2024-02-03_fb1d86ca4a2b174a9e1f11f9dfca6073_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_fb1d86ca4a2b174a9e1f11f9dfca6073_icedid
Size

2.4MB
MD5

fb1d86ca4a2b174a9e1f11f9dfca6073
SHA1

2fbce2edd9d5dfb80a78898a4c6344b2c3940d60
SHA256

746e18cc89f3291af63e4a9f81674c332150205c585db6a025ffca86364dd375
SHA512

6cb0d3e988bf6bb03d0f2a47493377ac2447e102e9d2b10665d2651236f6537d2efefe7ac604e7bf6027dab19c780b19d1f7bd45e9ec197ad2f23297dcf23730
SSDEEP

49152:OimyDanCspTxUWSKsnlyVyRHz5WfAcQC/jShDgSvT3J:pmyDarpTxUWSKsnlyVyRHz5WfAUjShB1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_fb1d86ca4a2b174a9e1f11f9dfca6073_icedid

Files

2024-02-03_fb1d86ca4a2b174a9e1f11f9dfca6073_icedid
.exe windows:5 windows x86 arch:x86

364fcb1f3a244e9b4b317bbf3ff68141

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipImageGetFrameDimensionsCount
GdipLoadImageFromFile
GdipCloneImage
GdipBitmapSetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdiplusShutdown
GdipImageGetFrameDimensionsList
GdipSaveImageToFile
GdipDisposeImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipDeleteGraphics
GdipAlloc
GdipDrawImageI
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipFree
GdiplusStartup

kernel32

InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GetThreadLocale
FindClose
FindNextFileW
FindFirstFileW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
WritePrivateProfileStringW
GlobalFindAtomW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileSizeEx
SetErrorMode
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
LCMapStringA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetCurrentProcessId
GetDriveTypeA
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
GetVersionExA
SetLastError
FormatMessageW
FreeResource
InterlockedIncrement
VirtualProtectEx
VirtualQueryEx
MulDiv
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
InterlockedExchangeAdd
GetCommandLineW
LocalFree
FlushFileBuffers
WriteFile
VirtualProtect
FlushInstructionCache
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
WaitForSingleObject
Beep
SetCurrentDirectoryW
lstrlenA
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetSystemInfo
VirtualAlloc
GetModuleHandleA
VirtualFree
lstrcmpA
lstrcpyW
lstrcpynW
GetSystemDirectoryW
GetDiskFreeSpaceExW
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
GetCurrentThreadId
lstrlenW
GetTickCount
lstrcmpiW
CopyFileW
DeleteFileW
GetVersionExW
TlsAlloc
TlsFree
GlobalFree
lstrcmpW
GetModuleFileNameA
CreateFileW
SetFileTime
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetLastError
GetModuleHandleW
GetModuleFileNameW
CreateThread
CloseHandle
GlobalAddAtomW

user32

RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
MoveWindow
ClientToScreen
PostQuitMessage
ValidateRect
SetCursor
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
UnregisterClassW
SetCapture
ReleaseCapture
CharUpperW
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetMenu
UpdateWindow
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
CallWindowProcW
GetMenu
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CreateDialogIndirectParamW
SendDlgItemMessageW
GetNextDlgTabItem
EndDialog
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowLongW
GetCursorInfo
IsWindowEnabled
RedrawWindow
GetActiveWindow
SetActiveWindow
GetFocus
CreateWindowExW
EnumChildWindows
SetWindowLongW
GetWindowDC
WindowFromPoint
GetCursor
DrawIconEx
GetWindowTextLengthW
PrintWindow
GetIconInfo
SetFocus
SetWindowTextW
LoadCursorW
DefWindowProcW
RegisterClassExW
DestroyWindow
VkKeyScanW
GetAsyncKeyState
InflateRect
GetDesktopWindow
IsRectEmpty
InvalidateRect
GetKeyState
wsprintfW
IsClipboardFormatAvailable
ChildWindowFromPoint
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowPos
GetParent
ScreenToClient
GetSystemMenu
AppendMenuW
DrawIcon
RegisterClipboardFormatW
MessageBoxW
GetDlgCtrlID
PostMessageW
IsIconic
ShowWindow
mouse_event
SetCursorPos
EnumWindows
GetClipboardData
GetWindowTextW
IsWindowVisible
GetClassNameW
GetKeyNameTextW
EqualRect
SystemParametersInfoW
keybd_event
MapVirtualKeyW
GetDC
ReleaseDC
LoadIconW
PeekMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IntersectRect
SetRect
IsWindow
SetForegroundWindow
GetSystemMetrics
KillTimer
ExitWindowsEx
RegisterHotKey
GetMessageW
TranslateMessage
DispatchMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
SendMessageW
GetCursorPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetDlgItem
EnableWindow
SetClipboardViewer
ChangeClipboardChain
SetTimer
GetClientRect
GetWindowRect
UnregisterHotKey
PtInRect
FlashWindowEx

gdi32

GetCurrentObject
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontW
Ellipse
DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetTextColor
SetMapMode
LineTo
MoveToEx
GetViewportExtEx
GetWindowExtEx
GetBitmapBits
OffsetViewportOrgEx
SetBitmapBits
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetViewportOrgEx
RestoreDC
SaveDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
GetTextMetricsW
CreatePalette
CreateDCW
GetDeviceCaps
DeleteDC
GetObjectW
GetStockObject
SelectPalette
RealizePalette
GetDIBits
Rectangle
SetViewportExtEx
SelectObject
CreateBitmap
GetClipBox
SetBkMode
SetBkColor

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
AdjustTokenPrivileges
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
GetUserNameW
RegQueryValueExW
LookupPrivilegeValueW
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
UrlUnescapeW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoInitializeEx
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantClear
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString
SafeArrayDestroy
OleCreateFontIndirect
GetErrorInfo

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetGetLastResponseInfoW
InternetSetOptionExW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

364fcb1f3a244e9b4b317bbf3ff68141

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

iphlpapi

version

wininet

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 20KB - Virtual size: 272KB

.rsrc Size: 43KB - Virtual size: 42KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 20KB - Virtual size: 272KB

.rsrc
Size: 43KB - Virtual size: 42KB