2024-02-03_c3ab71ba263b9800f683cbc70d7683b2_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_c3ab71ba263b9800f683cbc70d7683b2_icedid
Size

576KB
MD5

c3ab71ba263b9800f683cbc70d7683b2
SHA1

6ee9c82e9616d753a204221a8628bf84ec613c8b
SHA256

30ad44ff406ab2e8106b6f09b1bb583708dabc78ce461bb21c19257e563686f1
SHA512

7a317f53a4d733b25a268376c77936321bf633c5e63ed146a0a15a871bc6a979761be5dd4d523e71c36c636951cb02f8a6306ec66339b044919e9ee43b0d7951
SSDEEP

6144:zmINQvwQl+G3OfF5LYlcWCfGLJRha6YjVqSEy0JdAdISyzRVB87PGWRY3dlPynXY:zm0NfLYl7vLJna6YjVfwMtyzRuoNEW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_c3ab71ba263b9800f683cbc70d7683b2_icedid

Files

2024-02-03_c3ab71ba263b9800f683cbc70d7683b2_icedid
.exe windows:4 windows x86 arch:x86

71394dce02a13570e33bf6b6b1d900dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsuppl01

?AlphaToDigit@@YAXPA_W0@Z
??1CHashInds@@QAE@XZ
??1CHash@@QAE@XZ
??0CHashInds@@QAE@XZ
??0CHash@@QAE@XZ
?InitHash@CHash@@QAAHPA_WH@Z
?InitHash@CHashInds@@QAEHPA_WH@Z
?LargeToSmall@@YAXPA_W@Z
?GetWordByNum@CHash@@QAAXPA_WH@Z
?GetVocal@@YAPA_WPA_WH@Z
?GetInds2ByNum@CHashInds@@QAEHHPAH0@Z
?GetNVocal@@YAHPA_W@Z
?InsIntoStr@@YAHPA_W00@Z
?InVocal@@YAH_W@Z
?SReplace@@YAHPA_W00@Z
?CloseHash@CHash@@QAAXXZ
?CloseHash@CHashInds@@QAEXXZ

transcr

Transcribe

wpar01

?SearchQB@CQbuhf@@UAEHPA_WHJJ@Z
?GetNumber@CQbuhf@@QAEJXZ
?SearchQBHashInt@CQbuhf@@UAEHH@Z
??1CQbuhf@@UAE@XZ
??0CQbuhf@@QAE@XZ
?LoadQB@CQbuhf@@UAEHPA_WJ@Z
?GetCSign@CQbuhf@@UAEHPA_W@Z
?SearchQBHashAllByForm@CQbuhf@@UAEHPA_WPAUword_ids@CQbasis@@@Z
?GetPClass@CQbuhf@@UAEHH@Z
?GetWFormInOrder@CQbuhf@@UAEHPAUwformstr@CQbasis@@@Z
?UnloadQB@CQbuhf@@UAEHXZ

mkh

USHook
SHook

kernel32

LocalAlloc
LeaveCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GlobalFlags
WritePrivateProfileStringW
GetTickCount
LocalUnlock
LocalLock
GlobalGetAtomNameW
RtlUnwind
HeapFree
ExitProcess
HeapAlloc
HeapReAlloc
TerminateProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
GetFileAttributesW
InterlockedDecrement
GlobalFindAtomW
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpiA
GetModuleHandleW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
FreeResource
LoadLibraryW
GetProcAddress
GetShortPathNameW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetStringTypeExW
MoveFileW
WideCharToMultiByte
GetLastError
SetLastError
FormatMessageW
LocalFree
lstrcpyA
lstrcpyW
lstrcmpA
GlobalSize
lstrlenA
GlobalFree
lstrcmpW
GlobalReAlloc
GlobalAlloc
lstrcpynW
MulDiv
GetLogicalDriveStringsW
GetDriveTypeW
GetModuleFileNameW
GetTempPathW
SetCurrentDirectoryW
lstrlenW
GetComputerNameW
MultiByteToWideChar
GlobalLock
GlobalUnlock
DeleteFileW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
LoadResource
LockResource
SizeofResource
FindResourceW
MoveFileExA
CreateFileA
GetSystemDirectoryA
GetStartupInfoW

user32

GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
PostThreadMessageW
DestroyCursor
SetCursorPos
RedrawWindow
IsZoomed
LoadMenuW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
SetRectEmpty
SetMenu
TranslateAcceleratorW
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
GetMenuItemInfoW
InflateRect
ReleaseCapture
LoadCursorW
SetCapture
KillTimer
SetTimer
InvalidateRect
ClientToScreen
SetWindowRgn
DrawIcon
FillRect
IsRectEmpty
SystemParametersInfoW
ReleaseDC
SetWindowContextHelpId
MapDialogRect
WinHelpW
GetCapture
CreateWindowExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
IsChild
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
DefWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
PtInRect
GetWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsDialogMessageW
SendDlgItemMessageW
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
PeekMessageW
GetCursorPos
ValidateRect
ShowOwnedPopups
SetCursor
PostMessageW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
EndDialog
MessageBoxW
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharNextW
DestroyIcon
GetSysColorBrush
SetParent
GetSystemMenu
GetDesktopWindow
wsprintfW
BringWindowToTop
GetComboBoxInfo
GetParent
GetFocus
GetDC
GetClientRect
ActivateKeyboardLayout
OffsetRect
LoadBitmapW
AppendMenuW
CreatePopupMenu
EnableWindow
SetForegroundWindow
FindWindowW
UpdateWindow
GetWindowRect
GetKeyState
SetWindowTextW
OpenClipboard
GetClipboardData
CloseClipboard
PostQuitMessage
GetSystemMetrics
SendMessageW
RegisterWindowMessageW
UnregisterClassW
CallWindowProcW
DeleteMenu
wsprintfA
MessageBoxA
CopyRect
GetClassInfoExW

gdi32

SetBkMode
SetMapMode
CreateSolidBrush
CreateCompatibleBitmap
StretchDIBits
GetCharWidthW
GetStockObject
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
RestoreDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
Ellipse
LPtoDP
CreateEllipticRgn
PatBlt
CreateRectRgnIndirect
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
EnumFontFamiliesExW
EnumFontFamiliesW
GetDeviceCaps
CreateFontW
RemoveFontResourceW
GetMapMode
AddFontResourceW
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
IntersectClipRect
ExcludeClipRect

comdlg32

PrintDlgW
CommDlgExtendedError
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegSetValueW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
SetFileSecurityW
RegCreateKeyW
GetUserNameW
GetFileSecurityW

shell32

SHGetFileInfoW
DragQueryFileW
ExtractIconW
DragFinish

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathFindFileNameW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc

oleaut32

SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantChangeType
SysAllocStringLen
SafeArrayCreate
VariantCopy
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
SafeArrayGetUBound
SysFreeString
SystemTimeToVariantTime
VariantClear

odbc32

ord68
ord44
ord145
ord150
ord51
ord5
ord4
ord117
ord141
ord110
ord2
ord1
ord15
ord9
ord14
ord3
ord16
ord20
ord108
ord48
ord49
ord111
ord119
ord12
ord46
ord18
ord13
ord59
ord43
ord72

Sections

.text
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71394dce02a13570e33bf6b6b1d900dd

Headers

File Characteristics

Imports

wsuppl01

transcr

wpar01

mkh

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

odbc32

Sections

.text Size: 328KB - Virtual size: 326KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 2.2MB

.rsrc Size: 140KB - Virtual size: 138KB

.text
Size: 328KB - Virtual size: 326KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 2.2MB

.rsrc
Size: 140KB - Virtual size: 138KB