2024-01-28_d286d05145d47e54372183f7d0ced969_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_d286d05145d47e54372183f7d0ced969_icedid
Size

360KB
MD5

d286d05145d47e54372183f7d0ced969
SHA1

2ecdd659b78820e3758e07905a52399e5d48ab27
SHA256

d202a8dee021ef54291a85596d336430151dfa9de0c5efbf1cf16fb3692a9617
SHA512

33cc2f3df546dc6537b16ff3536aa9ae3d06b17374340db3241ebd4b838237a2258613d96c9cdbed11bbefa42e6fc9aeb3a4751f8cbe2e8f57884af73198362c
SSDEEP

6144:z5l7KRv2Ve3Yyht/Z7Gcs3AB6hdb3gTVMfBPZX+N+PnvwnPfTNbuVBDiq28m/kY/:z5l7KRv2Ve3Yyht/Z7Gcs3AB6hdbu6fG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_d286d05145d47e54372183f7d0ced969_icedid

Files

2024-01-28_d286d05145d47e54372183f7d0ced969_icedid
.exe windows:4 windows x86 arch:x86

288f9b0b387e4dccc8f0b599100f3e49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SMA5_Development\SMA5\SMA5BAT\Release\SMA5BAT.pdb

Imports

kernel32

GetFileType
CreateFileA
ExitProcess
HeapAlloc
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
HeapSize
TerminateProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GlobalDeleteAtom
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
SetUnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
GetCommandLineW
GetTimeZoneInformation
GetOEMCP
IsBadReadPtr
IsBadCodePtr
CompareStringA
SetEnvironmentVariableA
GetDriveTypeA
GetModuleHandleA
GetVersionExA
GetCurrentThreadId
GlobalFlags
GetFileTime
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetVersion
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
ReleaseMutex
GetCurrentThread
SetThreadPriority
CreateThread
FindClose
GetUserDefaultLangID
WaitForSingleObject
GetCurrentProcess
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
Sleep
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
GetModuleFileNameA
lstrlenA
DeviceIoControl
GetLastError
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MapViewOfFile
CloseHandle
HeapDestroy
LocalFree

advapi32

InitiateSystemShutdownW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

user32

GetCapture
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowPos
PostQuitMessage
GetDlgItem
CallNextHookEx
GetKeyState
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
GetParent
GetLastActivePopup
IsWindowEnabled
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ShowWindow
UpdateWindow
IsWindow
TranslateMessage
DestroyWindow
EndDialog
ExitWindowsEx

gdi32

DeleteDC
GetStockObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
PtVisible
GetDeviceCaps
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
RectVisible
ScaleViewportExtEx

shell32

ord59
ord680

winspool.drv

ClosePrinter

sma5

SmaExtractCMDXML
CreateISMA5
SmaExtractReqSizeData

iphlpapi

GetAdaptersInfo

comctl32

ord17

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

288f9b0b387e4dccc8f0b599100f3e49

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

winspool.drv

sma5

iphlpapi

comctl32

shlwapi

oleaut32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 968B

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 968B