2024-02-13_f6575e20b850866715b8d8a940eb86cf_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-13_f6575e20b850866715b8d8a940eb86cf_icedid
Size

452KB
MD5

f6575e20b850866715b8d8a940eb86cf
SHA1

6857bda8e9d9855a69280f26331db9a35a1192c8
SHA256

60e9cd2b39e94e76c359c795775207d63daa4460107208dbde256671866dd1c1
SHA512

4bd5eb3923a98ceba015c578584b6ba5a2d59b8fe786c5c9f9d77570af7b74483e6165eb9c6aad0d741953363dae429cb69134fb5f8db217199eac26054f8a43
SSDEEP

6144:Ctw62YZuXL6nD1+IpAqjITPpSrYfkl49sD95ZYSr3R03FFpLKLFN:PJiuXL6D1+qsTPMrzl/ISd6W3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-13_f6575e20b850866715b8d8a940eb86cf_icedid

Files

2024-02-13_f6575e20b850866715b8d8a940eb86cf_icedid
.exe windows:4 windows x86 arch:x86

72fb15ef138a9a8b82cf193d4dfb864d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\桌面\在线更新\在线更新\在线更新\AutoUpdateClient\Release\更新组件.pdb

Imports

kernel32

ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
MoveFileA
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
GetStartupInfoW
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
GetTimeZoneInformation
IsBadWritePtr
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetTickCount
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
RaiseException
GlobalFlags
InterlockedIncrement
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GlobalFindAtomW
lstrlenA
LoadLibraryA
lstrcatW
GetVersionExA
WritePrivateProfileStringW
GlobalAddAtomW
FreeResource
GetModuleHandleA
SetLastError
GlobalFree
MulDiv
GlobalUnlock
lstrcpynW
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
GetWindowsDirectoryW
GetSystemDirectoryW
CompareFileTime
GetFileTime
FormatMessageW
CreateThread
ResetEvent
WaitForSingleObject
CreateEventW
SetEvent
GetLastError
CreateDirectoryW
DeleteFileW
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
lstrlenW
CreateFileW
CloseHandle
MultiByteToWideChar
OutputDebugStringW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapCreate
DeleteCriticalSection

user32

PostThreadMessageW
DestroyMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
GetSysColorBrush
ReleaseCapture
LoadCursorW
SetCapture
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfW
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
MessageBoxW
GetLastActivePopup
SetCursor
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
RegisterClipboardFormatW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
GetCursorPos
GetAsyncKeyState
LoadIconW
EnableWindow
SendMessageW
SetTimer
InvalidateRect
ScreenToClient
GetClientRect
PostMessageW
LoadBitmapW
PtInRect

gdi32

Escape
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetStockObject
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateFontW
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
BitBlt
CreateCompatibleDC
SelectObject

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW

comctl32

ord17

shlwapi

PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
VariantClear

ws2_32

WSACleanup
WSAStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
HttpOpenRequestW
InternetCrackUrlW
InternetCanonicalizeUrlW

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72fb15ef138a9a8b82cf193d4dfb864d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

version

wininet

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 200KB - Virtual size: 199KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 200KB - Virtual size: 199KB