2024-02-03_c4ff55bc1465235d767ab047eb3fccb6_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_c4ff55bc1465235d767ab047eb3fccb6_icedid
Size

2.7MB
MD5

c4ff55bc1465235d767ab047eb3fccb6
SHA1

a727ec808c6740dcc4df47b033b3fb86f011bbf7
SHA256

18a77ea13cfdd8f4ea63dbd1db9adba8638902ce7a3440e391f1af132c3eb8a0
SHA512

6a31d074af5bc15e3f7533cd6a7f6bf07f2845d5640a593b5787dc09d80bd55272eacea7d5818a93e5d0d7dec979ee67803a0c47ca158b73b1340538ba11b7e9
SSDEEP

12288:kptPpHowybPjeCTM7Gq7F6+CQdfTH7CJqi9hhkMyQHe8ZFhEWgz:WtQTjRTM7ZdPdfTH+XhhkMX5hJgz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_c4ff55bc1465235d767ab047eb3fccb6_icedid

Files

2024-02-03_c4ff55bc1465235d767ab047eb3fccb6_icedid
.exe windows:5 windows x86 arch:x86

ce30d88a85e4d21367f467314651a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DELETE\원본-내디스크 소스\nedisk.com\Bin\client\NeDiskDown.pdb

Imports

wininet

InternetConnectA
HttpSendRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetOpenUrlA
InternetReadFile
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetOpenA

kernel32

LocalReAlloc
TlsFree
InterlockedIncrement
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
GetModuleHandleW
RtlUnwind
ExitThread
CreateThread
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
ExitProcess
VirtualProtect
TlsSetValue
VirtualQuery
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
TlsAlloc
GlobalHandle
TlsGetValue
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FormatMessageA
LocalFree
CreateFileA
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
FreeResource
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcatW
CopyFileW
DeleteFileW
CreateDirectoryW
lstrcpynW
lstrlenW
GetSystemDirectoryA
DeleteFileA
GetCurrentProcess
GetCommandLineA
GetVersionExA
ResetEvent
lstrcmpW
lstrcmpiW
FreeLibrary
GetModuleFileNameW
lstrcpyW
LoadLibraryW
GetNumberFormatA
GetDiskFreeSpaceExA
lstrcpynA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
InterlockedDecrement
GetModuleFileNameA
MultiByteToWideChar
lstrcpyA
lstrlenA
GetTickCount
GetVolumeInformationA
lstrcmpA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetCurrentThread
SetThreadPriority
CreateDirectoryA
CloseHandle
CreateMutexA
GetLastError
Sleep
VirtualAlloc

user32

PostThreadMessageA
DrawIcon
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
ReleaseDC
CharUpperA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
GetMenu
IntersectRect
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
ExitWindowsEx
wsprintfW
ReplyMessage
GetFocus
DrawFocusRect
FillRect
FindWindowA
SetWindowRgn
GetActiveWindow
GetDC
SetRect
GetWindowLongA
LoadBitmapA
IsWindow
GetParent
GetWindowRect
SetWindowLongA
CallWindowProcA
SetCursor
UpdateWindow
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
UnregisterClassA
RedrawWindow
MessageBeep
GetMenuItemInfoA
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
RegisterClassA
LoadCursorA
DestroyIcon
LoadImageA
GetIconInfo
CopyRect
DrawIconEx
WindowFromPoint
SetCapture
GetCapture
ClientToScreen
PtInRect
ReleaseCapture
GetClientRect
OffsetRect
InflateRect
GetSysColor
GetSystemMetrics
EnableWindow
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
ShowWindow
LoadIconA
SetForegroundWindow
InvalidateRect
KillTimer
SetTimer
PostMessageA
SendMessageA
GetClassInfoA
MessageBoxA
SystemParametersInfoA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
Escape
TextOutA
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
CreatePatternBrush
ExtTextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
CreateSolidBrush
GetStockObject
GetObjectA
GetTextExtentPoint32A
Rectangle
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
SetRectRgn
CreateRectRgnIndirect
GetDeviceCaps
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
StretchBlt
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

shell32

DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragFinish
Shell_NotifyIconA

comctl32

ord17

shlwapi

StrFormatByteSize64A
PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
UrlUnescapeA

oledlg

ord8

ole32

CoInitializeEx
OleFlushClipboard
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
OleIsCurrentClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
OleCreateFontIndirect

wsock32

select
WSAGetLastError
setsockopt
WSASetLastError
__WSAFDIsSet
recv
socket
closesocket
ioctlsocket
connect
htons
WSACleanup
WSAStartup

ws2_32

WSASend
WSAWaitForMultipleEvents
WSAConnect
WSASocketA
WSARecv

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce30d88a85e4d21367f467314651a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

ws2_32

version

Sections

.text Size: 448KB - Virtual size: 447KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB