2024-02-01_9d35d4dab51991d53e6c4ad6d4799b00_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-01_9d35d4dab51991d53e6c4ad6d4799b00_icedid
Size

272KB
MD5

9d35d4dab51991d53e6c4ad6d4799b00
SHA1

2a9650f39cca88b63379583d49656990a58faff6
SHA256

196f083c6c2bac55b9958c05a5f2aefb6635ec2431cf22a92528cc0c3cc63a57
SHA512

01b2dbba1dc6a0905c1e13cd05c5be69dd35bfaacd903d01b16bed7cd4ceb1a368343df74e73f1630250d75cba6e4d145499f77026bfcf0727bb9abf340030f8
SSDEEP

6144:vYCI+wfwpNDsbDxR8w5b0snvg6FDnsNBR:gCzwC9+X5bjg6FDn2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_9d35d4dab51991d53e6c4ad6d4799b00_icedid

Files

2024-02-01_9d35d4dab51991d53e6c4ad6d4799b00_icedid
.exe windows:4 windows x86 arch:x86

42763802738dfe07c8cdd3d12ab99e33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\程序\ulands\CrashReport\Public\Main_CrashReport.pdb

Imports

kernel32

SetErrorMode
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetOEMCP
HeapCreate
VirtualFree
IsBadWritePtr
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetCPInfo
SetEndOfFile
FlushFileBuffers
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
RaiseException
GlobalFlags
InterlockedIncrement
InterlockedDecrement
WritePrivateProfileStringA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
FreeResource
WaitForSingleObject
GlobalAddAtomA
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
UnmapViewOfFile
WriteFile
GetCurrentProcess
DuplicateHandle
CreateFileA
CreateFileMappingA
MapViewOfFile
CloseHandle
GetFileType
GetFileInformationByHandle
GetSystemTime
SystemTimeToFileTime
GetFileSize
SetFilePointer
ReadFile
FileTimeToDosDateTime
FileTimeToSystemTime
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
CreateProcessA
DeleteFileA
GetCurrentDirectoryA
GetLocalTime
GetComputerNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapDestroy
InterlockedExchange

user32

GetSysColorBrush
LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
SetWindowTextA
IsDialogMessageA
wsprintfA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
GetMessageTime
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
PostMessageA
ShowWindow
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon

gdi32

DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathAppendA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
FtpPutFileA

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42763802738dfe07c8cdd3d12ab99e33

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

wininet

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 44KB - Virtual size: 40KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 44KB - Virtual size: 40KB

.UPX
Size: 60KB - Virtual size: 60KB