2024-02-01_332a83cd03574db1fe0f198aabf9b06b_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-01_332a83cd03574db1fe0f198aabf9b06b_icedid
Size

396KB
MD5

332a83cd03574db1fe0f198aabf9b06b
SHA1

f790678d829a1bc563a3dbfdfd660dee5982b9f7
SHA256

20ae27cf9719ec99fef814d5e2f807fb3f3085e4be882ea8583311adc3c3cd83
SHA512

c0114df313029fc9fbc549200c8982180fe57dfd8849f8439ca333f1ecb87f7366c722373d24bb80dbc749cdc5fcfbd53d130dcdf2e4f42b86577584d4f91bdd
SSDEEP

6144:vDYyImQdy8F3e8Zu8IP7lGQonsNjeDER:7YyHQdy8F3WTvonQeDE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_332a83cd03574db1fe0f198aabf9b06b_icedid

Files

2024-02-01_332a83cd03574db1fe0f198aabf9b06b_icedid
.exe windows:4 windows x86 arch:x86

89e7a14d5ddedc35dfdc0c9f8ab8ac08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

maskkey

ord1
ord2

kernel32

HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
HeapAlloc
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
RtlUnwind
SetErrorMode
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedDecrement
GlobalFree
FormatMessageA
LocalFree
GetCurrentThread
GlobalAlloc
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStringA
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32Next
GetCurrentProcess
CloseHandle
GetCommandLineA
CreateMutexA
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeEnvironmentStringsA

user32

GetSysColorBrush
DestroyMenu
WindowFromPoint
wsprintfA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
GetClassInfoA
RegisterClassA
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
IsIconic
GetWindowPlacement
GetWindow
InvalidateRect
GetCapture
LoadBitmapA
CopyRect
GetCursorPos
LoadCursorA
SetCursor
ScreenToClient
SetRect
PtInRect
GetSystemMetrics
SystemParametersInfoA
LoadIconA
FindWindowA
KillTimer
SetTimer
IsWindowVisible
GetClientRect
UnregisterClassA
EnableWindow
GetWindowRect
OffsetRect
GetClassLongA

gdi32

MoveToEx
LineTo
GetDeviceCaps
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
CreateFontA
CreateSolidBrush
CreatePen
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
DeleteObject
GetDIBColorTable
GetObjectA
SelectObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PtVisible

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
AdjustTokenPrivileges
RegSetValueExA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89e7a14d5ddedc35dfdc0c9f8ab8ac08

Headers

File Characteristics

Imports

maskkey

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

gdiplus

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 184KB - Virtual size: 181KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 184KB - Virtual size: 181KB

.UPX
Size: 60KB - Virtual size: 60KB