2024-01-25_9b92abdfbcae2c7fb2e0d9b2c4c47d5d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_9b92abdfbcae2c7fb2e0d9b2c4c47d5d_icedid
Size

2.1MB
MD5

9b92abdfbcae2c7fb2e0d9b2c4c47d5d
SHA1

6ed9c03d3bc2d3a78867f39975bada8decc53f17
SHA256

13e38853a187fc2879d6743044d863f4c20fa060ebe274a50c9b49b3156ebba6
SHA512

9be59412914c438b2d70db4a05adefa8a12d09536ab316010da38e7a0346afd5819ba78229f5bcc6b8b7d9a3c420858ce3d6af917587facb60b7ac52455ea6b9
SSDEEP

49152:ER1j5RB5WGqheqmWyZy4I68k81me1z8bpv+Y:ER1j5RB59qheqmWyZy4I6XEm4z8hd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_9b92abdfbcae2c7fb2e0d9b2c4c47d5d_icedid

Files

2024-01-25_9b92abdfbcae2c7fb2e0d9b2c4c47d5d_icedid
.exe windows:4 windows x86 arch:x86

952b8014c059316f70e08ecddc8847cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

winmm

PlaySoundA
timeGetTime
timeKillEvent
timeGetDevCaps
timeSetEvent
timeBeginPeriod

ddraw

DirectDrawEnumerateExA

ts

TS_SetPtzPreset
TS_RspInvitePreset
TS_InviteReplayNextByDate
TS_InviteReplayPreByDate
TS_InviteReplaySpeedByDate
TS_ReportAVData
TS_CloseDeviceVideo
TS_ReportReplayDataByDate
TS_NotifyReplayStopByDate
TS_NotifyReplayStop
TS_ReportReplayData
TS_InviteReplaySeek
TS_InviteReplayNext
TS_InviteReplayPre
TS_InviteReplaySpeed
TS_InviteModulePeplayContinue
TS_InviteModuleReplayPause
TS_InviteReplayStop
TS_InviteModulePeplayByDateContinue
TS_InviteModuleReplayByDatePause
TS_InviteReplayStopByDate
TS_InviteReplayPause
TS_InvitePeplayContinueByDate
TS_InviteReplaySearchByDate
TS_InviteReplaySearch
TS_InviteReplayStart
TS_InviteDloadStop
TS_InviteDloadStart
TS_InviteReplayStartByDate
TS_Login
TS_SetRealDataCallback
TS_SetPtzDirection
TS_SetPtzAdvance
TS_InviteCloseDeviceVideo
TS_InvitePreset
TS_LoginOut
TS_SetMsgWnd
TS_SetGetUserIdCallback
TS_SetRealReplayCallback
TS_SetDownloadRealDataCallback
TS_SetReplayByDateCallback
TS_RspReplayStart
TS_RspReplaySearch
TS_RspReplaySearchByDate
TS_InviteDeviceList
TS_RspDeviceVideo
TS_IsInnerIp
TS_Delete
TS_RspDeviceList
TS_Init
TS_Release
TS_ModifyChannelCount
TS_StartTS
TS_StopTS
TS_RspDloadStart
TS_ReportDloadData
TS_NotifyDloadStop
TS_NotifyUpdateDeviceList
TS_ReportDeviceState
TS_InviteDeviceVideo
TS_ReportAlarmInfo
TS_InviteReplayPauseByDate
TS_InviteReplaySeekByDate
TS_InvitePeplayContinue

ucremoteconfig

CFG_UC_Init
CFG_UC_ShowModelessDlg
CFG_UC_UnInit

dsound

ord1

ws2_32

recvfrom
sendto
shutdown
WSAStartup
gethostname
send
WSACleanup
socket
htons
inet_addr
gethostbyname
ioctlsocket
WSAGetLastError
closesocket
connect
WSASetLastError
select
getsockopt
recv
setsockopt
inet_ntoa

nvrconfig

?NC_LoadLanguage@@YAHW4Language_Code@@@Z
?NC_ShowConfigByUc@@YAHPAD0GPAVCWnd@@@Z
?NC_HideConfigByUc@@YAHXZ

kernel32

GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
lstrlenA
InterlockedDecrement
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
lstrlenW
SetLastError
GetModuleHandleA
CreateThread
SuspendThread
ResumeThread
SetThreadPriority
GetExitCodeThread
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCommandLineA
OutputDebugStringA
FindClose
FindFirstFileA
GetVersionExA
GetCurrentProcess
GetModuleFileNameA
lstrcmpiA
IsDBCSLeadByte
RaiseException
CreateMutexA
ReleaseMutex
TerminateThread
SetUnhandledExceptionFilter
SetErrorMode
SetFilePointer
CreateFileA
GetLocalTime
FormatMessageA
VirtualQuery
IsBadWritePtr
WriteFile
CreateEventA
SetEvent
SetCommState
GetCommState
SetCommTimeouts
SetupComm
SetCommMask
GetOverlappedResult
ReadFile
PurgeComm
ClearCommError
GetDiskFreeSpaceExA
InterlockedIncrement
GetTimeZoneInformation
GetVersion
CompareStringW
CompareStringA
FreeResource
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
MulDiv
LocalFree
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetThreadLocale
GetModuleFileNameW
MoveFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
WritePrivateProfileStringA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
GetFileTime
GetCurrentDirectoryA
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapAlloc
HeapFree
ExitProcess
HeapReAlloc
GetProcessHeap
GetStartupInfoA
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GetLastError
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesA
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
MultiByteToWideChar
CreateFileW
LoadLibraryExA

user32

BeginPaint
EndPaint
DestroyMenu
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
CopyAcceleratorTableA
InvalidateRgn
UnregisterClassA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
UpdateWindow
PtInRect
wvsprintfA
GetWindowThreadProcessId
GetDC
CopyIcon
SetSystemCursor
LoadCursorFromFileA
DestroyCursor
SetWindowRgn
OffsetRect
IsRectEmpty
LoadIconA
FindWindowA
EnableMenuItem
CheckMenuItem
DrawIcon
RemovePropA
GetMonitorInfoA
CharNextA
GetDesktopWindow
SystemParametersInfoA
GetWindow
GetPropA
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
GrayStringA
DrawTextA
TabbedTextOutA
EqualRect
FillRect
LoadBitmapA
SetRect
GetWindowLongA
SetWindowLongA
CallWindowProcA
GetWindowDC
ReleaseDC
SetRectEmpty
DrawTextW
WindowFromPoint
GetParent
SetCapture
ClientToScreen
LoadMenuA
GetSubMenu
ModifyMenuW
MessageBoxW
LoadCursorA
SetCursor
ClipCursor
ReleaseCapture
IsWindow
SetParent
InvalidateRect
CopyRect
GetSystemMetrics
EnumDisplaySettingsA
ChangeDisplaySettingsA
SetWindowPos
KillTimer
SetTimer
GetClientRect
GetWindowRect
PostMessageA
ScreenToClient
GetCursorPos
SendMessageW
SendMessageA
EnableWindow
SetWindowTextW
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetMenuStringA
DrawTextExA
GetClassLongA
GetClassNameA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
GetMenu
GetMenuItemID
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
IntersectRect
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuItemCount
IsWindowVisible
DrawStateA
CharUpperA
SetFocus
InflateRect
GetWindowTextW
RedrawWindow
LockWindowUpdate
SetPropA
GetSysColor
FindWindowExA

gdi32

DeleteObject
SelectObject
DeleteDC
CreateDIBSection
GetDIBits
RealizePalette
RestoreDC
SetDIBitsToDevice
StretchDIBits
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
Rectangle
SaveDC
SetBkColor
SetBkMode
SetTextColor
GetDeviceCaps
SetMapMode
CreatePen
CreateSolidBrush
GetTextMetricsW
GetTextExtentPoint32W
CreateFontA
CreateRoundRectRgn
GetStockObject
GetTextMetricsA
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
StretchBlt
BitBlt
CreateCompatibleDC
GetObjectA
CreateBitmap
GetRgnBox
DPtoLP
GetClipBox
CreateFontIndirectA
GetMapMode
GetTextColor
GetBkColor
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
LineTo
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
MoveToEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueA
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegEnumKeyA

shell32

ShellExecuteExA
ord680
ShellExecuteA
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA

oledlg

ord8

ole32

CoGetClassObject
CoUninitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
OleRun
CLSIDFromString

oleaut32

VarUdateFromDate
VarDateFromStr
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
DispCallFunc
VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
VarBstrFromDate
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp
VariantCopy
VariantChangeType
OleCreateFontIndirect
SafeArrayUnaccessData
SystemTimeToVariantTime
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SafeArrayAccessData

gdiplus

GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipDrawImageRectRect
GdipDrawImageI
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromStream
GdiplusShutdown
GdipCreateLineBrushFromRectI
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawImageRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree

psapi

GetProcessMemoryInfo

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

952b8014c059316f70e08ecddc8847cd

Headers

File Characteristics

Imports

netapi32

winmm

ddraw

ts

ucremoteconfig

dsound

ws2_32

nvrconfig

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

psapi

imagehlp

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 312KB - Virtual size: 310KB

.data Size: 20KB - Virtual size: 117KB

.rsrc Size: 232KB - Virtual size: 231KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 312KB - Virtual size: 310KB

.data
Size: 20KB - Virtual size: 117KB

.rsrc
Size: 232KB - Virtual size: 231KB