2024-01-27_5198c1922be64b8f3069aaa1cb1c0314_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_5198c1922be64b8f3069aaa1cb1c0314_icedid
Size

383KB
MD5

5198c1922be64b8f3069aaa1cb1c0314
SHA1

6e8be947889f8ca688d0d8799fda0532f2158741
SHA256

4b93554f1ab154dcd5d6941efe319f19bb3d3cfc0e990b473612b52258df2984
SHA512

275e559fe211d8c212a4fac03d184079058264478fbd5f1800eff33504cc7b2e0ca43bdacf13272cc9bc70091359e47dde24bb702e3f0e54e48af019899ea8c4
SSDEEP

6144:xplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:xplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_5198c1922be64b8f3069aaa1cb1c0314_icedid

Files

2024-01-27_5198c1922be64b8f3069aaa1cb1c0314_icedid
.exe windows:4 windows x86 arch:x86

4348535f9074b4376c05f82a699ec652

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\JinZQ\Hook开机启动\CallWebDllLib\Release\CallDll.pdb

Imports

kernel32

FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
GetOEMCP
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
SetLastError
FormatMessageA
GlobalFree
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GlobalAddAtomA
GetCurrentThread
GlobalDeleteAtom
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LocalFree
OutputDebugStringW
TerminateProcess
FindResourceExA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetWindowsDirectoryA
GetProcessId
Thread32First
Thread32Next
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
Process32Next
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapFree
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
CreateThread
CloseHandle
GetPrivateProfileStringA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
CopyFileA
DeleteFileA
MoveFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
Sleep
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
MoveWindow
IsDialogMessageA
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetClassInfoA
SetWindowPlacement
GetDlgCtrlID
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageA
SetTimer
PeekMessageA
GetWindowThreadProcessId
MessageBoxA
RegisterClassA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
PostThreadMessageA
RegisterClipboardFormatA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
UnregisterClassA
CreateWindowExA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsWindow
GetWindowLongA
CharUpperA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon

gdi32

CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoInitialize
OleUninitialize
OleInitialize
CoTaskMemRealloc
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoRevokeClassObject

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SysAllocStringByteLen
VariantChangeType
VariantCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
OleCreateFontIndirect
SysStringByteLen
VariantClear
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

psapi

GetModuleFileNameExA

ws2_32

bind
socket
closesocket
htons
WSAStartup
htonl

Exports

Exports

?EngineProc@@YGJHIJ@Z
?process1@@YAHHHHPAD@Z
?process2@@YAHXZ
?process3@@YAHH@Z
?process5@@YAHH@Z

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4348535f9074b4376c05f82a699ec652

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

ws2_32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 24KB - Virtual size: 1.1MB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 24KB - Virtual size: 1.1MB

.rsrc
Size: 16KB - Virtual size: 15KB