2024-01-29_59b4d588ea0d1892b625aa0988ae1753_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_59b4d588ea0d1892b625aa0988ae1753_icedid
Size

1.3MB
MD5

59b4d588ea0d1892b625aa0988ae1753
SHA1

52c45151e57b5fe45943e3e7d755bb97cb0d893a
SHA256

908a63a12f88131a093188f8374d3ef52a33491dd6bc6deaaaede736db68a401
SHA512

3681b6d4444b287bcf5768b0f6c6facbae62c6208bd15609ec68cda4d4f59de251a7a483100a960c0f2ee03c5d2349e2ca4ac6c3fcda2e03ebbee4df9b7589fd
SSDEEP

24576:R+8Om5rSaYygb6rqSwGRlzSXZEbhEQujiaAv:xjDYQhRa5+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-29_59b4d588ea0d1892b625aa0988ae1753_icedid

Files

2024-01-29_59b4d588ea0d1892b625aa0988ae1753_icedid
.exe windows:4 windows x86 arch:x86

5ff70552ae19612134c5f2989adedaef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Bridgit\ConferenceManager\TANDBERG_Release\ConferenceManager.pdb

Imports

ws2_32

WSASetEvent
WSACreateEvent
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceBeginA
WSAEventSelect
WSAStringToAddressA
WSAGetLastError
closesocket
WSASocketA
WSAEnumNetworkEvents
WSAConnect
WSARecv
WSAResetEvent
htons
WSASend
gethostname
inet_addr
gethostbyname
inet_ntoa
WSAGetOverlappedResult
WSACloseEvent
WSAStartup
select
bind
listen
accept
WSAWaitForMultipleEvents
shutdown
setsockopt
getsockopt
WSACleanup
connect
ntohs
recv
WSASetLastError
send
socket
ioctlsocket
getservbyport
gethostbyaddr
getservbyname
htonl

advapi32

DeleteService
DeregisterEventSource
RegDeleteKeyA
RegEnumValueA
RegFlushKey
RegQueryInfoKeyA
RegOpenKeyA
RegEnumKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegisterEventSourceA
RegisterEventSourceW
ReportEventW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
ReportEventA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

CreateMutexA
CreateProcessA
CreatePipe
GetExitCodeProcess
TerminateProcess
WriteFile
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcmpA
ResetEvent
CreateThread
ReadFile
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
LocalFree
LocalAlloc
FormatMessageA
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
QueryPerformanceCounter
FlushConsoleInputBuffer
GetStdHandle
SetLastError
RaiseException
lstrcpynA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileA
SetErrorMode
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
InterlockedDecrement
InterlockedIncrement
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalFlags
GetCurrentThread
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapSize
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
ReleaseMutex
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateSemaphoreA
SetEvent
CloseHandle
CreateEventA
ReleaseSemaphore
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
lstrcatA
Sleep
DeleteFileA
MoveFileA
lstrlenW
GetTickCount
GetModuleFileNameA
lstrcpyA
HeapReAlloc
HeapAlloc
lstrlenA
HeapFree
GetProcessHeap
WaitForSingleObject
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
GetTimeZoneInformation
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileW
GetModuleFileNameW
OutputDebugStringA
GetTempPathA
GetLocalTime
LoadLibraryExA
FormatMessageW
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GlobalFree

user32

DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
ClientToScreen
SetWindowTextA
ValidateRect
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessagePos
LoadIconA
MapWindowPoints
GetKeyState
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetWindowTextA
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetMenuItemBitmaps
ModifyMenuA
GetSystemMetrics
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMessageTime
GetMenuState
GetMenuItemID
GetMenuItemCount
MessageBoxA
PeekMessageA
DispatchMessageA
GetMessageA
TranslateMessage
CharUpperA
SetRect
wsprintfA
GetSubMenu

gdi32

GetClipBox
GetDeviceCaps
SelectObject
ScaleWindowExtEx
SetWindowExtEx
SetTextColor
SetBkColor
CreateBitmap
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetStockObject
Escape
TextOutA
RectVisible
PtVisible
DeleteObject
DeleteDC
SetMapMode
RestoreDC
SaveDC
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
SysFreeString
VarUdateFromDate
VarDateFromStr
VariantTimeToSystemTime
VariantClear
VariantInit
SysAllocStringLen
SystemTimeToVariantTime

oleacc

CreateStdAccessibleObject
LresultFromObject

iphlpapi

GetIfTable

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ff70552ae19612134c5f2989adedaef

Headers

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

ole32

oleaut32

oleacc

iphlpapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 64KB - Virtual size: 90KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 64KB - Virtual size: 90KB

.rsrc
Size: 4KB - Virtual size: 1KB