2024-02-02_821a08e37f69122e6e696adccda18577_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_821a08e37f69122e6e696adccda18577_icedid
Size

500KB
MD5

821a08e37f69122e6e696adccda18577
SHA1

91bd44de3ab1bba727c8086cc1f9eb61384072b5
SHA256

85140244b2a6ccd63368c2ac75415d48da86e3c17e874b774db2c21c017f1cbe
SHA512

0e80af229406ccbaed9c83e0dc4672480a7bb574cbae6b6e54bfeaa78c4a9dedaa7886a259b535424a6fdb0a51f1e9d54c76065528e4967b4382e04923f376d1
SSDEEP

6144:9pbXkBwK3+s1cj+uSsBNKGQgU4fsesnPTba4HuDxQDJroi0jFXGd:rbswlj+wB4x9T1HIxQ9raE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-02_821a08e37f69122e6e696adccda18577_icedid

Files

2024-02-02_821a08e37f69122e6e696adccda18577_icedid
.exe windows:4 windows x86 arch:x86

cbff9947ad4778348317cc661f3132d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kyu\cross-platform\bin\release\MonServiceUDisk.pdb

Imports

setupapi

CM_Request_Device_EjectW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

kernel32

InterlockedIncrement
InterlockedDecrement
GetVersion
GetCurrentProcessId
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalGetAtomNameW
GetAtomNameW
lstrcmpA
lstrlenA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GlobalFlags
SetThreadPriority
ResumeThread
SuspendThread
FreeResource
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
SetErrorMode
MoveFileW
DeleteFileW
GetStringTypeExW
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapReAlloc
HeapSize
ExitThread
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetEnvironmentVariableA
InterlockedCompareExchange
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
WideCharToMultiByte
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
MultiByteToWideChar
CreateEventW
WaitForSingleObject
CreateThread
FormatMessageW
LocalFree
SetEvent
WaitForMultipleObjects
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
HeapAlloc
GetTickCount
GetModuleFileNameW
FindFirstFileW
FindClose
GetVersionExW
GetProcAddress
FreeLibrary
LoadLibraryW
Sleep
CreateFileW
DeviceIoControl
OutputDebugStringW
GetCurrentProcess
GetLastError
CloseHandle
GetModuleHandleA

user32

DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
PostQuitMessage
UnregisterClassW
SetCursor
ShowOwnedPopups
DeleteMenu
CharUpperW
DestroyIcon
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetDialogBaseUnits
UnregisterClassA
GetActiveWindow
GetCursorPos
ValidateRect
GetDesktopWindow
ClientToScreen
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
IsWindowEnabled
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
DrawTextW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
EnableWindow
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
RegisterDeviceNotificationW
UnregisterDeviceNotification
IsWindow
PostMessageW
EnumWindows
FindWindowW
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
TabbedTextOutW
FillRect
SystemParametersInfoW
SendMessageW
GetClassNameW
IsWindowVisible
EnumChildWindows
DestroyMenu
GetMenuItemInfoW
InflateRect
GetMessageW
SetFocus
TranslateMessage
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetMenuState
RegisterClassW

advapi32

RegCreateKeyExW
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DeleteService
CreateServiceW
StartServiceW
ChangeServiceConfigW
OpenSCManagerW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueW

userenv

CreateEnvironmentBlock

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

gdi32

PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
SetWindowExtEx
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCW
CopyMetaFileW
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetDeviceCaps
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
ScaleWindowExtEx

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

GetFileTitleW

shell32

ExtractIconW
SHGetFileInfoW

ole32

ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
StringFromGUID2
CoTaskMemAlloc
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoTreatAsClass
StringFromCLSID
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CoCreateInstance

oleaut32

SafeArrayDestroyDescriptor
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate

Sections

.text
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbff9947ad4778348317cc661f3132d7

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

userenv

shlwapi

gdi32

winspool.drv

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 400KB - Virtual size: 397KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 312B

.text
Size: 400KB - Virtual size: 397KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 312B