General

Malware Config

Signatures

Files

• 2024-01-25_cc2e18b42fc2331d42e8286dcb4aa968_icedid

  .exe windows:4 windows x86 arch:x86

  e791258d96e10d4d21caa3d8d49afe49

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  UnmapViewOfFile

  CreateFileA

  VirtualQueryEx

  GetCurrentProcess

  MapViewOfFile

  CreateFileMappingA

  GetFileAttributesA

  FindClose

  FindNextFileA

  FindFirstFileA

  ReadFile

  CloseHandle

  GetTempPathA

  GetWindowsDirectoryA

  GetSystemDirectoryA

  LoadLibraryA

  FreeLibrary

  GetProcAddress

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  GetSystemInfo

  IsDebuggerPresent

  OutputDebugStringA

  SetFilePointer

  GetVersionExA

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  GetStartupInfoA

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  GetSystemTimeAsFileTime

  user32

  FindWindowA

  SendMessageA

  MessageBoxA

  advapi32

  RegOpenKeyA

  RegQueryValueExA

  RegCloseKey

  RegQueryValueA

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListA

  SHGetMalloc

  msvcp80

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

  ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

  ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

  ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

  msvcr80

  ??0exception@std@@QAE@ABQBDH@Z

  ?what@exception@std@@UBEPBDXZ

  ??3@YAXPAX@Z

  ??0exception@std@@QAE@XZ

  _invalid_parameter_noinfo

  ??2@YAPAXI@Z

  _CxxThrowException

  ??0exception@std@@QAE@ABV01@@Z

  ??_V@YAXPAX@Z

  strchr

  strrchr

  free

  strcpy

  malloc

  strlen

  strcmp

  ?terminate@@YAXXZ

  ??0exception@std@@QAE@ABQBD@Z

  __getmainargs

  _cexit

  _exit

  _XcptFilter

  _ismbblead

  exit

  _acmdln

  _initterm

  _initterm_e

  _configthreadlocale

  __setusermatherr

  _adjust_fdiv

  __p__commode

  __p__fmode

  _encode_pointer

  __set_app_type

  _crt_debugger_hook

  ?_type_info_dtor_internal_method@type_info@@QAEXXZ

  _except_handler4_common

  _unlock

  __dllonexit

  _lock

  _onexit

  _decode_pointer

  _invoke_watson

  _controlfp_s

  __CxxFrameHandler3

  _snprintf

  _amsg_exit

  ??1exception@std@@UAE@XZ

  Sections

  .text

  Size: 12KB - Virtual size: 10KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 20KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 292KB - Virtual size: 291KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ