2024-02-17_4d4b4815f94f86cdf5169a00b71f15ab_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-17_4d4b4815f94f86cdf5169a00b71f15ab_icedid
Size

6.2MB
MD5

4d4b4815f94f86cdf5169a00b71f15ab
SHA1

959674d2b68a7f3ed1b4670e9707da5ee8a31e1d
SHA256

05e2b8fd50778c79ade2d67bf998da0b103a3b4c7a46e024a3418276bdded66d
SHA512

0d2e4dc716cda927408841673c5d89cc741b19b024e4f5c2f16a96d238623ad52db37d4ee9ea5416677ed08704cc0b51a9068095cb1b69b97bdc36d9b24b92dd
SSDEEP

196608:o52ueejIcldQgFWy/Hgc+sm18JmCDNGtL1ilyIcTu4OhpN11eYA:o52ueSldQgFWy/AcEIcTux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-17_4d4b4815f94f86cdf5169a00b71f15ab_icedid

Files

2024-02-17_4d4b4815f94f86cdf5169a00b71f15ab_icedid
.exe windows:4 windows x86 arch:x86

1b92dfb78ff94a4adbf87b4cb49d7c1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\出口的源\Output\Neuz\Release\Neuz.pdb

Imports

d3d9

Direct3DCreate9

dsound

ord11

winmm

mmioWrite
mmioAdvance
mmioSetInfo
mmioSeek
mmioCreateChunk
mmioGetInfo
mmioDescend
mmioRead
mmioAscend
mmioOpenA
mmioClose
timeGetDevCaps
timeBeginPeriod
timeGetTime

imm32

ImmReleaseContext
ImmGetIMEFileNameA
ImmIsIME
ImmGetConversionStatus
ImmGetOpenStatus
ImmNotifyIME
ImmGetCandidateListW
ImmGetCompositionStringW
ImmGetProperty
ImmGetContext
ImmAssociateContext
ImmSetOpenStatus

ws2_32

shutdown
send
gethostname
WSASocketA
closesocket
bind
WSAEnumNetworkEvents
WSAAccept
WSAEventSelect
listen
htons
ntohs
htonl
ioctlsocket
WSAGetLastError
connect
WSASetLastError
gethostbyname
setsockopt
WSACloseEvent
WSACreateEvent
socket
WSACleanup
WSAStartup
getpeername
WSAWaitForMultipleEvents
accept
ntohl
inet_addr
WSASend
WSARecv

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GlobalLock
GlobalAlloc
GetDateFormatA
InitializeCriticalSectionAndSpinCount
GetLocalTime
SetThreadPriority
CreateEventA
SetEvent
WaitForMultipleObjects
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetSystemInfo
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
SetUnhandledExceptionFilter
SetErrorMode
CreateProcessA
GetCurrentDirectoryA
WriteFile
ReadFile
GetTempPathA
IsProcessorFeaturePresent
DebugBreak
FatalAppExitA
LocalFree
FormatMessageA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileW
UnmapViewOfFile
GlobalSize
InterlockedCompareExchange
GetProcessHeap
GetCurrentProcessId
PulseEvent
SetLastError
SetFilePointer
GetDiskFreeSpaceA
GetCurrentThreadId
MoveFileExA
MoveFileA
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
OpenFileMappingA
FindClose
FindNextFileA
FindFirstFileA
CreateThread
SignalObjectAndWait
ResetEvent
GetVolumeInformationA
LockFileEx
LockFile
GlobalUnlock
GetSystemDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetFullPathNameA
CreateFileA
lstrcmpA
MulDiv
lstrcpynA
lstrcatA
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
RaiseException
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32Next
lstrcmpiA
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
GetVersion
InitializeCriticalSection
OpenMutexA
CreateMutexA
ReleaseMutex
VirtualFree
DeleteCriticalSection
WaitForSingleObject
CloseHandle
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
SetEnvironmentVariableA
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
IsBadWritePtr
LCMapStringW
LCMapStringA
HeapSize
GetTimeZoneInformation
GetDriveTypeA
GetFileType
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
VirtualQuery
VirtualProtect
IsDBCSLeadByte
DeleteFileA
lstrlenA
Sleep
ExitProcess
GetTickCount
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
OutputDebugStringA
lstrcpyA
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
GlobalDeleteAtom
lstrcmpW
GlobalFlags
ResumeThread
TlsFree
LocalReAlloc
TlsSetValue
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
DuplicateHandle
TlsAlloc
FindResourceW
GetCurrentProcess
GetProfileIntA
UnlockFile
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP

user32

SetWindowTextA
GetSystemMetrics
LoadCursorA
MessageBoxA
SystemParametersInfoA
ScreenToClient
GetCursorPos
PostMessageA
SendMessageA
GetDC
CallNextHookEx
GetAsyncKeyState
LoadStringA
CharUpperA
UnregisterClassA
CreateWindowExA
CreateDialogParamA
CharNextExA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
CharNextA
GetKeyboardLayout
InflateRect
ReleaseCapture
SetCapture
FindWindowA
OffsetRect
GetIconInfo
IsDlgButtonChecked
EnableWindow
CheckRadioButton
EndDialog
DialogBoxParamA
GetDlgItem
ReleaseDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
LoadAcceleratorsA
PeekMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
GetLastActivePopup
GetParent
GetSysColorBrush
GetSysColor
UnhookWindowsHookEx
GetWindowTextA
ValidateRect
GetKeyState
SetWindowsHookExA
GetClassNameA
GetFocus
GetDlgCtrlID
GetWindow
ClientToScreen
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowPlacement
IsIconic
CallWindowProcA
AdjustWindowRectEx
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
SetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
SetWindowLongA
SetMenu
ClipCursor
SetCursor
GetMenu
DestroyMenu
PostQuitMessage
LoadIconA
AdjustWindowRect
LoadMenuA
GetWindowLongA
EqualRect
SetRect
PtInRect
GetPropA
SetPropA
RemovePropA
GetClassInfoA
RegisterClassA
DefWindowProcA
GetClientRect
CopyRect
SetRectEmpty
GetWindowRect
wsprintfA
SetWindowPos
DestroyWindow
ShowWindow
RegisterWindowMessageA

gdi32

CreateBitmap
ExtTextOutW
MoveToEx
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
GetTextMetricsA
ScaleWindowExtEx
SetWindowExtEx
SetBkMode
GetCharacterPlacementW
GetCharacterPlacementA
GetObjectW
GetObjectA
GetDIBits
EnumFontFamiliesExA
ExtTextOutA
DeleteObject
DeleteDC
CreateCompatibleDC
SetMapMode
SelectObject
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
CreateFontA
GetDeviceCaps
GetTextExtentPoint32A
GetStockObject
GetDeviceGammaRamp
SetDeviceGammaRamp
SaveDC
RestoreDC
GetClipBox
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx

advapi32

SetSecurityDescriptorDacl
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

ole32

CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayUnaccessData
VariantClear
SafeArrayAccessData
SafeArrayCreate
VariantInit
SystemTimeToVariantTime
VariantChangeType
VarBstrFromDate
SysFreeString
VariantTimeToSystemTime
SysAllocString

mss32

_AIL_shutdown@0
_AIL_startup@0
_AIL_open_digital_driver@16
_AIL_last_error@0
_AIL_stream_status@4
_AIL_set_digital_master_volume_level@8
_AIL_pause_stream@8
_AIL_close_stream@4
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_start_stream@4
_AIL_service_stream@8
_AIL_close_digital_driver@4

neuzd

GetFirstStackTraceString
GetRegisterString
GetFaultReason
GetNextStackTraceString

comctl32

ord17

shlwapi

PathIsUNCA
PathFindFileNameA
PathStripToRootA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

GetFileTitleA

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b92dfb78ff94a4adbf87b4cb49d7c1f

Headers

File Characteristics

PDB Paths

Imports

d3d9

dsound

winmm

imm32

ws2_32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

mss32

neuzd

comctl32

shlwapi

oleacc

winspool.drv

comdlg32

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 717KB - Virtual size: 717KB

.data Size: 65KB - Virtual size: 2.0MB

.rsrc Size: 99KB - Virtual size: 100KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 717KB - Virtual size: 717KB

.data
Size: 65KB - Virtual size: 2.0MB

.rsrc
Size: 99KB - Virtual size: 100KB