2024-02-20_421488b777c4b999a6336d602b2a918c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_421488b777c4b999a6336d602b2a918c_icedid
Size

3.1MB
MD5

421488b777c4b999a6336d602b2a918c
SHA1

ee5cfecb94ad83c3a5111880afe9fd59f224d197
SHA256

63c81bd42a0bb5f9ff8703d1418c423ac4dd50aae0cd7fbe8ab92d06e2639a4a
SHA512

17950f14921f0bbc7b6fda77382bb098c1db6344fe2945962f30dab0cb621ad5161feddad0c0a58248b97eccdae7dd866e2cf440a032c0337315d7fa537d8643
SSDEEP

49152:qgO4aBiJy7HliCLpwSzr391UigUqZS6T6RaYAz:m4ab7dLplXU7UMYAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-20_421488b777c4b999a6336d602b2a918c_icedid

Files

2024-02-20_421488b777c4b999a6336d602b2a918c_icedid
.exe windows:4 windows x86 arch:x86

e07d5dc69abafbe9bafb8921c7ec376d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\GunZ Stuff\EntraGames Source 2018\Gunz\Runtime\GunZ.pdb

Imports

fmod

_FSOUND_3D_SetDopplerFactor@4
_FSOUND_SetMute@8
_FSOUND_3D_SetMinMaxDistance@12
_FSOUND_Update@0
_FSOUND_3D_Listener_SetAttributes@32
_FSOUND_StopSound@4
_FSOUND_GetNumDrivers@0
_FSOUND_GetDriverName@4
_FSOUND_Stream_Stop@4
_FSOUND_Stream_Close@4
_FSOUND_Stream_PlayEx@16
_FSOUND_Stream_SetMode@8
_FSOUND_Stream_GetMode@4
_FSOUND_3D_SetDistanceFactor@4
_FSOUND_GetMaxChannels@0
_FSOUND_Stream_SetBufferSize@4
_FSOUND_Init@12
_FSOUND_SetMaxHardwareChannels@4
_FSOUND_SetMinHardwareChannels@4
_FSOUND_GetDriverCaps@8
_FSOUND_SetDriver@4
_FSOUND_SetOutput@4
_FSOUND_SetHWND@4
_FSOUND_GetVersion@0
_FSOUND_Sample_Load@20
_FSOUND_GetVolume@4
_FSOUND_Close@0
_FSOUND_Stream_SetEndCallback@12
_FSOUND_Stream_Open@16
_FSOUND_3D_SetRolloffFactor@4
_FSOUND_Sample_GetMode@4
_FSOUND_PlaySoundEx@16
_FSOUND_GetError@0
_FSOUND_3D_SetAttributes@12
_FSOUND_SetPriority@8
_FSOUND_SetVolume@8
_FSOUND_SetPaused@8
_FSOUND_Sample_Free@4
_FSOUND_Sample_SetMinMaxDistance@12

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetLastError
GetThreadContext
SetThreadContext
FlushInstructionCache
InterlockedCompareExchange
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
GetCurrentProcess
SetPriorityClass
lstrlenA
GlobalMemoryStatus
DeleteCriticalSection
lstrcmpiA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
GetVersion
CompareStringA
CompareStringW
GetConsoleWindow
GetProcessHeap
IsProcessorFeaturePresent
GetLocaleInfoW
SetEnvironmentVariableA
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetDriveTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
HeapSize
HeapReAlloc
SetCurrentDirectoryA
CreateMutexA
CloseHandle
CreateThread
ExitProcess
GetModuleFileNameA
GetWindowsDirectoryA
FindFirstFileA
CreateDirectoryA
FindClose
GetCurrentThread
InitializeCriticalSection
GetCurrentDirectoryA
GetVolumeInformationA
Sleep
GetTickCount
GetLastError
WaitForSingleObject
SuspendThread
ResumeThread
OutputDebugStringA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetLocalTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
RtlUnwind
FileTimeToLocalFileTime
SetEndOfFile
FlushFileBuffers
SetFilePointer
MulDiv
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
CreateEventA
IsDBCSLeadByte
SetEvent
ResetEvent
ExitThread
WaitForMultipleObjects
SizeofResource
LockResource
LoadResource
FindResourceA
SetUnhandledExceptionFilter
TerminateProcess
GetSystemInfo
FileTimeToSystemTime
SystemTimeToFileTime
GlobalUnlock
GlobalLock
ReadFile
SetFileTime
GetFileAttributesA
lstrcatA
GlobalMemoryStatusEx
InterlockedDecrement
FindNextFileA
GetCurrentProcessId
WriteFile
OpenProcess
GlobalAlloc
GlobalSize
GlobalAddAtomA
GlobalDeleteAtom
FindNextChangeNotification
OpenEventA
FindCloseChangeNotification
FindFirstChangeNotificationA
LocalFree
lstrcpynA
FormatMessageA
GlobalFree
GlobalReAlloc
lstrcmpA
lstrcmpW
lstrcpyA
RaiseException
InterlockedIncrement
LocalAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
GetFullPathNameA
GetUserDefaultLCID

user32

TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SetWindowTextA
GetFocus
PtInRect
GetDlgCtrlID
ValidateRect
GetDlgItem
CopyRect
SystemParametersInfoA
RegisterWindowMessageA
GetClientRect
AdjustWindowRectEx
GetMenuItemID
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
GetWindowPlacement
IsIconic
CallWindowProcA
GetClassInfoA
GetMenu
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
GetLastActivePopup
DestroyMenu
IsWindowEnabled
LoadCursorA
GetSystemMetrics
GetSysColor
GetSysColorBrush
UnregisterClassA
EnableWindow
GetMenuState
GetMenuItemCount
GetSubMenu
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
GetMessageA
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
CallNextHookEx
SendMessageA
FindWindowA
FlashWindow
GetTopWindow
GetClassNameA
FindWindowExA
GetWindowTextA
GetWindow
ShowWindow
DefWindowProcA
SetFocus
ShowCursor
OpenClipboard
IsClipboardFormatAvailable
MessageBoxA
GetClipboardData
CloseClipboard
GetAsyncKeyState
wsprintfA
GetWindowRect
PostMessageA
GetKeyState
ClientToScreen
SetCursorPos
ScreenToClient
GetKeyboardLayout
UnregisterHotKey
EmptyClipboard
SetClipboardData
GetCursorPos
GetDC
ReleaseDC
PeekMessageA
LoadIconA
RegisterClassA
CreateWindowExA
PostQuitMessage
GetActiveWindow
UpdateWindow
GetWindowLongA
SetWindowLongA
GetParent
AdjustWindowRect
SetWindowPos
LoadBitmapA

gdi32

ScaleViewportExtEx
CreateBitmap
GetStockObject
GetTextExtentPoint32A
SelectObject
GetObjectA
DeleteDC
DeleteObject
SetMapMode
CreateDIBSection
CreateCompatibleDC
CreateFontA
GetDeviceCaps
SetWindowExtEx
ScaleWindowExtEx
GetTextMetricsA
SaveDC
RestoreDC
AddFontResourceA
RemoveFontResourceA
SetBkColor
SetTextColor
GetClipBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

shell32

ShellExecuteA
SHChangeNotify
SHGetSpecialFolderPathA

ole32

CoUninitialize
OleRun
CoInitialize
CoCreateInstance

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathFileExistsA
PathIsDirectoryA
PathSearchAndQualifyA

imm32

ImmGetCompositionStringA
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmAssociateContext
ImmNotifyIME
ImmGetCandidateListA
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmGetConversionStatus

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeGetTime

ws2_32

inet_ntoa
inet_addr
ntohs
gethostbyname
gethostname
closesocket
WSAStartup
WSACleanup
setsockopt
ioctlsocket
socket
bind
htons
htonl
recv
WSAGetLastError
connect
WSACloseEvent
send
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
shutdown
sendto
recvfrom

gdiplus

GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdiplusStartup
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathString
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipStringFormatGetGenericTypographic
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdipGetImageEncoders
GdiplusShutdown
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

dbghelp

MiniDumpWriteDump

wininet

InternetCloseHandle
InternetSetStatusCallback
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA

psapi

EnumProcesses
GetModuleFileNameExA
GetModuleBaseNameA
EnumProcessModules

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 26.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e07d5dc69abafbe9bafb8921c7ec376d

Headers

File Characteristics

PDB Paths

Imports

fmod

kernel32

user32

gdi32

shell32

ole32

comctl32

shlwapi

imm32

winmm

ws2_32

gdiplus

dbghelp

wininet

psapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 360KB - Virtual size: 358KB

.data Size: 128KB - Virtual size: 26.0MB

.rsrc Size: 364KB - Virtual size: 363KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 360KB - Virtual size: 358KB

.data
Size: 128KB - Virtual size: 26.0MB

.rsrc
Size: 364KB - Virtual size: 363KB