2024-02-21_0540cff7aef133a6a72091aa312f1862_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-21_0540cff7aef133a6a72091aa312f1862_icedid
Size

605KB
MD5

0540cff7aef133a6a72091aa312f1862
SHA1

16d61d6e9f090e1924069ba24b8efa0627f0bf72
SHA256

b164564416ed9fffe8858b79b37ca8be74a7e390438c21c0192cb598fa7ab6c6
SHA512

da7b40e7c2fe82a38465adb14bcf50c154536b958171037018db3fa33a6d5bed540feaa7b331d50eab89784151b092ca35f66bdffcd74b128af2f73b425382b5
SSDEEP

12288:4ZVm5cALCheI1APdnwLEny3jVA9o89sTRNPAXhP:4ZVm5nL0eI1ASAnsco89sTbPA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_0540cff7aef133a6a72091aa312f1862_icedid

Files

2024-02-21_0540cff7aef133a6a72091aa312f1862_icedid
.exe windows:4 windows x86 arch:x86

86fa4e33d07954bc59a50b98d04c15d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
HeapAlloc
RtlUnwind
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
CreateFileA
GetVolumeInformationA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SetLastError
MulDiv
FormatMessageA
LocalFree
GetCurrentThread
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
lstrcpynA
GlobalLock
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateThread
GetTickCount
SetErrorMode
CloseHandle
TerminateProcess
Sleep
OpenMutexA
CreateMutexA
GetStringTypeExA
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings
InterlockedExchange

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
GetFileSecurityA
SetFileSecurityA

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

gdi32

CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetRgnBox
CreateRectRgn
SelectClipRgn
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
GetWindowExtEx
GetTextColor
CreateCompatibleDC
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
GetDeviceCaps
GetTextExtentPoint32A
GetTextMetricsA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetPixel
GetObjectA
SelectObject
DeleteDC
GetViewportExtEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDisposeImage

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CreateStreamOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
VariantChangeType
VariantClear
VariantInit
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SysAllocStringLen

oledlg

ord8

shell32

DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

user32

SetParent
WindowFromPoint
SetRect
GetSysColorBrush
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
SetCapture
ClientToScreen
SetWindowRgn
DrawIcon
FillRect
IsRectEmpty
FindWindowA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowOwnedPopups
GetMenuStringA
InsertMenuA
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsZoomed
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MoveWindow
SetWindowTextA
IsDialogMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextLengthA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxA
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
LockWindowUpdate
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
PtInRect
RegisterWindowMessageA
wsprintfA
LoadMenuA
DestroyMenu
GetClassNameA
GetSysColor
SetWindowPos
WinHelpA
SetFocus
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetKeyState
GetDlgCtrlID
GetMenu
UnpackDDElParam
ReuseDDElParam
GetDCEx
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
LoadIconA
GetClassInfoA
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
UpdateWindow
CopyAcceleratorTableA
CharNextA
DestroyIcon
DeleteMenu
GetPropA
IsIconic
InsertMenuItemA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
BringWindowToTop
PostMessageA
SetMenu
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
SendMessageA
TranslateAcceleratorA
GetWindowTextA
GetLastActivePopup
KillTimer
SetTimer
UnregisterClassA
EnableWindow
CharUpperA
IsChild

wininet

InternetOpenUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

ws2_32

gethostbyaddr
socket
sendto
WSAStartup
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
getservbyport
closesocket
ntohs

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

gu_idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

gu_rsrcs
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86fa4e33d07954bc59a50b98d04c15d3

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

gdiplus

ole32

oleaut32

oledlg

shell32

shlwapi

user32

wininet

winspool.drv

ws2_32

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 52KB - Virtual size: 52KB

gu_idata Size: 10KB - Virtual size: 12KB

gu_rsrcs Size: 46KB - Virtual size: 46KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 52KB - Virtual size: 52KB

gu_idata
Size: 10KB - Virtual size: 12KB

gu_rsrcs
Size: 46KB - Virtual size: 46KB