2024-02-19_5d383309d327769faceef87ec78d64e5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_5d383309d327769faceef87ec78d64e5_icedid
Size

1.4MB
MD5

5d383309d327769faceef87ec78d64e5
SHA1

3e6658d1d37a15189037417069b00d5dd4596d2e
SHA256

5c0d59e2a5b46479868dbd91a537e80de2fb19cca7c90693b5ab1ac69f6a21fa
SHA512

ff8d0eaa0023d0f95047bfb916a75ccae693e8d2adb4bcd67e6faf8e5ec3783889eef658579d06909824abc151758fb3f97bbf6edad62ee7725624b9ce731a15
SSDEEP

24576:WwvUNB9f9HgPLViUR1r0GHcSn72qKaIeqOScJs61HxI6Rq3:WnbSnSqKaRs6PIYQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_5d383309d327769faceef87ec78d64e5_icedid

Files

2024-02-19_5d383309d327769faceef87ec78d64e5_icedid
.exe windows:4 windows x86 arch:x86

d9df0f5cdb1b65652eebbf33c47eafa2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\iCafe8\网维6.0\SourceCode\BarServer\bin\Release\BarServerView.pdb

Imports

iocptcp

TcpInit
TcpUninit
TcpDestroy
TcpGetLinkAddr
TcpCreate
TcpConnect
TcpSend

iocpudp

UdpSendTo
UdpDestroy
UdpInit
UdpUninit
UdpCreate

kernel32

GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapSize
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetEnvironmentVariableA
ExitProcess
SetErrorMode
IsBadWritePtr
GetOEMCP
GetModuleFileNameA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
SetFileAttributesA
GetLastError
DeleteFileA
GetTimeZoneInformation
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
CloseHandle
UnmapViewOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MapViewOfFile
CreateEventA
CreateFileMappingA
OpenEventA
OpenFileMappingA
SetEvent
OutputDebugStringA
GetCurrentThreadId
GetLocalTime
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GlobalAddAtomA
GetCurrentThread
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryA
lstrcmpA
FileTimeToLocalFileTime
SetLastError
FormatMessageA
lstrcpynA
LocalFree
GetFileSize
GlobalFree
MulDiv
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpyA
LoadLibraryExA
EnumResourceNamesA
FreeLibrary
CreateDirectoryA
GetDriveTypeA
ReadFile
SetFilePointer
CreateFileA
WriteFile
CopyFileA
GetFileTime
SetFileTime
GetDiskFreeSpaceExA
GetFileAttributesA
FileTimeToSystemTime
GetSystemDirectoryA
WinExec
InterlockedDecrement
InterlockedIncrement
CompareStringW
CompareStringA
lstrlenA
WaitForSingleObject
lstrcmpiA
GetVersion
RaiseException
MultiByteToWideChar
CreateThread
Sleep
TerminateThread
GetCurrentProcess
TerminateProcess
GetTickCount
SetStdHandle

user32

CharNextA
SetRect
MessageBeep
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
AdjustWindowRectEx
EqualRect
GetScrollInfo
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
IntersectRect
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
SystemParametersInfoA
DestroyMenu
IsRectEmpty
CopyRect
UnhookWindowsHookEx
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CharUpperA
UnregisterClassA
GetParent
DrawIcon
CreatePopupMenu
AppendMenuA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
ValidateRect
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
GetMenuState
GetMenuItemID
DrawEdge
GrayStringA
DrawTextExA
CopyAcceleratorTableA
GetNextDlgGroupItem
DrawTextA
TabbedTextOutA
InflateRect
SetScrollPos
BringWindowToTop
TrackMouseEvent
GetFocus
GetWindowRgn
SetWindowRgn
LoadBitmapA
ReleaseDC
GetDesktopWindow
GetDC
UnionRect
PtInRect
ClipCursor
DestroyCursor
InvalidateRgn
FrameRect
SetForegroundWindow
OffsetRect
DestroyIcon
InvalidateRect
RegisterClipboardFormatA
PostThreadMessageA
EnableMenuItem
GetMenuItemCount
GetSubMenu
SendMessageA
PostMessageA
GetMenu
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
IsWindowVisible
SetTimer
KillTimer
SetCapture
WindowFromPoint
LoadIconA
GetKeyState
UnregisterHotKey
EnableWindow
GetSystemMetrics
GetWindowLongA
SetWindowLongA
GetCursorPos
SetCursor
LoadCursorA
RegisterHotKey
GetSysColor
ReleaseCapture
LockWindowUpdate
MessageBoxA
IsWindow
RegisterWindowMessageA
UpdateWindow
SetScrollInfo

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
SetTextColor
SetBkColor
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
SelectClipRgn
GetCurrentObject
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetMapMode
GetTextColor
GetRgnBox
GetBkColor
GetTextExtentPoint32A
CreateICA
GetDIBits
ExtCreateRegion
SelectPalette
RealizePalette
CreateBitmap
CreateFontIndirectA
GetDeviceCaps
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
CreateCompatibleDC
PtInRegion
CreateCompatibleBitmap
CreatePen
OffsetRgn
CombineRgn
GetObjectA
CreateSolidBrush
GetViewportExtEx
CreateRectRgn

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyA
RegQueryValueA
RegCloseKey

shell32

ExtractIconExA
SHGetFileInfoA
DragQueryFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA

comctl32

ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_DragEnter
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create
ImageList_DrawIndirect
ImageList_BeginDrag

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFileExistsA

oledlg

ord8

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SystemTimeToVariantTime
VariantCopy
OleLoadPicture
SafeArrayDestroy
SysAllocString
OleCreateFontIndirect
SysFreeString

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

ntohs
ntohl
htonl
htons

Sections

.text
Size: 964KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9df0f5cdb1b65652eebbf33c47eafa2

Headers

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

ws2_32

Sections

.text Size: 964KB - Virtual size: 961KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 12KB - Virtual size: 31KB

.rsrc Size: 204KB - Virtual size: 201KB

.text
Size: 964KB - Virtual size: 961KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 12KB - Virtual size: 31KB

.rsrc
Size: 204KB - Virtual size: 201KB