2024-02-04_e885ed61ec812fe443e3a6d55543cf00_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_e885ed61ec812fe443e3a6d55543cf00_icedid
Size

12.1MB
MD5

e885ed61ec812fe443e3a6d55543cf00
SHA1

30f1d627256638e70d31c82d0b8e889f969cadd9
SHA256

e3e221358d70eea649ee9f18efa7a8dca82583adea1e7bae3db22ddb406eb4af
SHA512

fe317e4e66667c177e1cfc2c1f3b22c248448ee4b88e016d9461765e434dfe80c5555088564698ad73fb8707826d3824240b9dc917de2c9102b2b86514196d2f
SSDEEP

24576:HXxr3C+QhM4z0VvyE+sUsrCYT7dTMnQnPf7teFW9Ts9WilVgRO965Bjdjid2ezj+:3t6/wk0T7h9nrteFW9TWEkS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-04_e885ed61ec812fe443e3a6d55543cf00_icedid

Files

2024-02-04_e885ed61ec812fe443e3a6d55543cf00_icedid
.exe windows:4 windows x86 arch:x86

6c7c23bde2195ba8c59f5dc2a21c5ae1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

appreg10

ShowRegistrationInfoDialog
LaunchSupportURL
ShowAboutDialog
CheckForUpdates
CheckRegistration

xerces-c_2_7d

??1MemBufInputSource@xercesc_2_7@@UAE@XZ
??1XercesDOMParser@xercesc_2_7@@UAE@XZ
?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
??2XMemory@xercesc_2_7@@SAPAXI@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
?elementTypeInfo@AbstractDOMParser@xercesc_2_7@@UAEXQBG0@Z
?XMLDecl@AbstractDOMParser@xercesc_2_7@@UAEXQBG000@Z
?startEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?startElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@IQBGABV?$RefVectorOf@VXMLAttr@xercesc_2_7@@@2@I_N3@Z
?startDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?ignorableWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQBGI_N@Z
?endEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?endElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@I_NQBG@Z
?endDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?docPI@AbstractDOMParser@xercesc_2_7@@UAEXQBG0@Z
?docComment@AbstractDOMParser@xercesc_2_7@@UAEXQBG@Z
?docCharacters@AbstractDOMParser@xercesc_2_7@@UAEXQBGI_N@Z
??3XMemory@xercesc_2_7@@SAXPAX@Z
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ
??0XercesDOMParser@xercesc_2_7@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?setValidationScheme@AbstractDOMParser@xercesc_2_7@@QAEXW4ValSchemes@12@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
??0MemBufInputSource@xercesc_2_7@@QAE@QBEIQBD_NQAVMemoryManager@1@@Z
?parse@AbstractDOMParser@xercesc_2_7@@QAEXABVInputSource@2@@Z
?getDocument@AbstractDOMParser@xercesc_2_7@@QAEPAVDOMDocument@2@XZ
?setPSVIHandler@AbstractDOMParser@xercesc_2_7@@UAEXQAVPSVIHandler@2@@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_7@@MAEPAVDOMElement@2@PBG0@Z
?error@XercesDOMParser@xercesc_2_7@@UAEXIQBGW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?resetErrors@XercesDOMParser@xercesc_2_7@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?expandSystemId@XercesDOMParser@xercesc_2_7@@UAE_NQBGAAVXMLBuffer@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_7@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@QBG00@Z
?startInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?attDef@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_7@@UAEXQBG@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@QBG1_N2@Z
?doctypePI@AbstractDOMParser@xercesc_2_7@@UAEXQBG0@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQBGI@Z
?elementDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDEntityDecl@2@_N1@Z
?resetDocType@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?notationDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLNotationDecl@2@_N@Z
?startAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?TextDecl@AbstractDOMParser@xercesc_2_7@@UAEXQBG0@Z
?handleElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQBG0PAVPSVIElement@2@@Z
?handlePartialElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQBG0PAVPSVIElement@2@@Z
?handleAttributesPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQBG0PAVPSVIAttributeList@2@@Z
?makeStream@MemBufInputSource@xercesc_2_7@@UBEPAVBinInputStream@2@XZ
?getEncoding@InputSource@xercesc_2_7@@UBEPBGXZ
?getPublicId@InputSource@xercesc_2_7@@UBEPBGXZ
?getSystemId@InputSource@xercesc_2_7@@UBEPBGXZ
?getIssueFatalErrorIfNotFound@InputSource@xercesc_2_7@@UBE_NXZ
?setEncoding@InputSource@xercesc_2_7@@UAEXQBG@Z
?setPublicId@InputSource@xercesc_2_7@@UAEXQBG@Z
?setSystemId@InputSource@xercesc_2_7@@UAEXQBG@Z
?setIssueFatalErrorIfNotFound@InputSource@xercesc_2_7@@UAEX_N@Z
?transcode@XMLString@xercesc_2_7@@SAPAGQBD@Z
?transcode@XMLString@xercesc_2_7@@SAPADQBG@Z
?release@XMLString@xercesc_2_7@@SAXPAPAD@Z
?release@XMLString@xercesc_2_7@@SAXPAPAG@Z
?getMessage@XMLException@xercesc_2_7@@QBEPBGXZ

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

crystalreportviewer

OpenCrystalReportViewer
CreateCrystalReportViewer

kernel32

lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
FreeResource
SetFileTime
GetFileTime
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
SetThreadPriority
ResumeThread
SuspendThread
SystemTimeToFileTime
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
FindNextFileA
MoveFileA
DeleteFileA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcmpW
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetShortPathNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetProfileIntA
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
GetCurrentDirectoryA
SetErrorMode
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ExitThread
SetStdHandle
GetFileType
TerminateProcess
HeapSize
GetCurrentProcessId
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
GlobalAddAtomA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
SetLastError
CopyFileA
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
CreateEventA
CreateThread
SetEvent
Beep
ReleaseMutex
GetTickCount
CreateFileA
WriteFile
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
GetCurrentThreadId
EnterCriticalSection
FindFirstFileA
FindClose
WaitForSingleObject
CloseHandle
GlobalSize
GlobalAlloc
GlobalReAlloc
GlobalFree
GetModuleFileNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
QueryPerformanceCounter
GetFileAttributesA
FormatMessageA
LocalFree
Sleep
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
GlobalGetAtomNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetFileSize

user32

IsDialogMessageA
SetWindowLongA
IsWindowEnabled
SetFocus
SetWindowPos
AdjustWindowRectEx
IsIconic
TranslateAcceleratorA
GetWindow
SetMenu
BringWindowToTop
GetLastActivePopup
InsertMenuItemA
SetActiveWindow
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
GetActiveWindow
WinHelpA
GetClassNameA
RegisterWindowMessageA
GetWindowPlacement
CallWindowProcA
GetScrollInfo
DeferWindowPos
SetForegroundWindow
GetScrollPos
GetScrollRange
SetScrollRange
MapWindowPoints
GetMessageTime
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuCheckMarkDimensions
CheckMenuItem
ModifyMenuA
SetMenuItemBitmaps
ValidateRect
EndDialog
CreateDialogIndirectParamA
SetCursorPos
IsZoomed
DeleteMenu
GetSystemMenu
SetParent
GetMenuItemInfoA
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
GetSysColorBrush
DrawIcon
SetWindowRgn
GetDCEx
LockWindowUpdate
DestroyIcon
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
CreateMenu
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
GetDoubleClickTime
WindowFromPoint
FrameRect
GetMessageA
GetCursor
DestroyCursor
SetDlgItemTextA
DrawEdge
UnionRect
SetRectEmpty
CopyRect
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
EqualRect
BeginPaint
EndPaint
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
GetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
DestroyWindow
MoveWindow
ShowWindow
CreateWindowExA
wsprintfA
SetWindowTextA
SetScrollPos
ShowScrollBar
ScrollWindow
SetScrollInfo
IsRectEmpty
DrawFrameControl
ReleaseCapture
ClipCursor
GetCursorPos
SetCursor
GetClassInfoA
DefWindowProcA
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetNextDlgTabItem
SetCapture
GetCapture
InvertRect
IntersectRect
OffsetRect
InflateRect
SetRect
PtInRect
GetDC
ReleaseDC
MessageBoxA
FindWindowA
DrawMenuBar
GetMenu
EnableMenuItem
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessagePos
OpenClipboard
ScreenToClient
ClientToScreen
LoadMenuA
GetSubMenu
IsChild
CharUpperA
RedrawWindow
PeekMessageA
DispatchMessageA
TranslateMessage
GetDesktopWindow
UpdateWindow
GetWindowRect
GetKeyState
IsClipboardFormatAvailable
LoadCursorA
PostMessageA
GetSystemMetrics
LoadIconA
CopyImage
IsWindow
FillRect
KillTimer
SetTimer
InvalidateRect
GetClientRect
GetSysColor
GetWindowTextA
EnableWindow
GetParent
GetFocus
SendMessageA
LoadBitmapA
SendDlgItemMessageA
UnhookWindowsHookEx
UnregisterClassA
RegisterClassA
GetWindowDC
GetDlgItem

gdi32

CreatePolygonRgn
PtInRegion
FillRgn
Rectangle
StretchBlt
CreateBitmap
PlgBlt
GetTextMetricsA
GetTextExtentPointA
SelectObject
DeleteDC
SetBkMode
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
EndDoc
AbortDoc
EndPage
StartPage
StartDocA
GetTextExtentPoint32A
GetBkColor
GetDeviceCaps
CreateCompatibleBitmap
CreateFontA
CreatePen
SelectPalette
RealizePalette
GetDIBits
GetCurrentObject
BitBlt
CreateCompatibleDC
GetObjectA
CreateFontIndirectA
GetNearestColor
GetStockObject
GetWindowOrgEx
GetTextFaceA
GetTextAlign
GetStretchBltMode
PatBlt
CreatePatternBrush
GetPixel
LineTo
MoveToEx
SetTextColor
SetTextAlign
Ellipse
Polygon
CopyMetaFileA
CreateDCA
SaveDC
RestoreDC
SetBkColor
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
StretchDIBits
GetCharWidthA
GetViewportOrgEx
SetAbortProc
CreateEllipticRgn
LPtoDP
GetTextColor
GetRgnBox
GetBkMode
GetPolyFillMode
GetROP2
CreateSolidBrush

comdlg32

PrintDlgA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError
GetFileTitleA

winspool.drv

GetJobA
ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegDeleteValueA

shell32

ShellExecuteA
DragQueryFileA
SHGetFileInfoA
ExtractIconA
DragFinish

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ord17
ImageList_GetImageInfo
ImageList_Draw
_TrackMouseEvent
ImageList_Destroy
ImageList_Create

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleGetClipboard
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor

oleaut32

VarUdateFromDate
OleLoadPicture
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayDestroy
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c7c23bde2195ba8c59f5dc2a21c5ae1

Headers

File Characteristics

Imports

appreg10

xerces-c_2_7d

wininet

crystalreportviewer

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 244KB - Virtual size: 240KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 10.8MB - Virtual size: 10.8MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 244KB - Virtual size: 240KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 10.8MB - Virtual size: 10.8MB