2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid
Size

4.9MB
MD5

2ec0895c71868a80fe8e0405b0275442
SHA1

3f45e03beee6ebb9e755b2b9cd1fb4b5eee6fd79
SHA256

e7af1d76d39e4ad86ff5fb21b2661a86d75f93aab8fd8d1936114a89182d8415
SHA512

ad07ac18b4cba832fa6160dea1cff6b175f6d853f6d7f8e4e7de241a692610ff8905d44342d3eba46ac88e76dbb59d4d96c05613cbfcefe45dd0bfd8f561d9f2
SSDEEP

98304:CvupjjUTgy/BzudfnSzqAXC73H/zMkLskUdZI8TMqQOlOpPfyW4AOks:bjUTgFnSzv8MLnQOlO5fyLT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid

Files

2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid
.exe windows:5 windows x86 arch:x86

d0896fae29a57bb5f0c6b77204ebd09e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\miniloader\tool\MiniLoader_WeGame_SwitchRepoDev\build\bin\Release\TGPMiniLoader\WeGameMiniLoader.pdb

Imports

kernel32

ConvertThreadToFiber
ConvertFiberToThread
GetModuleHandleExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetSystemTime
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
SleepEx
Sleep
lstrcmpiW
lstrcpynW
GlobalAlloc
SystemTimeToFileTime
LocalFileTimeToFileTime
FormatMessageW
MulDiv
GetACP
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
GlobalUnlock
GlobalLock
lstrlenW
GetCurrentDirectoryW
GetModuleFileNameA
ReadFile
GetPrivateProfileIntW
GetDriveTypeW
GetDiskFreeSpaceExW
GetModuleHandleA
GetExitCodeProcess
GetFileSize
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetProcessId
FreeLibrary
LoadLibraryW
ExitProcess
SetFileAttributesW
GetCommandLineA
GetFileAttributesW
WritePrivateProfileStringW
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
GetVersionExW
CreateMutexW
WideCharToMultiByte
GetLocalTime
DeleteFileW
OutputDebugStringW
GetPrivateProfileStringW
MultiByteToWideChar
CreateFileW
FindClose
SetFilePointer
LeaveCriticalSection
WriteFile
FindNextFileW
SetLastError
FindFirstFileW
CreateDirectoryW
GetTickCount
InterlockedIncrement
SetEvent
DeleteCriticalSection
DecodePointer
RaiseException
lstrcpyW
LocalFree
GetLastError
LocalAlloc
InterlockedDecrement
SetUnhandledExceptionFilter
VirtualQuery
GetModuleHandleW
CreateProcessW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetStdHandle
QueryPerformanceFrequency
VirtualAlloc
GetSystemInfo
HeapQueryInformation
SetConsoleCtrlHandler
SetFilePointerEx
GetCommandLineW
FreeLibraryAndExitThread
GetProcessHeap
GetCurrentProcessId
VirtualAllocEx
GetProcAddress
ExitThread
CreateThread
RtlUnwind
GetCPInfo
LCMapStringW
SwitchToThread
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
GetTempFileNameW
GetProfileIntW
GetTempPathW
GetWindowsDirectoryW
FindResourceExW
HeapAlloc
CloseHandle
CreateEventW
DuplicateHandle
GetCurrentThreadId
WaitForSingleObject
SetErrorMode
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
VirtualProtect
GetUserDefaultUILanguage
GetLocaleInfoW
GlobalFlags
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
CopyFileW
GlobalSize
LocalReAlloc
GlobalFree
GlobalHandle
GlobalReAlloc
HeapSize
HeapReAlloc
OutputDebugStringA
EnterCriticalSection
HeapFree
WriteProcessMemory
SearchPathW

user32

CallWindowProcW
GetClassInfoExW
RegisterClassW
LoadCursorW
GetSystemMetrics
ShowWindow
RegisterClassExW
CreateWindowExW
DestroyWindow
DefWindowProcW
SetForegroundWindow
FindWindowW
GetCursorPos
ShowCaret
HideCaret
GetCaretPos
SetCaretPos
ClientToScreen
LoadImageW
PostQuitMessage
BringWindowToTop
GetSubMenu
TrackPopupMenu
GetWindowPlacement
SendMessageW
SetWindowPos
GetPropW
LoadMenuW
KillTimer
MessageBoxW
GetClientRect
ScreenToClient
PostMessageW
SetTimer
GetKeyState
CharNextW
ReleaseDC
GetDC
GetActiveWindow
GetWindow
SetFocus
GetCaretBlinkTime
CreatePopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
GetGUIThreadInfo
SetPropW
AdjustWindowRectEx
GetMenu
InflateRect
SetCursor
MonitorFromPoint
MoveWindow
UpdateLayeredWindow
GetWindowRgn
FillRect
DrawTextW
GetWindowRect
CreateCaret
GetParent
SetCapture
GetFocus
IsZoomed
DispatchMessageW
IsWindow
UpdateWindow
GetMessageW
CallNextHookEx
PeekMessageW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
BeginPaint
EndPaint
GetUpdateRect
IsRectEmpty
UnionRect
IsWindowVisible
IntersectRect
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
OffsetRect
PtInRect
ReleaseCapture
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
ValidateRect
GetSysColorBrush
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessagePos
GetMessageTime
CharPrevW
IsMenu
IsChild
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
GetCapture
SetMenu
SetActiveWindow
GetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
RemovePropW
CopyRect
GetClassLongW
GetClassNameW
GetTopWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
CheckDlgButton
IsDialogMessageW
DestroyIcon
CharUpperW
GetDesktopWindow
RealChildWindowFromPoint
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetMenuItemInfoW
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
ShowOwnedPopups
DeleteMenu
GetNextDlgGroupItem
WindowFromPoint
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
InvertRect
NotifyWinEvent
GetMenuDefaultItem
MapVirtualKeyW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
GetSystemMenu
SetCursorPos
CopyIcon
wsprintfA
DrawIcon
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
WaitMessage
IsCharLowerW
ToUnicodeEx
GetKeyboardState
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
DestroyCursor
GetSysColor
InvalidateRect
GetClassInfoW
RegisterWindowMessageW
GetWindowLongW
UnregisterClassW
SetWindowLongW
IsIconic
EnableWindow
SetRect
FrameRect
DrawTextA
GetUserObjectInformationW
GetProcessWindowStation
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
SetWindowRgn
TranslateMessage

gdi32

CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
Escape
ExcludeClipRect
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetBkMode
GetObjectA
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
StretchBlt
CombineRgn
CreateRoundRectRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
GetObjectType
PlayEnhMetaFile
CreateCompatibleBitmap
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleDC
DeleteDC
RemoveFontMemResourceEx
DeleteObject
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
SelectPalette
SetMapMode
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
GetPixel
CreateDIBSection
ExtTextOutW
SetTextColor
SetLayout
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
LPtoDP
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
DPtoLP
SetRectRgn
PatBlt
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
MapGenericMask
DuplicateToken
GetFileSecurityW
OpenProcessToken
AccessCheck
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt

shell32

SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
ShellExecuteW
DragQueryFileW
SHGetFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
SHGetFolderPathW

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
CoInitializeEx
CoDisconnectObject
CoTaskMemAlloc
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
ReleaseStgMedium
RegisterDragDrop
DoDragDrop
OleDuplicateData
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
LoadTypeLi
VarBstrFromDate
VariantCopy

msimg32

AlphaBlend
TransparentBlt

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

shlwapi

PathGetDriveNumberW
PathBuildRootW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFileExistsW

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize

crypt32

CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFindCertificateInStore

gdiplus

GdipAddPathLine
ord1
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDeletePath
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipCreatePath
GdipSetSmoothingMode
GdipDrawRectangleI
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCloneStringFormat
GdipImageSelectActiveFrame
GdipGetImagePaletteSize
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetOpenStatus
ImmGetContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

PlaySoundW

ws2_32

shutdown
getnameinfo
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
gethostname
gethostbyname
WSAStartup
inet_addr

wldap32

ord41
ord26
ord60
ord211
ord46
ord143
ord27
ord32
ord33
ord217
ord30
ord200
ord301
ord22
ord50
ord35
ord79

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 83KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0896fae29a57bb5f0c6b77204ebd09e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

uxtheme

crypt32

gdiplus

imm32

version

winmm

ws2_32

wldap32

oleacc

winspool.drv

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1010KB - Virtual size: 1009KB

.data Size: 83KB - Virtual size: 120KB

.rsrc Size: 202KB - Virtual size: 201KB

.reloc Size: 298KB - Virtual size: 300KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1010KB - Virtual size: 1009KB

.data
Size: 83KB - Virtual size: 120KB

.rsrc
Size: 202KB - Virtual size: 201KB

.reloc
Size: 298KB - Virtual size: 300KB