2024-02-20_4b579650824c6027839f04376124e66f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-20_4b579650824c6027839f04376124e66f_icedid
Size

720KB
MD5

4b579650824c6027839f04376124e66f
SHA1

1c338241a16d068ddbaa88585fe910709c3820b5
SHA256

0b6527fd9a360f3c77ebeb2c44c641f4639061f4a0df1d6fbe60f04b0c2a61c4
SHA512

3e0df33187a16b56b48239a3f86b61bc84d4e66d9fd763b9705518bfd9600540eedd840d355608059c2c588f776c2e1e09b8de79375a04cbb1ee3a6d9c4f50b5
SSDEEP

12288:rRGZJlIXywuG5jKHV/eaPvaY81e9tAIvt9G:rwltwz542aPvFGeDAeI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-20_4b579650824c6027839f04376124e66f_icedid

Files

2024-02-20_4b579650824c6027839f04376124e66f_icedid
.exe windows:4 windows x86 arch:x86

f093a502bae541196c6c8bfd18e37935

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\New_Login\GuaGua\trunk\Client\OnlineSetupV2\GirlsShow\SmallStationRelease\SetupTool.pdb

Imports

kernel32

LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileTime
SetErrorMode
HeapAlloc
RtlUnwind
HeapFree
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
OutputDebugStringA
FatalExit
DebugBreak
SystemTimeToFileTime
SetFileTime
WaitForMultipleObjects
MoveFileA
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
OpenProcess
TerminateProcess
Sleep
FindNextFileA
RemoveDirectoryA
Module32First
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateDirectoryA
RaiseException
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
GetVersion
CreateProcessA
WaitForSingleObject
GetTickCount
DeleteFileA
CreateMutexA
GetLastError
MultiByteToWideChar
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindFirstFileA
FindClose
GetLocalTime
GetModuleFileNameA
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
ExitProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryA
GetProcAddress

user32

SetRect
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
DestroyMenu
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassInfoExA
CopyAcceleratorTableA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
MessageBoxA
RegisterClipboardFormatA
GetClassNameA
ReleaseDC
GetDC
LoadCursorA
SetCursor
UnregisterClassA
CharUpperA
LoadIconA
KillTimer
SetTimer
UpdateWindow
ScreenToClient
DrawIcon
PtInRect
GetSystemMetrics
IsIconic
PostMessageA
InvalidateRect
GetWindowRect
CopyRect
SetLayeredWindowAttributes
EnableWindow
GetParent
GetClientRect
SendMessageA
GetClassLongA

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
DeleteObject
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
SetBkMode
CreateFontA
SetPixel
GetPixel
Rectangle
BitBlt
DPtoLP
GetMapMode
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder

comctl32

ord17
_TrackMouseEvent

shlwapi

PathRemoveBackslashA
PathAddBackslashA
PathQuoteSpacesA
PathCanonicalizeA
PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitialize
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleUninitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantClear
SafeArrayCopy
SafeArrayGetVartype
VariantInit
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysFreeString

wininet

InternetSetOptionExA
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetGetCookieExA

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectI

ws2_32

WSAStartup

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f093a502bae541196c6c8bfd18e37935

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

ws2_32

Sections

.text Size: 308KB - Virtual size: 304KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 316KB - Virtual size: 314KB

.text
Size: 308KB - Virtual size: 304KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 316KB - Virtual size: 314KB