265
ord4277
ord1306
ord2173
ord5205
ord5148
ord3945
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord5012
ord5009
ord2615
ord1913
ord2246
ord4299
ord3648
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord1207
ord4014
ord4038
ord757
ord2248
ord3317
ord4240
ord1591
ord2095
ord593
ord5225
ord5119
ord334
ord959
ord547
ord4031
ord5975
ord1054
ord1126
ord709
ord5613
ord501
ord4467
ord1439
ord6288
ord5089
ord384
ord3683
ord4469
ord3450
ord616
ord368
ord4264
ord4482
ord6043
ord2768
ord3040
ord4222
ord1922
ord4257
ord5495
ord2742
ord5412
ord1379
ord5156
ord2051
ord2016
ord6238
ord2621
ord2614
ord4566
ord4705
ord6231
ord4852
ord1122
ord5934
ord5434
ord4739
ord5592
ord3645
ord3633
ord3465
ord5174
ord4298
ord6754
ord3230
ord2958
ord4238
ord2092
ord658
ord5866
ord3879
ord2250
ord314
ord2253
ord2252
ord6765
ord1556
ord1360
ord5204
ord5914
ord6764
ord4860
ord4863
ord4776
ord4171
ord4388
ord3740
ord2419
ord2420
ord2421
ord2418
ord2417
ord4935
ord5873
ord3369
ord2451
ord2866
ord5871
ord3357
ord1389
ord3875
ord5522
ord3085
ord4587
ord5929
ord3647
ord393
ord760
ord3596
ord3163
ord2367
ord584
ord317
ord2903
ord1001
ord826
ord833
ord2284
ord5403
ord2468
ord3515
ord1100
ord4888
ord5991
ord3292
ord1581
ord1643
ord1486
ord618
ord370
ord3337
ord5712
ord1425
ord2654
ord2079
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3164
ord572
ord2131
ord385
ord2021
ord3088
ord781
ord578
ord3934
ord876
ord784
ord6236
ord2164
ord630
ord4790
ord6278

msvcr80

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
_ismbcalpha
_mbstrlen
atol
_wcsnicmp
_mbsnbicmp
setlocale
_time64
_localtime64_s
strftime
_ltoa
isprint
memcpy
_mbscmp
memset
_makepath
atoi
_splitpath
__CxxFrameHandler3
_CxxThrowException
_setmbcp
feof

kernel32

LocalFree
GetACP
LockResource
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WideCharToMultiByte
MulDiv
lstrcpyA
GetModuleFileNameA
Sleep
DeleteFileA
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetLocaleInfoA
GetThreadLocale
lstrcpynA
GetTempFileNameA
GetTempPathA
CreateProcessA
CreateFileA
SizeofResource
GetFullPathNameA
CopyFileA
EnumResourceNamesA
LoadLibraryExA
MultiByteToWideChar
lstrlenA
BeginUpdateResourceA
EndUpdateResourceA
UpdateResourceA
IsValidLocale
InterlockedExchange
GetLastError
InterlockedIncrement
IsDBCSLeadByteEx
InterlockedDecrement
VerLanguageNameA
GetSystemDirectoryA
GetVersionExA
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
FindResourceA
LoadResource

user32

InvalidateRect
SetCursor
LoadCursorA
PostQuitMessage
GetActiveWindow
MessageBoxA
GetCapture
SetWindowLongA
GetMessageA
ClipCursor
LoadStringA
LoadStringW
EnableWindow
SendMessageA
SetTimer
KillTimer
FrameRect
InflateRect
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
ShowScrollBar
GetFocus
SetActiveWindow
RedrawWindow
FindWindowA
AppendMenuW
SetMenu
AppendMenuA
CreatePopupMenu
CreateMenu
GetCursorPos
TrackPopupMenu
LoadIconA
SetForegroundWindow
PostMessageA
LoadMenuA
GetSubMenu
SetCapture
ClientToScreen
ReleaseCapture
SetRect
GetSystemMetrics
SetWindowPos
GetSysColor
GetWindow
CreateWindowExW
GetClassLongA
SetClassLongA
GetTopWindow
GetClientRect
GetWindowRect
GetMenu
GetDC
GetDialogBaseUnits
ReleaseDC
UpdateWindow

gdi32

SelectObject
GetTextMetricsA
DeleteObject
GetTextExtentPointA
CreateSolidBrush
GetTextExtentPoint32A
TranslateCharsetInfo
EnumFontFamiliesExA
CreateCompatibleBitmap
SetDIBits
DeleteDC
SelectPalette
BitBlt
RealizePalette
CreateCompatibleDC
CreatePalette
GetObjectA
ExtTextOutW
CreateFontA
GetStockObject
GetDeviceCaps
CreateFontIndirectA

shell32

ShellExecuteA
DragAcceptFiles
Shell_NotifyIconA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFileExistsA

ole32

CoTaskMemAlloc
OleRun
CoCreateInstance
CoTaskMemFree

oleaut32

GetErrorInfo
SysAllocString
GetActiveObject
VariantClear
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3183ba3d3a0c65cce204213622647563

Headers

File Characteristics

Imports

tradosbasis

shw32

version

mfc80

msvcr80

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 268KB - Virtual size: 268KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 268KB - Virtual size: 268KB