2024-01-29_d6366268a856ef751b9f6f2fe37f40b9_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_d6366268a856ef751b9f6f2fe37f40b9_icedid
Size

784KB
MD5

d6366268a856ef751b9f6f2fe37f40b9
SHA1

20c9f46615f4f168bd04707275faf402e059e95b
SHA256

874e087aa1fabe8f62d9c9efc9ff5e69130f311b736d5580bd9d9bdb4f041a1c
SHA512

711ccb51e74c00232899f0e23bfd38bba5933ab9ee8171e06ea267b0e594acf9244db2643a8306b11c80776a38ccc8715183ab232195f60a24c14e1805996fe8
SSDEEP

24576:OpriFuAjY/pSO4VayyXp41AgUgIG+uN6nQ:XFu5/pSnVayK4pIhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-29_d6366268a856ef751b9f6f2fe37f40b9_icedid

Files

2024-01-29_d6366268a856ef751b9f6f2fe37f40b9_icedid
.exe windows:5 windows x86 arch:x86

99901ca07e634bed60d2d5ab44698225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\Base\Source\Clients\Admin\PackageCreator\Controller\Release\Controller.pdb

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
RtlUnwind
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileAttributesA
LoadLibraryW
LoadLibraryExA
SetFilePointerEx
CreateProcessA
MoveFileExA
GetTempPathA
GetLocalTime
GetEnvironmentVariableA
OutputDebugStringA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetLastError
CreateMutexA
CloseHandle
MultiByteToWideChar
DeleteFileA
InterlockedDecrement
ExitProcess
GetVersionExA
WaitForSingleObject
SetCurrentDirectoryA
CreateDirectoryA
TerminateThread
ResumeThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
MulDiv
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceA
GlobalFree
SetLastError
GetProcAddress
GetModuleHandleA
FreeLibrary
lstrcmpA
InterlockedExchange
CompareStringA
LoadLibraryA
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetModuleHandleW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
RaiseException
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GetModuleFileNameW
WritePrivateProfileStringA
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId

user32

MapDialogRect
CharNextA
InvalidateRgn
SetRect
IsRectEmpty
UnregisterClassA
ReleaseCapture
SetCapture
GetSysColorBrush
CharUpperA
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
SetWindowContextHelpId
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
mouse_event
SetCursorPos
GetCursorPos
SwitchToThisWindow
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDesktopWindow
RegisterClipboardFormatA
GetNextDlgGroupItem
MessageBeep
GetMessageTime
KillTimer
SetTimer
GetWindowRect
SetForegroundWindow
GetSystemMetrics
GetSysColor
SetCursor
OffsetRect
LoadBitmapA
DrawEdge
EnableMenuItem
SendMessageA
GetSystemMenu
GetClientRect
GetDC
InvalidateRect
EnableWindow
LoadCursorA
LoadIconA
MessageBoxA
ExitWindowsEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
CopyAcceleratorTableA
PostMessageA
CheckMenuItem
ModifyMenuA
GetParent
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
ReleaseDC
CopyRect
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
PostThreadMessageA

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
GetTextExtentPoint32A
CreateSolidBrush
CreateFontIndirectA
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathIsUNCA
UrlUnescapeA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleIsCurrentClipboard

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringByteLen
VarUdateFromDate
VariantChangeType
VariantInit
VariantCopy
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
DispCallFunc

wininet

HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetOpenUrlA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99901ca07e634bed60d2d5ab44698225

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wininet

version

Sections

.text Size: 466KB - Virtual size: 466KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 30KB - Virtual size: 46KB

.rsrc Size: 136KB - Virtual size: 136KB

.text
Size: 466KB - Virtual size: 466KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 30KB - Virtual size: 46KB

.rsrc
Size: 136KB - Virtual size: 136KB