2024-01-26_e474402638d1cd34675f7179fefbd128_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-26_e474402638d1cd34675f7179fefbd128_icedid
Size

3.4MB
MD5

e474402638d1cd34675f7179fefbd128
SHA1

619e495de28aeafb7bdb1fd13b8042d0843031a3
SHA256

4207ee4ddf9d6d9ae48db0ec16d555ad812015d3bd0bc8b4d9b1f5650a942b3d
SHA512

872e7e2ab40475944bda6e20d2b6759df1ea164b816fe5e9794187926fef7151044179ff117b0a7317ee12f9ef6f8c89d3ffe3a411bb58739b7be72ef59683be
SSDEEP

98304:EBpaxuEv+sGLwq4dsAXfVnZ36wiyJJXss:RdE0FvDiyA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-26_e474402638d1cd34675f7179fefbd128_icedid

Files

2024-01-26_e474402638d1cd34675f7179fefbd128_icedid
.exe windows:5 windows x86 arch:x86

0d7bd90c82c78be304be844d16c592f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libogg

ogg_stream_clear
ogg_stream_init
ogg_stream_packetin
ogg_page_eos
ogg_stream_pageout
ogg_stream_flush

libvorbis

vorbis_info_init
vorbis_info_clear
vorbis_encode_init_vbr
vorbis_comment_clear
vorbis_dsp_clear
vorbis_block_clear
vorbis_bitrate_flushpacket
vorbis_bitrate_addblock
vorbis_analysis
vorbis_analysis_blockout
vorbis_encode_init
vorbis_analysis_wrote
vorbis_analysis_buffer
vorbis_analysis_headerout
vorbis_block_init
vorbis_analysis_init

audiocdgrabber

ModifyCDParms
GetAspiLibAspiError
GetAspiLibError
GetCDList
GetCDHandle
ReadTOC
CloseCDHandle
ReadCDAudioLBA

libflac

FLAC__stream_encoder_process_interleaved
FLAC__stream_encoder_finish
FLAC__stream_encoder_get_state
FLAC__stream_encoder_set_ogg_serial_number
FLAC__stream_encoder_init_ogg_stream
FLAC__stream_encoder_init_stream
FLAC__stream_encoder_set_compression_level
FLAC__stream_encoder_set_blocksize
FLAC__stream_encoder_set_verify
FLAC__stream_encoder_set_sample_rate
FLAC__stream_encoder_set_bits_per_sample
FLAC__stream_encoder_set_channels
FLAC__stream_encoder_new

libsndfile

ord11
ord37
ord39
ord3
ord2

tvqenc

TvqEncInitialize
TvqGetVersionID
TvqEncGetConfInfo
TvqEncUpdateVectorInfo
TvqEncTerminate
TvqEncodeFrame
TvqEncGetNumChannels
TvqEncGetFrameSize
TvqEncGetVectorInfo

twolame

twolame_set_bitrate
twolame_set_VBR
twolame_set_mode
twolame_init
twolame_set_copyright
twolame_encode_buffer_interleaved
twolame_set_original
twolame_set_num_channels
twolame_set_in_samplerate
twolame_init_params
twolame_close
twolame_set_out_samplerate
twolame_encode_flush

wavpackdll

WavpackCloseFile
WavpackSetConfiguration
WavpackPackInit
WavpackPackSamples
WavpackFlushSamples
WavpackOpenFileOutput

kernel32

EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
SuspendThread
lstrlenA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
InterlockedExchange
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
InterlockedIncrement
FileTimeToLocalFileTime
GlobalGetAtomNameW
GetFileAttributesW
GetFileSizeEx
GetFileTime
FindResourceExW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCurrentDirectoryW
SetErrorMode
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
GetStartupInfoW
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RaiseException
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
WriteConsoleW
GetFileType
GetStdHandle
GetFileInformationByHandle
CreateFileA
GetProcessHeap
ExitThread
VirtualAlloc
VirtualQuery
SetStdHandle
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LCMapStringA
LCMapStringW
lstrcmpA
GetFileAttributesA
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
GetCurrentProcessId
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
CopyFileW
GlobalSize
GetModuleHandleA
VirtualProtect
SetThreadPriority
GetVersionExA
GetEnvironmentVariableA
ResetEvent
CreateEventA
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
SetFilePointer
MulDiv
LocalAlloc
LocalLock
LocalUnlock
GlobalLock
GlobalUnlock
GetVersionExW
GetACP
GetLocaleInfoW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemInfo
SetPriorityClass
WriteFile
GetCurrentThreadId
SetEvent
TerminateThread
CreatePipe
DuplicateHandle
CreateEventW
CreateThread
PeekNamedPipe
CreateProcessW
GetFileSize
ReadFile
FormatMessageW
LocalFree
GetWindowsDirectoryW
lstrcatW
WinExec
lstrlenW
lstrcpyW
GetVersion
GetSystemDefaultLCID
GetDriveTypeW
GetPrivateProfileStringW
GetTickCount
GlobalFree
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetPrivateProfileIntW
DeleteFileW
WritePrivateProfileStringW
WaitForSingleObject
Sleep
InterlockedDecrement
SetLastError
GetModuleHandleW
InitializeCriticalSection
ResumeThread
WaitForMultipleObjects
CreateFileW
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
CreateSemaphoreW
GetLastError
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
FindActCtxSectionStringW
LoadLibraryExW
CompareStringA
FindClose

user32

ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
SetRectEmpty
SetWindowContextHelpId
GetMenuItemInfoW
DestroyMenu
CharUpperW
WindowFromPoint
CharNextW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
UnregisterClassW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
SetParent
RegisterClipboardFormatW
LockWindowUpdate
PostThreadMessageW
DestroyAcceleratorTable
NotifyWinEvent
DrawStateW
DrawEdge
DrawFrameControl
DrawFocusRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
EnableScrollBar
UpdateLayeredWindow
CreateMenu
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
GetMenuDefaultItem
CopyImage
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
SetWindowsHookExW
CallNextHookEx
GetWindowTextLengthW
GetForegroundWindow
GetTopWindow
GetMessageTime
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
SetScrollInfo
DefWindowProcW
IntersectRect
SystemParametersInfoA
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
InsertMenuW
RemoveMenu
GetWindowDC
ClientToScreen
SetActiveWindow
MapDialogRect
IsWindowEnabled
GetActiveWindow
SystemParametersInfoW
CreateDialogIndirectParamW
PeekMessageW
GetMessageW
WaitMessage
PostQuitMessage
DestroyWindow
CheckDlgButton
SetFocus
SetWindowTextW
WinHelpW
GetDialogBaseUnits
GetAsyncKeyState
GetWindowTextW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadStringW
BeginPaint
EndPaint
GetWindowPlacement
SetWindowPlacement
ReleaseCapture
SetClassLongW
SetCapture
GetCapture
RedrawWindow
LoadImageW
MoveWindow
UnionRect
DestroyIcon
SetRect
IsZoomed
EqualRect
CopyRect
IsMenu
AdjustWindowRectEx
GetDlgItem
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassNameW
GetClassLongW
GetWindowRgn
GetScrollInfo
MapWindowPoints
IsWindowVisible
SetWindowRgn
OffsetRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetIconInfo
FillRect
GetWindowLongW
GetFocus
GetKeyState
TranslateMessage
LoadCursorW
CopyIcon
GetParent
GetWindowRect
InflateRect
PtInRect
SetCursor
SetWindowLongW
CallWindowProcW
MessageBeep
RegisterWindowMessageW
MessageBoxW
GetDlgCtrlID
SetWindowPos
TranslateAcceleratorW
GetMessagePos
GetSysColor
SetMenuItemBitmaps
RemovePropW
SetPropW
GetMenu
GetSystemMetrics
LoadAcceleratorsW
KillTimer
SetTimer
InvalidateRect
UpdateWindow
ScreenToClient
GetClientRect
GetSystemMenu
PostMessageW
CheckMenuRadioItem
LoadMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
SetMenuDefaultItem
EnableMenuItem
AppendMenuW
DeleteMenu
DrawIcon
GetDC
DrawIconEx
ReleaseDC
GetDesktopWindow
GetWindow
IsWindow
GetPropW
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
LoadIconW
SendMessageW
EnableWindow
GetSysColorBrush
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetNextDlgTabItem
EndDialog
IsDialogMessageW
DispatchMessageW

gdi32

CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
OffsetRgn
GetWindowOrgEx
FillRgn
CreateBitmapIndirect
GetBitmapBits
StretchBlt
CreateDIBitmap
GetDeviceCaps
CreateFontW
SetTextColor
SetBkColor
CreateDCW
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
GetBkColor
GetPixel
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
LPtoDP
DPtoLP
GetWindowExtEx
SetROP2
SetStretchBltMode
SetMapMode
GetClipBox
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SelectObject
GetViewportExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CopyMetaFileW
GetDCOrgEx
GetCharWidthW
StretchDIBits
GetTextMetricsW
GetTextColor
EnumFontFamiliesExW
GetRgnBox
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
RealizePalette
SetPixel
RoundRect
Rectangle
CreatePalette
GetPaletteEntries
GetViewportOrgEx
PtInRegion
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
SetTextAlign
SetWindowExtEx
GetMapMode
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
CreateSolidBrush
SelectClipRgn
PatBlt
DeleteObject
OffsetWindowOrgEx
DeleteDC

msimg32

GradientFill
AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyW
RegSetValueW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteW

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoInitializeEx
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

GetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayDestroy
SafeArrayAllocDescriptor
VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantCopy

ws2_32

inet_addr
closesocket
WSAGetLastError
connect
recv
send
socket
WSAStartup
WSACleanup
WSASetLastError
htons
gethostname
gethostbyname
select

winmm

waveInClose
waveOutGetNumDevs
waveInGetNumDevs
waveOutMessage
waveInMessage
mciSendCommandW
mciGetErrorStringW
timeGetTime
waveInGetErrorTextA
waveInOpen
waveOutGetErrorTextA
waveOutOpen
waveInGetDevCapsA
waveOutGetDevCapsA
waveOutClose
PlaySoundW
waveOutUnprepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveOutWrite
waveOutGetPosition
waveOutRestart
waveInStart
waveOutPause
waveInReset
waveOutReset
waveOutPrepareHeader
waveInPrepareHeader

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Exports

Exports

_FillWaveFormatEx@16
_FillWaveHeader@16

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d7bd90c82c78be304be844d16c592f5

Headers

DLL Characteristics

File Characteristics

Imports

libogg

libvorbis

audiocdgrabber

libflac

libsndfile

tvqenc

twolame

wavpackdll

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

winmm

gdiplus

imm32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 594KB - Virtual size: 594KB

.data Size: 50KB - Virtual size: 202KB

.rsrc Size: 625KB - Virtual size: 625KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 594KB - Virtual size: 594KB

.data
Size: 50KB - Virtual size: 202KB

.rsrc
Size: 625KB - Virtual size: 625KB