2024-02-03_0b6c1ab3a24e4fb76867312362f0aab8_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_0b6c1ab3a24e4fb76867312362f0aab8_icedid
Size

1.8MB
MD5

0b6c1ab3a24e4fb76867312362f0aab8
SHA1

a324d65c3959307f13df406ec0a682c01cabe859
SHA256

727c58887f8762ad652eb755844d2b4f5d3a10913e398c9cfdaefa6dffc1e80c
SHA512

c2cba35b1601a98869d3b330b8bbc57f3148818771128152f073a20b0857f610b227fdfe8677171d801751a2adea5e8f05af91e723259e8a6f18b6ea67995a79
SSDEEP

24576:gA5nCqnstLyUktHIiLyIAHnh+eWsN3skA4RV1Hom2KXMmHaIWNR5:gfqnstLet3LyPh+ZkldoPK8YaIe

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_0b6c1ab3a24e4fb76867312362f0aab8_icedid

Files

2024-02-03_0b6c1ab3a24e4fb76867312362f0aab8_icedid
.exe windows:4 windows x86 arch:x86

bbb582bf7795973e953df5dc67ac275c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\acro_root_at\acrobat\installers\bootstrapexe_small\release\Setup.pdb

Imports

msi

ord118
ord160
ord32
ord159
ord92
ord19
ord195
ord8
ord205

kernel32

lstrlenA
GetModuleHandleA
GlobalFlags
WritePrivateProfileStringW
GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
CreateThread
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
TlsFree
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
InterlockedIncrement
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetModuleFileNameW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
GetVersionExW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetSystemInfo
GetTempPathW
CreateProcessW
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
FormatMessageW
LocalFree
GetUserDefaultLangID
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentStringsW

user32

UnregisterClassW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
CharUpperW
SetCursor
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
UnregisterClassA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextW
GetFocus
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
GetWindowLongW
IsDialogMessageW
DestroyMenu
EndPaint
GetTopWindow
BeginPaint
SendDlgItemMessageW
GetDlgItem
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
EnableWindow
KillTimer
SetTimer
SendMessageW
GetClassInfoW
PeekMessageW

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
StrFormatByteSizeW
PathIsUNCW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

urlmon

URLDownloadToFileW

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbb582bf7795973e953df5dc67ac275c

Headers

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 56KB - Virtual size: 52KB