2024-02-14_59e12496713eb70265686ad80fbf108c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-14_59e12496713eb70265686ad80fbf108c_icedid
Size

1.5MB
MD5

59e12496713eb70265686ad80fbf108c
SHA1

dc1d6d13942e2a2cc665598ef1940dafc309e7a5
SHA256

d0258cab8ac3ffc110eed9051ea493456d3f751c5904129c98175a295c506430
SHA512

5185e8d653605611c01f50f5f50ea049dcd8fae3ca92477f0f29c82d3c236daeac0aadd8bdc22142e9eb07c7b5a2e0bd00d512cffff15822a94757948539c79f
SSDEEP

24576:hK7/3BhjXQhshgSKT5ajMDs8rJTsDUKEsR4Si3reX2EjITROAMuR5m74C9m0b:hQRhwsjBqSqSeOAMIEX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-14_59e12496713eb70265686ad80fbf108c_icedid

Files

2024-02-14_59e12496713eb70265686ad80fbf108c_icedid
.exe windows:5 windows x86 arch:x86

607e39ba09a706afb978f1f533f7baa5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\About_work\Code\workSpace\pp18Mgr_all\PP18Mgr_4.0.0.1003\Release\pp18Mgr.pdb

Imports

gdiplus

GdipGetGenericFontFamilySansSerif
GdipDeleteStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipDrawString
GdipCreateTexture
GdipFillRectangle
GdipCreateTextureIA
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateStringFormat
GdipDisposeImage
GdipDrawImageRectRect
GdipGetImageHeight
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeleteFontFamily
GdipCreateFont
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipFree

imagehlp

MakeSureDirectoryPathExists

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

CMP_WaitNoPendingInstallEvents
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

sqlite_win32_dll

sqlite3_column_text
sqlite3_open
sqlite3_exec
sqlite3_prepare
sqlite3_step
sqlite3_close
sqlite3_column_int
sqlite3_finalize
sqlite3_column_int64

wininet

InternetCrackUrlA
InternetGetConnectedState
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
DeleteUrlCacheEntry

kernel32

LoadLibraryW
SetHandleCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
VirtualFree
GetTimeZoneInformation
QueryPerformanceCounter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
SetStdHandle
RaiseException
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapValidate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
CreateThread
GetOEMCP
GetCPInfo
VirtualProtect
GetFileTime
GetFileSizeEx
GetFileAttributesA
GlobalFlags
GetModuleHandleW
GetAtomNameA
SetErrorMode
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
SetThreadPriority
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
CompareStringA
InterlockedExchange
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetLastError
FindNextFileA
CreateFileMappingA
FindClose
FindFirstFileA
FileTimeToSystemTime
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetCurrentDirectoryA
GetFileType
CreateDirectoryA
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
LocalFree
FormatMessageA
lstrcpynA
LoadLibraryExA
SetDllDirectoryA
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GetModuleHandleA
GetNativeSystemInfo
GetVersionExA
GetExitCodeThread
MoveFileA
MoveFileExA
TerminateThread
GetPrivateProfileIntA
GetCurrentThreadId
HeapDestroy
HeapReAlloc
HeapSize
HeapCreate
HeapFree
HeapAlloc
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GetTickCount
TerminateProcess
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
lstrlenA
MultiByteToWideChar
FreeLibrary
SetProcessWorkingSetSize
DeleteFileA
Sleep
ExitProcess
GetProcAddress
LoadLibraryA
GetLocalTime
CreateEventA
WriteFile
ReadFile
CloseHandle
PeekNamedPipe
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCurrentProcess
DuplicateHandle
CreatePipe
ResetEvent
SetEvent
OpenEventA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCommandLineA
GetTempPathA
GetModuleFileNameA
GetLastError
CreateMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FileTimeToLocalFileTime
IsBadReadPtr

user32

WinHelpA
TrackPopupMenu
GetClassLongA
GetClassNameA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetMenu
GetMenu
GetMessageTime
OffsetRect
IntersectRect
GetWindowPlacement
LoadMenuA
ModifyMenuA
InsertMenuItemA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
CreatePopupMenu
GrayStringA
DrawTextExA
DrawTextA
DrawIcon
GetSysColorBrush
PostThreadMessageA
GetForegroundWindow
SetForegroundWindow
WindowFromPoint
IsChild
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
GetCapture
SetTimer
ShowOwnedPopups
InvalidateRgn
InvalidateRect
GetUpdateRect
UpdateWindow
GetWindowDC
EndPaint
EndDeferWindowPos
ScreenToClient
ClientToScreen
MapWindowPoints
GetClientRect
GetWindowRect
BringWindowToTop
IsIconic
GetSystemMenu
CharNextA
MessageBoxA
GetLastActivePopup
GetWindowThreadProcessId
ValidateRect
GetMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
TabbedTextOutA
GetKeyState
MessageBeep
CharUpperA
EndDialog
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetFocus
MoveWindow
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
MapDialogRect
GetWindow
SetWindowContextHelpId
PostQuitMessage
ReleaseCapture
SetFocus
EnableWindow
IsWindowEnabled
IsWindowVisible
CopyAcceleratorTableA
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
AppendMenuA
GetMenuItemID
GetMessagePos
CopyRect
GetParent
GetSysColor
FillRect
ReleaseDC
GetDC
SetRect
CallNextHookEx
SendMessageA
SetWindowsHookExA
SetCursor
LoadCursorA
DispatchMessageA
TranslateMessage
PeekMessageA
SystemParametersInfoA
GetCursorPos
IsWindow
UpdateLayeredWindow
GetSystemMetrics
SetWindowLongA
GetWindowLongA
SetWindowPos
LoadIconA
SwitchToThisWindow
ShowWindow
PostMessageA
FindWindowA
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
PtInRect
InflateRect
GetClassInfoExA
CreateWindowExA
RegisterWindowMessageA
RegisterClipboardFormatA
LoadAcceleratorsA
DestroyMenu
SetRectEmpty
IsRectEmpty
UnregisterClassA
ReuseDDElParam
TranslateAcceleratorA
UnpackDDElParam
BeginPaint
GetClipboardFormatNameA
KillTimer

gdi32

CreatePatternBrush
CreateFontIndirectA
CreateBitmap
ExtTextOutA
CreateRectRgnIndirect
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
DPtoLP
PtVisible
RectVisible
Rectangle
RoundRect
GetPixel
TextOutA
Escape
GetObjectType
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
GetObjectA
GetStockObject
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
OpenThreadToken
RevertToSelf
SetThreadToken
RegCloseKey
RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathRemoveFileSpecW
PathRemoveFileSpecA

oledlg

ord8

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StringFromCLSID
OleRun
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SafeArrayGetLBound
SafeArrayAccessData
OleLoadPicture
SysAllocString
VariantClear
SafeArrayGetUBound
SafeArrayUnaccessData
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SafeArrayDestroy
OleCreateFontIndirect
VariantChangeType
VariantInit
SysAllocStringLen
GetErrorInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString

urlmon

URLDownloadToFileA

ws2_32

ioctlsocket
setsockopt
recv
send
closesocket
connect
socket
htons
inet_addr
WSAStartup

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

607e39ba09a706afb978f1f533f7baa5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

imagehlp

version

setupapi

sqlite_win32_dll

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 14KB - Virtual size: 95KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 14KB - Virtual size: 95KB

.rsrc
Size: 78KB - Virtual size: 78KB