2024-02-17_59524037c8ff6edfd27180208cb76e47_icedid

Resubmissions

20/02/2024, 08:04

240220-jyjcjaec43 10

19/02/2024, 10:54

240219-mzle3ach53 10

17/02/2024, 13:50

240217-q5pw8aff21 10

17/02/2024, 13:45

240217-q2cgqaga69 10

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-17_59524037c8ff6edfd27180208cb76e47_icedid
Size

16.1MB
MD5

59524037c8ff6edfd27180208cb76e47
SHA1

25c9cf22b07de7b842bb0e2e21bc24ec9de69a42
SHA256

5bc6bbc1da21cdd8bc1b7a06a2d6fe923fda0b159faf57104b596567eb3c5a1a
SHA512

1d34149750fff4b9228978750df1fd3042a385c85ddba3671da264fc0d220abc98e9b75c72b22bd8e87bacf4ca9f89ee1b5804ed536006f8586dec5546226a74
SSDEEP

393216:ryoFBzxW+ykWXR/UbXGNYnGP2TEevsZ/sdN:rxF5WXR/IGNcGP2TpX

Score

10^/10

pyinstaller

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-17_59524037c8ff6edfd27180208cb76e47_icedid

Files

2024-02-17_59524037c8ff6edfd27180208cb76e47_icedid
.exe windows:4 windows x86 arch:x86

16e2edf5d47671bf56043d6889107b08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
RtlUnwind
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
SetLastError
WritePrivateProfileStringA
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
WaitForSingleObject
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateFileA
FindResourceA
LoadResource
SizeofResource
WriteFile
GetModuleFileNameA
CopyFileA
Sleep
CreateMutexW
GetLastError
FreeEnvironmentStringsW
CloseHandle

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
LoadCursorA
ClientToScreen
GetClassNameA
PtInRect
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetSysColorBrush
LoadStringA
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
SendMessageA
PostQuitMessage
PostMessageA
EnableWindow
LoadIconA
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetObjectA
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkColor
SetTextColor
GetClipBox
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
klmg.pyc
.ps1

Resubmissions

Sharing

General

Malware Config

Signatures

Files

16e2edf5d47671bf56043d6889107b08

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 16.0MB - Virtual size: 16.0MB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 16.0MB - Virtual size: 16.0MB