2024-01-25_e34ab7d9c3bcdbbf1d651e880620e983_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-25_e34ab7d9c3bcdbbf1d651e880620e983_icedid
Size

240KB
MD5

e34ab7d9c3bcdbbf1d651e880620e983
SHA1

273dae411ae0da20734b99e002182ce96cb09f50
SHA256

70fc912a33c01aad98a881d2f31f2a2f996a361911ef321bab95191107b6b38a
SHA512

6c772a11300ce3498f4d74205f7bdec63ca5595fdf10a525d6cbdf35421f2316189b34656228e77fc6e56ec19e5111034fb125e4e1e7e3e4d1c5d40242159cd7
SSDEEP

6144:EBtgbFz8+dETWhQef41e6V1ZVleBYOK2yNTEhE:ELgbhrdEIh4v6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_e34ab7d9c3bcdbbf1d651e880620e983_icedid

Files

2024-01-25_e34ab7d9c3bcdbbf1d651e880620e983_icedid
.exe windows:4 windows x86 arch:x86

8ffdc67f12b15201ed4c7b621cb5e275

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
RtlUnwind
ExitProcess
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
GetFileTime
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
InterlockedDecrement
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
WritePrivateProfileStringA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
WaitForSingleObject
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
FormatMessageA
lstrcpynA
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFileAttributesA
CreateMutexA
GetLastError
lstrlenA
MultiByteToWideChar
GlobalUnlock
WriteFile
CreateFileA
CloseHandle
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeW
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
DestroyMenu
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
wsprintfA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
IsChild
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
RegisterClipboardFormatA
SetCursor
PostMessageA
GetDesktopWindow
GetWindowTextA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnregisterClassA
CharUpperA
PostQuitMessage
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
GetClientRect
IsIconic
SendMessageA
DrawIcon

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectObject
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

OleCreateFontIndirect
VariantInit
SysAllocString
SysAllocStringLen
SafeArrayDestroy
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SystemTimeToVariantTime

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

HttpSendRequestA
InternetConnectA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile

ws2_32

connect
ioctlsocket
closesocket
setsockopt
select
socket
htons
inet_addr
WSAStartup
gethostbyname
recv
send

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ffdc67f12b15201ed4c7b621cb5e275

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

wininet

ws2_32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 20KB - Virtual size: 18KB