Static task
static1
Behavioral task
behavioral1
Sample
2024-02-19_93512d52b2e089854a86ff80433be667_icedid.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
2024-02-19_93512d52b2e089854a86ff80433be667_icedid.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
2024-02-19_93512d52b2e089854a86ff80433be667_icedid
-
Size
10.3MB
-
MD5
93512d52b2e089854a86ff80433be667
-
SHA1
e5de6edadd474fdc572c395938283f16c66d3e35
-
SHA256
a7ed7c02f35ff9c2b1c35e2f41b4fd5bbd0bed42b323fa045eb67c8feaad06e8
-
SHA512
551b277fb03a1f3751a6540d641bb7f7907faf74b47c329b86a6b112ef2d6523affe2032decd67fb0f85e8cded6e5afb914d582ee0acfaf10ac3146558938be3
-
SSDEEP
196608:BnJYmR3II43dIc2RZaoU4ouw/UrK9qfKtKMdI:/gQaKiXW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-02-19_93512d52b2e089854a86ff80433be667_icedid
Files
-
2024-02-19_93512d52b2e089854a86ff80433be667_icedid.exe windows:5 windows x86 arch:x86
33ce67f16be5021a90a6c75a1f6a7e6c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ImageList_GetIconSize
InitCommonControlsEx
ImageList_GetIcon
ImageList_Draw
InitializeFlatSB
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
kernel32
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
HeapCreate
VirtualFree
HeapSize
CreateThread
ExitThread
SetStdHandle
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetFileType
GetDriveTypeA
VirtualQuery
VirtualAlloc
GetTimeZoneInformation
SetEnvironmentVariableA
ExitProcess
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
GlobalLock
GlobalUnlock
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetStdHandle
FreeLibrary
MulDiv
FormatMessageA
LocalFree
CopyFileA
FindFirstFileA
FindNextFileA
FindClose
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
GlobalAlloc
ResumeThread
InterlockedExchange
lstrlenA
InterlockedDecrement
LocalHandle
LocalAlloc
GlobalFlags
GetCurrentProcess
CloseHandle
GetLastError
CreateMutexA
FileTimeToSystemTime
FileTimeToLocalFileTime
WaitForSingleObject
lstrcpyA
GetTempFileNameA
GetExitCodeProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
WinExec
lstrcatA
LockResource
SizeofResource
UnhandledExceptionFilter
TerminateProcess
GetDateFormatA
lstrcmpA
GetModuleHandleA
SetLastError
Sleep
GetTimeFormatA
RaiseException
HeapFree
SearchPathA
GetVersionExA
GetSystemInfo
DeleteFileA
FreeResource
SetFilePointer
SystemTimeToFileTime
GetFileAttributesA
CreateFileA
ReadFile
LocalFileTimeToFileTime
CreateDirectoryA
SetFileTime
WriteFile
lstrcpynA
GetLocalTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetTickCount
GlobalSize
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrlenW
GetThreadLocale
GetModuleFileNameW
GetModuleFileNameA
GetCurrentProcessId
SetThreadPriority
SetEvent
SuspendThread
CreateEventA
GetFileTime
GetFullPathNameA
GetDiskFreeSpaceA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
InitializeCriticalSection
DeleteCriticalSection
MoveFileA
GetStringTypeExA
lstrcmpiA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetShortPathNameA
GetProfileIntA
InterlockedIncrement
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetModuleHandleW
GetFileAttributesExA
SetFileAttributesA
GetFileSizeEx
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
GetTempPathA
LoadLibraryW
GetSystemDirectoryW
FindResourceExA
SetErrorMode
RtlUnwind
HeapAlloc
GetConsoleCP
user32
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
SetClassLongA
DestroyAcceleratorTable
UnionRect
NotifyWinEvent
DrawIconEx
DrawEdge
IsClipboardFormatAvailable
UnregisterClassA
GetTabbedTextExtentA
GetSystemMenu
DestroyCursor
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
DrawIcon
RegisterClipboardFormatA
SetWindowContextHelpId
WaitMessage
ShowOwnedPopups
PostQuitMessage
IsZoomed
GetDCEx
CharUpperA
SetParent
CopyImage
GetSysColorBrush
DestroyMenu
GetMenuItemInfoA
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
LoadIconA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
GetKeyboardState
GetMessageTime
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
GetScrollPos
GetMenuItemID
CreateWindowExA
GetClassInfoExA
GetWindowRgn
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcA
GetMenu
GetWindowPlacement
GetIconInfo
FrameRect
IsWindowEnabled
SetScrollPos
MoveWindow
SetFocus
GetWindowThreadProcessId
CreatePopupMenu
SetWindowPos
TrackMouseEvent
DestroyIcon
IntersectRect
DrawStateA
MessageBoxA
GetClassNameA
SetRectEmpty
CheckMenuItem
MapWindowPoints
SetWindowRgn
PtInRect
EqualRect
RegisterClassA
TranslateMessage
SetCursorPos
LoadBitmapA
IsChild
GetWindowDC
CreateMenu
SetWindowLongA
IsWindowVisible
InsertMenuA
ModifyMenuA
GetMenuStringA
DeleteMenu
LoadAcceleratorsA
GetActiveWindow
TranslateAcceleratorA
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
DestroyWindow
IsIconic
ShowWindow
ShowScrollBar
RedrawWindow
CreateAcceleratorTableA
GetUpdateRect
SubtractRect
PostThreadMessageA
IsMenu
EnumChildWindows
CharNextA
InvalidateRgn
GetNextDlgGroupItem
SetMenuDefaultItem
GetMenuDefaultItem
GetDoubleClickTime
EnableScrollBar
UpdateLayeredWindow
CharUpperBuffA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
SendNotifyMessageA
IsCharLowerA
UnhookWindowsHookEx
MapVirtualKeyExA
LockWindowUpdate
SetRect
WindowFromPoint
GetMessageA
DispatchMessageA
GetWindowContextHelpId
GetCaretPos
InvertRect
HideCaret
SetCapture
GetCapture
IsRectEmpty
GetDlgCtrlID
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CopyIcon
GrayStringA
DrawTextExA
DrawTextA
RegisterWindowMessageA
GetParent
SendMessageA
AdjustWindowRectEx
TabbedTextOutA
LoadImageA
SetActiveWindow
OffsetRect
FillRect
GetKeyState
GetWindow
ValidateRect
ReleaseCapture
DrawFocusRect
wsprintfA
PeekMessageA
SetCursor
IsWindow
EnableMenuItem
MapDialogRect
FindWindowA
UpdateWindow
BringWindowToTop
GetAsyncKeyState
MessageBeep
GetMessagePos
ClientToScreen
LoadMenuA
RemoveMenu
GetSubMenu
GetMenuItemCount
AppendMenuA
SetForegroundWindow
GetWindowLongA
GetSysColor
GetCursorPos
SystemParametersInfoA
GetSystemMetrics
GetClassInfoA
DefWindowProcA
LoadCursorA
GetDesktopWindow
GetFocus
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetClientRect
GetWindowRect
PostMessageA
DrawFrameControl
CopyRect
InflateRect
EnableWindow
gdi32
SetPixelV
GetSystemPaletteEntries
GetNearestPaletteIndex
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
SetPaletteEntries
ExtFloodFill
GetPaletteEntries
GetRgnBox
OffsetRgn
EnumFontFamiliesExA
Polygon
Polyline
CreateFontA
GetWindowOrgEx
GetTextExtentPointA
GetCharWidthA
GetTextFaceA
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
CreateEllipticRgn
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
SetDIBColorTable
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateRoundRectRgn
SetRectRgn
CreateHatchBrush
GetObjectType
CreatePatternBrush
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocA
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
CopyMetaFileA
GetDCOrgEx
CreatePalette
SelectPalette
CombineRgn
SetBkMode
StretchDIBits
SetBkColor
SaveDC
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
RestoreDC
RealizePalette
GetDIBits
CreateDIBSection
CreateRectRgn
CreateICA
CreatePolygonRgn
CreateBitmap
Ellipse
GetViewportOrgEx
PatBlt
GetClipBox
SetPixel
GetPixel
CreateSolidBrush
CreatePen
GetCurrentObject
GetTextColor
SetTextColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
StretchBlt
BitBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCA
GetDeviceCaps
DeleteDC
RoundRect
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
Rectangle
SelectObject
GetObjectA
CreateFontIndirectA
msimg32
TransparentBlt
AlphaBlend
comdlg32
ChooseFontA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
winspool.drv
ClosePrinter
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
GetJobA
advapi32
RegCreateKeyA
GetUserNameA
RegSetValueA
SetFileSecurityA
GetFileSecurityA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
shell32
ExtractIconA
SHBrowseForFolderA
ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA
SHGetSpecialFolderPathA
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListA
SHGetFileInfoA
DragQueryPoint
ShellExecuteExA
shlwapi
PathRemoveFileSpecW
PathFindExtensionA
PathRemoveExtensionA
PathStripToRootA
PathIsUNCA
StrFormatByteSizeA
PathFindFileNameA
oledlg
ord8
ole32
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
RegisterDragDrop
CLSIDFromProgID
StringFromGUID2
CoTaskMemFree
StringFromCLSID
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
CLSIDFromString
OleRun
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoRegisterClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
DoDragDrop
OleGetClipboard
OleLockRunning
RevokeDragDrop
CoRevokeClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoLockObjectExternal
oleaut32
OleCreateFontIndirect
LoadTypeLi
RegisterTypeLi
SafeArrayDestroy
VarBstrCmp
VariantCopy
VarBstrFromDate
VarDateFromStr
SysStringLen
SysStringByteLen
SysAllocStringByteLen
RevokeActiveObject
RegisterActiveObject
SysAllocString
VariantChangeType
VariantInit
VariantClear
GetActiveObject
SysAllocStringLen
SysFreeString
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
urlmon
URLDownloadToFileA
gdiplus
GdipGetImagePalette
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
xerces-c_3_1
?getColumnNumber@SAXParseException@xercesc_3_1@@QBE_KXZ
??0SAXParseException@xercesc_3_1@@QAE@ABV01@@Z
??1MemBufInputSource@xercesc_3_1@@UAE@XZ
?setIssueFatalErrorIfNotFound@InputSource@xercesc_3_1@@UAEX_N@Z
?setSystemId@InputSource@xercesc_3_1@@UAEXQB_W@Z
?setPublicId@InputSource@xercesc_3_1@@UAEXQB_W@Z
?setEncoding@InputSource@xercesc_3_1@@UAEXQB_W@Z
?getIssueFatalErrorIfNotFound@InputSource@xercesc_3_1@@UBE_NXZ
?getSystemId@InputSource@xercesc_3_1@@UBEPB_WXZ
?getPublicId@InputSource@xercesc_3_1@@UBEPB_WXZ
?getEncoding@InputSource@xercesc_3_1@@UBEPB_WXZ
?makeStream@MemBufInputSource@xercesc_3_1@@UBEPAVBinInputStream@2@XZ
??2XMemory@xercesc_3_1@@SAPAXI@Z
??0MemBufInputSource@xercesc_3_1@@QAE@QBEKQBD_NQAVMemoryManager@1@@Z
??3XMemory@xercesc_3_1@@SAXPAX@Z
?fgXercescDefaultLocale@XMLUni@xercesc_3_1@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_3_1@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
?createXMLReader@XMLReaderFactory@xercesc_3_1@@SAPAVSAX2XMLReader@2@QAVMemoryManager@2@QAVXMLGrammarPool@2@@Z
?fgSAX2CoreNameSpaces@XMLUni@xercesc_3_1@@2QB_WB
?Terminate@XMLPlatformUtils@xercesc_3_1@@SAXXZ
?startElement@DefaultHandler@xercesc_3_1@@UAEXQB_W00ABVAttributes@2@@Z
?startDocument@DefaultHandler@xercesc_3_1@@UAEXXZ
?endElement@DefaultHandler@xercesc_3_1@@UAEXQB_W00@Z
?endDocument@DefaultHandler@xercesc_3_1@@UAEXXZ
?characters@DefaultHandler@xercesc_3_1@@UAEXQB_WK@Z
??0DefaultHandler@xercesc_3_1@@QAE@XZ
?externalEntityDecl@DefaultHandler@xercesc_3_1@@UAEXQB_W00@Z
?internalEntityDecl@DefaultHandler@xercesc_3_1@@UAEXQB_W0@Z
?attributeDecl@DefaultHandler@xercesc_3_1@@UAEXQB_W0000@Z
?elementDecl@DefaultHandler@xercesc_3_1@@UAEXQB_W0@Z
?startEntity@DefaultHandler@xercesc_3_1@@UAEXQB_W@Z
?startDTD@DefaultHandler@xercesc_3_1@@UAEXQB_W00@Z
?startCDATA@DefaultHandler@xercesc_3_1@@UAEXXZ
?endEntity@DefaultHandler@xercesc_3_1@@UAEXQB_W@Z
?endDTD@DefaultHandler@xercesc_3_1@@UAEXXZ
?endCDATA@DefaultHandler@xercesc_3_1@@UAEXXZ
?comment@DefaultHandler@xercesc_3_1@@UAEXQB_WK@Z
?resetErrors@DefaultHandler@xercesc_3_1@@UAEXXZ
?fatalError@DefaultHandler@xercesc_3_1@@UAEXABVSAXParseException@2@@Z
?error@DefaultHandler@xercesc_3_1@@UAEXABVSAXParseException@2@@Z
?warning@DefaultHandler@xercesc_3_1@@UAEXABVSAXParseException@2@@Z
?skippedEntity@DefaultHandler@xercesc_3_1@@UAEXQB_W@Z
?endPrefixMapping@DefaultHandler@xercesc_3_1@@UAEXQB_W@Z
?startPrefixMapping@DefaultHandler@xercesc_3_1@@UAEXQB_W0@Z
?setDocumentLocator@DefaultHandler@xercesc_3_1@@UAEXQBVLocator@2@@Z
?processingInstruction@DefaultHandler@xercesc_3_1@@UAEXQB_W0@Z
?ignorableWhitespace@DefaultHandler@xercesc_3_1@@UAEXQB_WK@Z
?resetDocType@DefaultHandler@xercesc_3_1@@UAEXXZ
?unparsedEntityDecl@DefaultHandler@xercesc_3_1@@UAEXQB_W000@Z
?notationDecl@DefaultHandler@xercesc_3_1@@UAEXQB_W00@Z
?resetDocument@DefaultHandler@xercesc_3_1@@UAEXXZ
?resolveEntity@DefaultHandler@xercesc_3_1@@UAEPAVInputSource@2@QB_W0@Z
??1DefaultHandler@xercesc_3_1@@UAE@XZ
?getLineNumber@SAXParseException@xercesc_3_1@@QBE_KXZ
?getSystemId@SAXParseException@xercesc_3_1@@QBEPB_WXZ
?release@XMLString@xercesc_3_1@@SAXPAPADQAVMemoryManager@2@@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_3_1@@2PAVMemoryManager@2@A
?transcode@XMLString@xercesc_3_1@@SAPADQB_WQAVMemoryManager@2@@Z
??1SAXParseException@xercesc_3_1@@UAE@XZ
??0SAXException@xercesc_3_1@@QAE@ABV01@@Z
wininet
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpSendRequestA
InternetOpenUrlA
InternetCloseHandle
crypt32
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertOpenSystemStoreA
vpei3261
ord119
ord112
ord114
ord69
ord58
ord109
ord108
ord195
ord132
ord50
ord55
ord125
ord57
ord133
ord83
ord122
ord74
ord134
ord75
ord313
ord70
ord168
ord106
ord113
ord170
ord171
ord257
wsock32
WSASetLastError
WSACleanup
WSAStartup
rpcrt4
UuidFromStringA
UuidCreate
imm32
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 894KB - Virtual size: 893KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 88KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.0MB - Virtual size: 5.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ