2024-01-29_d9fa1dc6cc6caf9673ef83abc948c130_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_d9fa1dc6cc6caf9673ef83abc948c130_icedid
Size

1.1MB
MD5

d9fa1dc6cc6caf9673ef83abc948c130
SHA1

bdbc4daadee61ba8c864394a536995a4eef6eb0e
SHA256

eceb2e53182f63534021046c80e78a3dc895c5008a98ed76aea4b6300efbd633
SHA512

a5ae369006fea9180d1cb8041d247f915d65fd4b50f2ef5e7c78a1131be5389778e0188a75613278d964fd39b3c3e3c07b29e02688d11d6dafa542479502cb24
SSDEEP

12288:BPbzAtRXy6QeiMYfukpp/xeE7nrF3rC3jluabQ6Wg6arlwon1VsrnL62FjPfUpyl:1SHkpp/xesaQpXvjnBLKUXEpguz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-29_d9fa1dc6cc6caf9673ef83abc948c130_icedid

Files

2024-01-29_d9fa1dc6cc6caf9673ef83abc948c130_icedid
.exe windows:4 windows x86 arch:x86

b49bee29ffa0fa1a41be83b6ec650004

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSACleanup
connect
socket
ioctlsocket
htons
bind
htonl
listen
WSAStartup
gethostname
getsockname
setsockopt
gethostbyname
select
accept
inet_ntoa
recv
send
shutdown
closesocket

ssce4332

SSCE_GetOption
SSCE_CloseBlock
SSCE_SetOption
SSCE_CheckBlock
SSCE_OpenBlock
SSCE_GetBlockInfo
SSCE_CloseSession
SSCE_CloseLex
SSCE_CreateLex
SSCE_OpenSession
SSCE_OpenLex
SSCE_GetLex
SSCE_GetLexInfo
SSCE_SetDebugFile
SSCE_DelFromLex
SSCE_Suggest
SSCE_AddToLex
SSCE_ReplaceBlockWord
SSCE_DelBlockWord
SSCE_NextBlockWord
SSCE_GetBlock

kernel32

ResumeThread
SetEvent
SuspendThread
CreateEventA
SetLastError
MultiByteToWideChar
SetThreadPriority
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
MoveFileA
GetFullPathNameA
GetThreadLocale
GetStringTypeExA
GetFileAttributesA
InterlockedIncrement
WideCharToMultiByte
LocalFileTimeToFileTime
SetFileTime
GetCurrentThread
LocalUnlock
LocalLock
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathA
SearchPathA
GetProcessVersion
GlobalFlags
GetShortPathNameA
InitializeCriticalSection
TlsAlloc
InterlockedDecrement
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
GetFileSize
GetFileTime
lstrcatA
HeapFree
GetACP
HeapReAlloc
HeapAlloc
RaiseException
SetEnvironmentVariableA
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
CreateThread
HeapSize
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetStdHandle
GetLocaleInfoW
LoadLibraryA
FreeLibrary
GetProcAddress
GetCurrentThreadId
GlobalFindAtomA
LoadResource
LockResource
FindResourceA
lstrcmpiA
lstrcmpA
GetCurrentProcessId
CreateProcessA
GetTempFileNameA
SetFileAttributesA
ExitThread
lstrcpyA
CompareFileTime
GlobalGetAtomNameA
GlobalDeleteAtom
GetDriveTypeA
SystemTimeToFileTime
Sleep
GetLogicalDrives
QueryDosDeviceA
GetVolumeInformationA
GetDateFormatA
GetLocalTime
GetSystemTime
LocalFree
GetTimeFormatA
LocalAlloc
SetEndOfFile
CreateFileA
SetFilePointer
GetLastError
WriteFile
MulDiv
OpenFile
ReadFile
_lclose
GlobalSize
CopyFileA
LocalSize
GetCPInfo
IsDBCSLeadByte
GetOEMCP
TlsGetValue
lstrlenA
GlobalUnlock
GlobalReAlloc
lstrcpynA
GetProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
FindNextFileA
GetProfileIntA
FindFirstFileA
GetVersionExA
FindClose
SetCurrentDirectoryA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameA
GlobalAddAtomA
WinExec
WritePrivateProfileStringA
GetVersion
GetTickCount
GetWindowsDirectoryA
GetPrivateProfileStringA
GetModuleHandleA
GlobalAlloc
DeleteFileA
GlobalFree
SetErrorMode
GlobalLock
RtlUnwind
DeleteCriticalSection

user32

IsWindow
GetMessageA
OffsetRect
PtInRect
GetCapture
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
SetParent
InflateRect
DispatchMessageA
IsChild
TranslateMDISysAccel
TranslateAcceleratorA
GetSystemMenu
BringWindowToTop
SetWindowPos
RedrawWindow
IntersectRect
GetTopWindow
GetWindow
IsRectEmpty
DestroyWindow
GetClassInfoA
DialogBoxParamA
ShowCursor
LoadStringA
EnumChildWindows
EndDialog
GetDlgItem
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SetFocus
MoveWindow
ShowWindow
IsWindowEnabled
CreateDialogIndirectParamA
GetActiveWindow
GetNextDlgTabItem
GetWindowPlacement
GetForegroundWindow
GetLastActivePopup
GetMenuState
GetMessagePos
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
CallNextHookEx
SetWindowsHookExA
GetDlgCtrlID
SetWindowPlacement
GetScrollRange
SetScrollInfo
GetScrollInfo
EqualRect
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
LoadIconA
SetDlgItemTextA
IsDialogMessageA
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
wvsprintfA
TranslateMessage
GetWindowDC
GrayStringA
DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
DefFrameProcA
DefMDIChildProcA
MapDialogRect
PostQuitMessage
ShowOwnedPopups
GetMessageTime
FillRect
DestroyCursor
SetCursorPos
WaitMessage
GetWindowThreadProcessId
GetSysColorBrush
InvertRect
DestroyIcon
EnableScrollBar
ShowScrollBar
GetScrollPos
SystemParametersInfoA
GetDoubleClickTime
CopyRect
OemToCharBuffA
IsCharLowerA
IsCharUpperA
CharLowerA
IsCharAlphaA
CharUpperA
GetClassLongA
GetUpdateRect
EndPaint
GetCursorPos
ScreenToClient
ClientToScreen
WindowFromPoint
GetClassNameA
SetCapture
GetClipboardData
ScrollWindow
ValidateRect
HideCaret
SetRect
DrawTextA
TabbedTextOutA
SetScrollPos
SetCaretPos
SetScrollRange
GetTabbedTextExtentA
CharNextA
CreateCaret
ShowCaret
SetCursor
ReleaseCapture
LoadCursorA
GetSysColor
OpenClipboard
SetClipboardData
CloseClipboard
GetMenuStringA
DeleteMenu
wsprintfA
InsertMenuA
GetMenuItemCount
LockWindowUpdate
PeekMessageA
InvalidateRect
MessageBoxA
UnregisterClassA
FindWindowA
SetForegroundWindow
RegisterClassA
CreateWindowExA
UpdateWindow
PostMessageA
SetWindowLongA
GetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetKeyState
GetParent
IsWindowVisible
SetActiveWindow
IsIconic
GetWindowRect
LoadAcceleratorsA
GetKeyboardState
DestroyAcceleratorTable
CreateAcceleratorTableA
MapVirtualKeyA
CopyAcceleratorTableA
KillTimer
SetTimer
IsZoomed
GetDC
ReleaseDC
EnableWindow
SendMessageA
GetDesktopWindow
GetDCEx
WinHelpA
GetMenu
DrawMenuBar
ModifyMenuA
GetMenuItemID
RemoveMenu
SetKeyboardState
TrackPopupMenu
CallWindowProcA
SetRectEmpty
GetAsyncKeyState
ToAscii
CreatePopupMenu
LoadBitmapA
LoadMenuA
GetFocus
GetSubMenu
AppendMenuA
GetClientRect
WindowFromDC
GetSystemMetrics
IsClipboardFormatAvailable
GetCaretPos
MessageBeep
CharToOemBuffA
EmptyClipboard
SetClassLongA
DestroyCaret
BeginPaint

gdi32

GetWindowOrgEx
GetTextFaceA
GetROP2
GetBkMode
GetTextAlign
GetPolyFillMode
GetStretchBltMode
GetBkColor
LPtoDP
BitBlt
CombineRgn
SetRectRgn
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
SetAbortProc
StartPage
EndPage
EndDoc
DeleteObject
GetTextMetricsA
SelectObject
GetCharWidthA
SetTextColor
GetTextExtentPoint32A
GetTextExtentPointA
CreateSolidBrush
SetBkColor
ExtTextOutA
MoveToEx
CreateRectRgn
LineTo
GetClipBox
DPtoLP
SelectClipRgn
GetObjectA
GetDeviceCaps
GetTextColor
GetNearestColor
GetCurrentObject
DeleteDC
StartDocA
CreateBitmap
RestoreDC
SaveDC
CreateFontIndirectA
SetROP2
SetPolyFillMode
SetMapMode
SetViewportOrgEx
SetStretchBltMode
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ExcludeClipRect
IntersectClipRect
ScaleWindowExtEx
SetTextAlign
GetCurrentPositionEx
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
RectVisible
Escape
CreateDCA
TextOutA
CreateRectRgnIndirect
Rectangle
PatBlt
GetViewportOrgEx
AbortDoc
SetBkMode
GetStockObject
CreatePen

comdlg32

ReplaceTextA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
GetFileTitleA
PrintDlgA
ChooseColorA
FindTextA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
GetFileSecurityA
RegCreateKeyA
SetFileSecurityA
RegQueryValueA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA

shell32

ShellExecuteA
ExtractIconA
ShellExecuteExA
DragAcceptFiles
DragQueryFileA
DragFinish
SHGetFileInfoA

comctl32

ImageList_AddMasked
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Create
ImageList_Destroy
ImageList_LoadImageA

Sections

.text
Size: 704KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b49bee29ffa0fa1a41be83b6ec650004

Headers

File Characteristics

Imports

wsock32

ssce4332

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 704KB - Virtual size: 700KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 48KB - Virtual size: 89KB

.rsrc Size: 208KB - Virtual size: 205KB

.text
Size: 704KB - Virtual size: 700KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 48KB - Virtual size: 89KB

.rsrc
Size: 208KB - Virtual size: 205KB