2024-01-29_5012013b04851b67f7d1da509b6448b5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_5012013b04851b67f7d1da509b6448b5_icedid
Size

4.8MB
MD5

5012013b04851b67f7d1da509b6448b5
SHA1

16fbb98ff8e1af7968a6af7f219f527826a09a5c
SHA256

77688f304bb163853d1a57da7da63ee52bcaa6b252495917783702b78c4bc06e
SHA512

359cd5627793da114aa5a8bcd41854b0f45e0d29cd8aca08d7626d9454c42d16d192b1924c93a7b3559e38650f8ada54bc3b68514371c63a0d9609d0795a1417
SSDEEP

98304:GK8A5LkXUCmPLsWbo0NdFYC9mMgG2AB8WNez:GKHLkXUdocoIm+m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-29_5012013b04851b67f7d1da509b6448b5_icedid

Files

2024-01-29_5012013b04851b67f7d1da509b6448b5_icedid
.exe windows:4 windows x86 arch:x86

8ac09cd5c212603e4f81194be04aa33e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Franklin-508\import\ReleaseDomino\DominoMigrationWizard.pdb

Imports

dsuiext

ord10

activeds

ord3

mapi32

ord75
ord147
ord185
ord140
ord11
ord135
ord129
ord21
ord23
ord59
ord197
ord198
ord13
ord15
ord17
ord196

ws2_32

gethostname
gethostbyname
WSACleanup
WSAStartup

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSetOption
WinHttpSetTimeouts
WinHttpWriteData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wldap32

ord219
ord46
ord216
ord14
ord13
ord194
ord41
ord224
ord140
ord133
ord40

crypt32

CertFreeCertificateContext

kernel32

GetCurrentProcess
GetCurrentProcessId
lstrlenA
lstrlenW
RaiseException
lstrcpynW
lstrcpyW
SetLastError
GetVersionExA
lstrcmpW
lstrcatW
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
VirtualProtect
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
lstrcmpiA
lstrcmpA
GetCurrentThread
GetUserDefaultLangID
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpiW
GlobalFlags
WritePrivateProfileStringW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetFileAttributesW
GetFileTime
GetTickCount
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
LCMapStringA
LCMapStringW
IsBadWritePtr
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetSystemDirectoryA
LoadLibraryA
GetDateFormatW
GetTimeFormatW
GetFileSize
MulDiv
CompareFileTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetComputerNameW
InterlockedDecrement
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CreateIoCompletionPort
PostQueuedCompletionStatus
Sleep
GetQueuedCompletionStatus
InterlockedIncrement
GlobalLock
GlobalUnlock
GetLocalTime
GetTempPathW
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
OutputDebugStringW
LocalFree
FindResourceExW
GetEnvironmentVariableW
SetEnvironmentVariableW
ReleaseMutex
FreeLibrary
FindFirstFileW
FindClose
CreateMutexW
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
GetModuleHandleW
FreeResource
GetUserDefaultUILanguage
FormatMessageW
LocalAlloc
CreateThread
ResetEvent
WaitForSingleObject
SetEvent
GetLastError
SetFilePointer
ReadFile
FlushFileBuffers
GlobalAlloc
GlobalFree
LocalFileTimeToFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
DeleteFileW
CreateFileW
WriteFile
CloseHandle
SystemTimeToFileTime
GetSystemTime
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
GetTimeZoneInformation
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW

user32

SetRect
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
IsRectEmpty
CharNextW
CharUpperW
ReleaseCapture
SetCapture
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapDialogRect
GetActiveWindow
GetAsyncKeyState
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
GetSysColor
ScreenToClient
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
CopyRect
PtInRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
FindWindowW
GetWindowLongW
SetWindowLongW
RegisterClipboardFormatW
InvalidateRect
LoadIconW
GetSystemMenu
InsertMenuW
LoadBitmapW
MessageBoxW
PostMessageW
GetWindowRect
keybd_event
EnableWindow
GetParent
SendMessageW
SetCursor
LoadCursorW
wsprintfW
AdjustWindowRectEx
SetWindowsHookExW

gdi32

ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
TextOutW
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
OffsetViewportOrgEx
RectVisible
DPtoLP
EnumFontFamiliesExW
GetBkColor
GetTextColor
GetRgnBox
PtVisible
CreateRectRgnIndirect
GetStockObject
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
GetMapMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Destroy

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
OleRun
CoGetMalloc
CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
StgCreateDocfile
WriteClassStg
CoTaskMemAlloc

oleaut32

SystemTimeToVariantTime
SysAllocString
VariantClear
SysFreeString
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocStringLen
SysStringLen
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
GetErrorInfo
VariantChangeType

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ac09cd5c212603e4f81194be04aa33e

Headers

File Characteristics

PDB Paths

Imports

dsuiext

activeds

mapi32

ws2_32

winhttp

version

wldap32

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 416KB - Virtual size: 415KB

.data Size: 24KB - Virtual size: 37KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 416KB - Virtual size: 415KB

.data
Size: 24KB - Virtual size: 37KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB