2024-02-02_f44719b4bf4f7a83f2771dd73387a731_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_f44719b4bf4f7a83f2771dd73387a731_icedid
Size

3.9MB
MD5

f44719b4bf4f7a83f2771dd73387a731
SHA1

a6d644967a0823c080cfe23c68bd0b1281177ace
SHA256

86bee11d4c3a63cee4593b353342945754f8d18ad957e00c6da2e744848a2417
SHA512

b6be81690c305e0076c802ffb27fc5904f03d59bf5bc8530cc76c7e5405eff8cf178d3b9c461217036a7003b27beb052ae3765f2bf4d1c011d2439b54e771c51
SSDEEP

49152:25jrTDZ1buLtQNswTvxUPbU7NLrXao/vqZ2T5QP+iBuscKu6GaXUT4IBAUZLYV0:25rjb8asSHrqwvqZCJBAUZL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-02_f44719b4bf4f7a83f2771dd73387a731_icedid

Files

2024-02-02_f44719b4bf4f7a83f2771dd73387a731_icedid
.exe windows:4 windows x86 arch:x86

663a7b365aa3b36265b324d8f5a0c78d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\rexfly\src\UaTran\Release\UATran.pdb

Imports

user32

LoadCursorA
PostQuitMessage
ShowOwnedPopups
GetSysColorBrush
IsWindowVisible
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
IsIconic
GetWindowPlacement
PtInRect
GetWindow
GetMenuStringA
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
MoveWindow
SetWindowTextA
EndPaint
BeginPaint
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
UnpackDDElParam
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
InsertMenuItemA
ReuseDDElParam
UpdateWindow
UnregisterClassA
CharUpperA
InvalidateRect
SetWindowsHookExA
CallNextHookEx
GetClassNameA
SetPropA
GetMessagePos
GetPropA
RemovePropA
UnhookWindowsHookEx
SetWindowLongA
SetWindowPos
GetWindowLongA
GetWindowDC
GetParent
ClientToScreen
RedrawWindow
WindowFromDC
DestroyIcon
SetCursor
wsprintfA
ReleaseCapture
LoadAcceleratorsA
IsDialogMessageA
SendMessageA
CopyRect
SetRect
CreatePopupMenu
EnableMenuItem
GetDC
ReleaseDC
EnableWindow
PostMessageA
GetIconInfo
GetMenuItemRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenu
CallWindowProcA
GetDesktopWindow
GetWindowRect
ModifyMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
AppendMenuA
DrawFocusRect
DrawEdge
FillRect
LoadMenuA
LoadBitmapA
IsMenu
IntersectRect
OffsetRect
InflateRect
IsRectEmpty
SystemParametersInfoA
DrawStateA
IsWindow
ShowWindow
MenuItemFromPoint
GetCursorPos
LoadIconA
SetForegroundWindow
IsChild
KillTimer
SetTimer
GetClientRect
GetMenu
DestroyMenu
GetSystemMenu
GetMessageTime
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
MessageBeep
CharToOemBuffA
GetFocus
GetSystemMetrics
MessageBoxA
GetSysColor
OemToCharA
CharToOemA
SetFocus

ssleay32

ord12

crypt32

CryptSignMessage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertCreateCertificateContext
CryptMsgControl
CryptMsgClose
CertGetCertificateChain
CertFreeCertificateChain
CryptDecryptMessage
CertFindExtension
CryptDecodeObject
CertGetNameStringA
CertVerifyCRLTimeValidity
CryptEncryptMessage
CertGetCertificateContextProperty
CertCreateCRLContext
CertAddCRLContextToStore
CertFreeCRLContext
CertAddCertificateContextToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CryptFindOIDInfo
CertFindCertificateInStore

rasapi32

RasEnumConnectionsA
RasDialA
RasHangUpA
RasGetErrorStringA

log4cxx

??BMessageBuffer@helpers@log4cxx@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
??1?$ObjectPtrT@VLevel@log4cxx@@@helpers@log4cxx@@UAE@XZ
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@QBD@Z
?getTrace@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??0?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QAE@XZ
??1?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@UAE@XZ
?isTraceEnabled@Logger@log4cxx@@QBE_NXZ
?getDebug@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?isDebugEnabled@Logger@log4cxx@@QBE_NXZ
?getWarn@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?isWarnEnabled@Logger@log4cxx@@QBE_NXZ
?getInfo@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?isInfoEnabled@Logger@log4cxx@@QBE_NXZ
?getError@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
?isErrorEnabled@Logger@log4cxx@@QBE_NXZ
?forcedLog@Logger@log4cxx@@QBEXABV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVLocationInfo@spi@2@@Z
?str@MessageBuffer@helpers@log4cxx@@QAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ostream@DU?$char_traits@D@std@@@5@@Z
??0LocationInfo@spi@log4cxx@@QAE@QBD0H@Z
?getFatal@Level@log4cxx@@SA?AV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@XZ
??0MessageBuffer@helpers@log4cxx@@QAE@XZ
?isFatalEnabled@Logger@log4cxx@@QBE_NXZ
??4?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QAEAAV012@ABV012@@Z
??4?$ObjectPtrT@VLogger@log4cxx@@@helpers@log4cxx@@QAEAAV012@ABH@Z
??6MessageBuffer@helpers@log4cxx@@QAEAAVCharMessageBuffer@12@PBD@Z
?str@MessageBuffer@helpers@log4cxx@@QAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVCharMessageBuffer@23@@Z
??0File@log4cxx@@QAE@PBD@Z
?configure@PropertyConfigurator@log4cxx@@SAXABVFile@2@@Z
??1File@log4cxx@@QAE@XZ
??1MessageBuffer@helpers@log4cxx@@QAE@XZ

ws2_32

gethostname
accept
inet_addr
gethostbyname
connect
getservbyname
htons
getprotobyname
WSAGetLastError
setsockopt
ioctlsocket
ntohs
inet_ntoa
getpeername
getsockname
recv
__WSAFDIsSet
select
send
socket
bind
listen
shutdown
closesocket
WSACancelBlockingCall
WSACleanup
WSAStartup

libgsasl

gsasl_finish
gsasl_property_set
gsasl_decode
gsasl_encode
gsasl_step
gsasl_free
gsasl_client_support_p
gsasl_client_suggest_mechanism
gsasl_init
gsasl_callback_hook_get
gsasl_client_start
gsasl_callback_set
gsasl_callback_hook_set
gsasl_done

shlwapi

PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
StrStrIA
PathFileExistsA

libpq

ord38
ord57
ord15
ord62
ord55
ord58
ord56
ord47
ord45
ord1
ord14
ord33
ord48
ord53
ord54
ord4
ord34
ord21

kernel32

GetDriveTypeA
GetLocaleInfoW
SetEnvironmentVariableA
IsBadCodePtr
DosDateTimeToFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
SetHandleCount
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
SetStdHandle
HeapSize
HeapReAlloc
GetCommandLineA
GetStartupInfoA
VirtualQuery
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
GetFileType
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
CloseHandle
GetLastError
CreateFileA
WideCharToMultiByte
GetCurrentProcess
lstrcpyA
GetSystemInfo
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
UnmapViewOfFile
SetEvent
GetFileAttributesA
MultiByteToWideChar
LocalFree
LocalAlloc
lstrlenA
FormatMessageA
CreateEventA
ReadFile
WriteFile
GlobalFree
GlobalAlloc
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
CreateDirectoryA
GetComputerNameA
OpenMutexA
MapViewOfFile
CreateFileMappingA
CreateNamedPipeA
WaitForSingleObject
GetOverlappedResult
ResetEvent
GetTempPathA
GetCurrentDirectoryA
GetModuleFileNameA
FindNextFileA
FindFirstFileA
GetFileSize
GlobalUnlock
GlobalLock
TerminateProcess
GetModuleHandleA
CreateProcessA
CreatePipe
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetStdHandle
MulDiv
FreeResource
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetCurrentThreadId
FindClose
SetCommState
GetCommState
PurgeComm
EscapeCommFunction
SetCommMask
SetCommTimeouts
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
lstrcmpiA
CompareStringA
CompareStringW
SystemTimeToFileTime
GetSystemTime
CreateMutexA
GetFileAttributesW
DeleteFileW
AreFileApisANSI
CreateFileW
GetTempPathW
SetFilePointer
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
LoadLibraryW
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
lstrcpynA
lstrcmpW
lstrcatA
GlobalGetAtomNameA
LocalFileTimeToFileTime
SetFileTime
GetFileTime
DuplicateHandle
GetVolumeInformationA
SetThreadPriority
ResumeThread
SuspendThread
lstrcmpA
GlobalFlags
GlobalReAlloc
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalHandle
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
WritePrivateProfileStringA
ExitProcess
RtlUnwind
HeapFree
IsBadReadPtr
HeapAlloc
GetTimeFormatA
GetDateFormatA

gdi32

CreateSolidBrush
DeleteDC
CreateBitmap
GetStockObject
GetMapMode
DPtoLP
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
StartDocA
GetWindowExtEx
GetViewportExtEx
IntersectClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
SelectClipRgn
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetPixel
GetPixel
BitBlt
RoundRect
Rectangle
GetNearestColor
SetBrushOrgEx
CreateCompatibleDC
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
CreatePatternBrush
CreatePen
UnrealizeObject
GetTextExtentPoint32A
EndDoc
AbortDoc
EndPage
StartPage
GetTextMetricsA
GetDeviceCaps
CreateDCA
GetObjectA
CreateFontIndirectA

comdlg32

PrintDlgA
GetFileTitleA
GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
GetPrinterA
ClosePrinter

advapi32

OpenSCManagerA
ControlService
QueryServiceStatus
OpenServiceA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegDeleteKeyA
DeleteService
GetUserNameA
SetServiceStatus
CreateServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
CloseServiceHandle

shell32

ShellExecuteA
SHChangeNotify
Shell_NotifyIconA
DragFinish
DragQueryFileA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo
ImageList_GetImageCount

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

odbc32

ord5
ord17
ord41
ord10
ord2
ord1
ord15
ord9
ord51
ord50
ord45
ord44
ord68
ord43
ord59
ord13
ord18
ord46
ord12
ord19
ord11
ord49
ord48
ord8
ord20
ord16
ord3
ord14

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

663a7b365aa3b36265b324d8f5a0c78d

Headers

File Characteristics

PDB Paths

Imports

user32

ssleay32

crypt32

rasapi32

log4cxx

ws2_32

libgsasl

shlwapi

libpq

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oleaut32

wininet

odbc32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 108KB - Virtual size: 188KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 108KB - Virtual size: 188KB

.rsrc
Size: 44KB - Virtual size: 42KB