2024-02-13_62020525d606ae56e3420ed45bda7a0e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_62020525d606ae56e3420ed45bda7a0e_icedid
Size

5.6MB
MD5

62020525d606ae56e3420ed45bda7a0e
SHA1

b4c5eeb699133834ab6f740956620d484ccb6970
SHA256

cecf617949fdf8aee30e801e00f668264e7e41c4bc28ac575ee93163014f26da
SHA512

5717f68c4e030b6e97f24babebad04b96a296379d01bc35f783ddf5e1263d31d317f0297cb38dc007e3e9b35a2fea98cf2214723397cb95fa8c9d0adb0f29bed
SSDEEP

98304:0ZV1xUxCsYE6dsQvQCyJTWcp2tEAbxkabIG9lYhPf0GtnguUfTf5G:0B7SQtl90TTngPTBG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-13_62020525d606ae56e3420ed45bda7a0e_icedid

Files

2024-02-13_62020525d606ae56e3420ed45bda7a0e_icedid
.exe windows:5 windows x86 arch:x86

062d08637feb3a746d184a3643d5c8b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
WSASocketW
WSACreateEvent
WSACloseEvent
WSASetEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSCDeinstallProvider
WSAResetEvent

winmm

timeSetEvent
timeKillEvent
timeBeginPeriod
waveInGetNumDevs
waveOutGetDevCapsW
waveOutGetNumDevs
timeEndPeriod
waveOutGetID
waveInStop
waveInGetID
waveInMessage
timeGetTime
waveOutMessage
waveOutGetVolume
waveOutSetVolume
waveOutGetPosition
waveInGetPosition
waveOutGetErrorTextW
waveInGetErrorTextW
waveInAddBuffer
waveInUnprepareHeader
waveInReset
waveInStart
waveInPrepareHeader
waveOutUnprepareHeader
waveOutReset
waveOutWrite
waveOutPrepareHeader
mmioSeek
mmioClose
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioOpenW
PlaySoundW
mixerGetControlDetailsW
mixerSetControlDetails
mixerGetLineControlsW
mixerGetLineInfoW
mixerOpen
waveOutClose
waveOutOpen
waveInClose
mixerGetID
waveInOpen
mixerGetDevCapsW
mixerGetNumDevs
mixerClose
waveInGetDevCapsW

kernel32

FindFirstFileA
GetTimeFormatA
GetDateFormatA
HeapReAlloc
RtlUnwind
ExitProcess
ExitThread
SetStdHandle
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetFullPathNameA
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
InterlockedPopEntrySList
InitializeSListHead
FlushInstructionCache
PeekNamedPipe
GetConsoleMode
GetStartupInfoW
SetErrorMode
GetFileSizeEx
GlobalFlags
FindResourceExW
GetConsoleCP
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
SetThreadAffinityMask
GetSystemTime
QueryPerformanceFrequency
InterlockedPushEntrySList
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
lstrlenA
GetLastError
lstrlenW
WideCharToMultiByte
InterlockedDecrement
GetFileAttributesExW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
DeleteFileW
GetTempPathW
GetLongPathNameW
LoadLibraryA
DosDateTimeToFileTime
CreateDirectoryA
SetFileAttributesA
CreateFileA
LocalFileTimeToFileTime
SetFileTime
CloseHandle
WinExec
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalLock
GlobalUnlock
GetVersionExW
FileTimeToDosDateTime
GetFileSize
LocalReAlloc
GlobalHandle
GlobalReAlloc
GetCurrentThread
ConvertDefaultLocale
CompareStringA
InterlockedExchange
WaitForMultipleObjects
GetProfileIntW
GlobalGetAtomNameW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
MoveFileW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GetVersion
GetModuleFileNameA
VirtualProtect
GetCurrentProcessId
CompareStringW
TerminateThread
GetExitCodeThread
FormatMessageW
HeapCreate
HeapDestroy
HeapAlloc
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
lstrcmpA
SetFilePointer
VirtualQuery
Sleep
GetCurrentDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetTempFileNameW
ResumeThread
SetThreadPriority
CreateThread
RaiseException
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
FormatMessageA
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
FindNextFileW
FindClose
QueryPerformanceCounter
OpenProcess
GetVolumeInformationA
GetComputerNameA
DeviceIoControl
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateEventW
LocalSize
MulDiv
GlobalFree
VirtualFree
VirtualAlloc
GlobalSize
GlobalAlloc
SetLastError
LocalUnlock
LocalFree
LocalLock
LocalAlloc
GetModuleHandleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateMutexW
GetLocalTime
UnmapViewOfFile
DuplicateHandle
ReadFile
GetFileInformationByHandle
GetFileType
FreeResource
FindFirstFileW
GetCurrentProcess
SetProcessWorkingSetSize
WaitForSingleObject
ResetEvent
CopyFileW
FileTimeToSystemTime
SystemTimeToFileTime
SetEvent
InterlockedIncrement
GetTickCount
FileTimeToLocalFileTime
GetFileTime
IsDebuggerPresent
GetSystemInfo
CreateFileW
GetModuleFileNameW
WriteFile
GetSystemTimeAsFileTime
TerminateProcess

user32

GetWindowDC
WindowFromDC
FrameRect
SetPropA
CreateWindowExA
RemovePropA
SetScrollRange
GetScrollRange
GetScrollPos
SendMessageA
GetPropA
DefFrameProcW
CallWindowProcA
GetScrollInfo
GetDoubleClickTime
GetWindowThreadProcessId
AdjustWindowRectEx
DrawEdge
IsWindowEnabled
DeferWindowPos
CreateAcceleratorTableW
CharUpperW
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerW
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
CopyAcceleratorTableW
TranslateAcceleratorW
LoadAcceleratorsW
DestroyAcceleratorTable
EndDeferWindowPos
BeginDeferWindowPos
DestroyMenu
GetMenuState
SetCursorPos
CallWindowProcW
SetWindowLongA
GetWindowLongA
IsWindowUnicode
CheckMenuItem
GetCursor
GetMessagePos
CreatePopupMenu
DrawAnimatedRects
EnumChildWindows
TrackPopupMenu
SetParent
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawFrameControl
GetMenuDefaultItem
IsMenu
GetMenuItemID
GetMenuItemCount
IsDialogMessageW
GetNextDlgTabItem
MapVirtualKeyW
CopyIcon
GetIconInfo
CreateIconFromResourceEx
GrayStringW
DrawTextExW
TabbedTextOutW
GetForegroundWindow
GetDCEx
LockWindowUpdate
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxA
CreateWindowExW
RegisterClassW
DestroyWindow
PostQuitMessage
PeekMessageW
ScrollWindowEx
SetCaretPos
HideCaret
ShowCaret
CreateCaret
SetScrollPos
SetScrollInfo
EnableScrollBar
ShowScrollBar
MapWindowPoints
GetSysColorBrush
GetSysColor
UnionRect
InvertRect
DrawIconEx
mouse_event
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
RemovePropW
GetPropW
MapDialogRect
SetPropW
GetWindowPlacement
OpenClipboard
RegisterClipboardFormatW
FillRect
LoadImageW
DrawFocusRect
CreateIconIndirect
DialogBoxIndirectParamW
WinHelpW
EndDialog
SetWindowTextW
SetWindowPos
CheckDlgButton
GetSystemMenu
EnableMenuItem
GetClassNameW
GetDlgItem
GetDialogBaseUnits
DrawTextW
LoadStringW
EndPaint
DrawIcon
BeginPaint
MessageBeep
GetLastActivePopup
GetLastInputInfo
GetMenuItemInfoW
InsertMenuW
ModifyMenuW
FindWindowW
SystemParametersInfoA
SetWindowPlacement
GetClassInfoExW
SetMenu
ScrollWindow
GetMessageTime
SendDlgItemMessageA
SendDlgItemMessageW
SetDlgItemTextW
ValidateRect
MoveWindow
ShowWindow
GetDlgCtrlID
GetTopWindow
UnregisterHotKey
SetMenuDefaultItem
SetForegroundWindow
GetMenu
SetActiveWindow
SetWindowLongW
RegisterHotKey
DestroyIcon
DefWindowProcW
GetClassInfoW
GetWindow
IsChild
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
RedrawWindow
GetActiveWindow
IsRectEmpty
PtInRect
DrawStateW
GetClassLongW
IsZoomed
GetWindowRect
ClientToScreen
OffsetRect
GetSystemMetrics
SendMessageW
GetClientRect
GetParent
PostMessageW
GetNextDlgGroupItem
PostThreadMessageW
CharNextW
GetWindowLongW
GetDesktopWindow
GetCapture
InflateRect
GetWindowRgn
SetWindowRgn
TrackMouseEvent
SetCapture
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
EqualRect
UpdateWindow
ReleaseCapture
SetCursor
LoadCursorW
EnableWindow
BringWindowToTop
SetTimer
InvalidateRect
KillTimer
SetRectEmpty
CopyRect
IntersectRect
GetFocus
IsWindow
SystemParametersInfoW
ScreenToClient
SetRect
GetDC
ReleaseDC
LoadIconW
IsWindowVisible
IsIconic
FlashWindowEx
GetKeyState
WindowFromPoint
SetFocus
LoadMenuW
GetSubMenu
DeleteMenu
MessageBoxW
GetAsyncKeyState
GetWindowTextLengthW
GetWindowTextW
TranslateMDISysAccel
DrawMenuBar
ShowOwnedPopups
SetWindowContextHelpId
UnregisterClassW
InvalidateRgn
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
IsClipboardFormatAvailable
CreateDialogIndirectParamW
keybd_event
RegisterWindowMessageW
wsprintfW

gdi32

GetTextAlign
GetViewportOrgEx
StretchDIBits
SetBrushOrgEx
GetRgnBox
Ellipse
SetBkMode
GetClipBox
CreateDIBitmap
UnrealizeObject
ExtTextOutA
GetObjectA
PlayEnhMetaFile
SelectClipRgn
IntersectClipRect
ExtSelectClipRgn
CopyMetaFileW
SaveDC
RestoreDC
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
SetTextAlign
GetBitmapBits
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetRectRgn
DPtoLP
CreateEllipticRgn
LPtoDP
GetMapMode
ExtCreateRegion
GetWindowOrgEx
GetTextColor
PtInRegion
SetStretchBltMode
StretchBlt
SetTextColor
SetBkColor
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
EnumFontFamiliesExW
CreateSolidBrush
GetPixel
FloodFill
CreatePen
CreateFontW
PlayMetaFile
SetViewportExtEx
SetWindowOrgEx
GetDeviceCaps
Rectangle
Polygon
GetBkColor
PatBlt
CreatePatternBrush
CreateBitmap
SetPixel
GetDIBits
GetCurrentObject
DeleteDC
CreateDCW
CreatePolygonRgn
CreateFontIndirectW
CreateDIBSection
GetTextExtentPoint32W
GetObjectW
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
DeleteObject
EqualRgn
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreateRectRgnIndirect
SetDIBitsToDevice
RoundRect
SelectObject
GetTextMetricsW
GetStockObject

msimg32

AlphaBlend

comdlg32

GetFileTitleW
CommDlgExtendedError

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegEnumValueW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
OpenProcessToken
RegQueryValueW
RegEnumKeyW
CryptGenRandom
RegQueryValueExW

shell32

DragQueryFileW
DuplicateIcon
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
Shell_NotifyIconW
SHAppBarMessage
DragFinish
SHFileOperationW

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Create
ImageList_AddMasked
ImageList_Draw
InitCommonControlsEx

oledlg

OleUIBusyW
OleUIAddVerbMenuW

ole32

CoRegisterMessageFilter
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetClipboard
CoLockObjectExternal
CoDisconnectObject
CoInitializeEx
OleDuplicateData
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
StgOpenStorage
StgCreateDocfile
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
OleSetContainedObject
OleRun
CoCreateInstance
CoCopyProxy
CoSetProxyBlanket
PropVariantClear

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarDateFromStr
VariantTimeToSystemTime
VariantInit
SysAllocStringLen
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
VarUdateFromDate
VariantChangeType
VarCmp
VariantChangeTypeEx
SafeArrayDestroy
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysFreeString
LoadTypeLi
OleCreateFontIndirect
GetErrorInfo
SafeArrayGetDim

wsock32

connect
htonl
WSASetLastError
inet_ntoa
WSACleanup
WSAStartup
WSAAsyncSelect
WSACancelAsyncRequest
accept
listen
recvfrom
send
getsockopt
setsockopt
ntohl
WSAAsyncGetHostByName
getpeername
getsockname
recv
WSAGetLastError
gethostbyname
ntohs
closesocket
sendto
bind
ioctlsocket
htons
socket

iphlpapi

GetIpForwardTable
GetAdaptersInfo

rpcrt4

UuidFromStringW

rasapi32

RasEnumConnectionsW

wininet

InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetGetCookieW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptFindOIDInfo
CertNameToStrA

imm32

ImmReleaseContext
ImmGetContext

secur32

QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
EncryptMessage
QueryCredentialsAttributesW
ApplyControlToken
AcquireCredentialsHandleW
FreeContextBuffer
CompleteAuthToken
AcquireCredentialsHandleA
FreeCredentialsHandle
InitializeSecurityContextA

riched20

ord4

shlwapi

PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW

msdmo

MoInitMediaType
MoFreeMediaType

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 238KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 921KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

062d08637feb3a746d184a3643d5c8b4

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

wsock32

iphlpapi

rpcrt4

rasapi32

wininet

crypt32

imm32

secur32

riched20

shlwapi

msdmo

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 238KB - Virtual size: 301KB

.rsrc Size: 921KB - Virtual size: 920KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 238KB - Virtual size: 301KB

.rsrc
Size: 921KB - Virtual size: 920KB