2024-02-22_21c943958d922227f66635aba64c5dd4_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-22_21c943958d922227f66635aba64c5dd4_icedid
Size

2.1MB
MD5

21c943958d922227f66635aba64c5dd4
SHA1

12afa9cd8c01d81a600ef9634b1122e702880a69
SHA256

3427a3db47e4e934e57bf443b33f811a82536ea721948b6213ec3c6b1bead546
SHA512

2d0118a60fe844820359d74cce1c9e6b9c2ba1e3e9c0d5bc70e2291dd8b0c5f8c5fca7e2aaa2dcda95513b536be0e867da7ce13d2310ba99a51dccc81fe4e2fd
SSDEEP

49152:nAekU5/m7b6zUgpcBqQSQ9Ea9jZQY0khQ:AeL/akQ9Ea9jZQY0km

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-22_21c943958d922227f66635aba64c5dd4_icedid

Files

2024-02-22_21c943958d922227f66635aba64c5dd4_icedid
.exe windows:4 windows x86 arch:x86

ef25e5121c076726cc9e388fdecab19b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ST3402_relation\ST3402_Download_Latest\20080606\ST3402\Build\ReleaseVivotek\Monitor.pdb

Imports

winmm

PlaySoundA

avsynchronizer

_AvSynchronizer_Release@4
_AvSynchronizer_DeleteChannel@8
_AvSynchronizer_Initial@32
_AvSynchronizer_GetCurrentSnapShot@12
_AvSynchronizer_CreateChannel@104
_AvSynchronizer_StartChannel@8
_AvSynchronizer_SetChannelOption@16
_AvSynchronizer_FreePicture@4
_AvSynchronizer_UpdateChannelSettings@44
_AvSynchronizer_StopChannel@4
_AvSynchronizer_InputEncodedMediaFrame@8
_AvSynchronizer_GetCapabilities@12

databroker

_DataBroker_DeleteConnection@8
_DataBroker_Disconnect@4
_DataBroker_CreateConnection@8
_DataBroker_ForceIFrame@4
_DataBroker_StartTxConnection@4
_DataBroker_StopTxConnection@4
_DataBroker_InputTxPacket@12
_DataBroker_SetConnectionExtraOption@16
_DataBroker_Connect@4
_DataBroker_SetConnectionUrlsExtra@28
_DataBroker_SetConnectionOptions@8
_DataBroker_SetOptions@8
_DataBroker_Release@4
_DataBroker_Initial@28

database

_MediaDB_DeleteOldestSequenceEx@12
_MediaDB_CloseCurrentFile@4
_MediaDB_OpenLocation@12
_MediaDB_CreateLocation@12
_MediaDB_RecordInitStatusBuffer@12
_MediaDB_CloseLocation@4
_MediaDB_RecordOneDataPacket@12
_MediaDB_GetLocationSizeByHandle@16
_MediaDB_Release@4
_MediaDBBackup_GetLastBackupTime@12
_MediaDB_GetTimeSegmentNumber@8
_MediaDB_GetLocationList@12
_MediaDB_GetLocationNum@8
_MediaDB_DeleteLocation@8
_MediaDBBackup_Initial@8
_MediaDB_Initial@12
_MediaDB_RepairLocationEx@20
_MediaDB_GetTimeSegmentInterval@12
_MediaDB_RepairDatabaseEx@12
_MediaDBBackup_Stop@4
_MediaDB_SetHierarchyType@4
_MediaDB_SetPrebufferMemorySize@4
_MediaDBBackup_SetOptions@20
_MediaDBBackup_SetBackupInfoCallback@12
_MediaDBBackup_Execute@4
_MediaDBBackup_Release@4
_MediaDB_ManuLocationStatus@16

serverutl

_ServerUtl_HttpOperation@16
_ServerUtl_GetDeviceModel@8
_ServerUtl_OpenDevice@8
_ServerUtl_SetDOLevel@16
_ServerUtl_Release@4
_ServerUtl_SetDevicePropertyHttp@44
_ServerUtl_HttpOperationRead@24
_ServerUtl_SetDeviceProperty@48
_ServerUtl_GetSysInfoSecEntry@16
_ServerUtl_GetSysInfo@20
_ServerUtl_CreateDeviceEx@16
_ServerUtl_MoveCamera@20
_ServerUtl_CreateDevice@8
_ServerUtl_SetDevicePropertyLite@44
_ServerUtl_SendPTZCommand@20
_ServerUtl_Initial@8
_ServerUtl_AbortNetworkOper@4
_ServerUtl_DeleteDevice@4

audioout

_AudioOut_Release@4
_AudioOut_GetWAVInfo@4
_AudioOut_StopBuffer@4
_AudioOut_PlayBuffer@4
_AudioOut_CreateStreamBuffer@36
_AudioOut_Initial@12
_AudioOut_DeleteBuffer@4

srvdepresource

_SrvDepResource_GetMappingFriendlyName@8
_SrvDepResource_GetParamForServer@8

packetmaker

_PacketMaker_StartAudioCapture@4
_PacketMaker_UpdateChannelSettings@16
_PacketMaker_SetAudioCaptureChannelOption@16
_PacketMaker_MakeAudioPacket@24
_PacketMaker_CreateChannel@12
_PacketMaker_Release@4
_PacketMaker_DeleteChannel@4
_PacketMaker_DeleteAudioCaptureChannel@4
_PacketMaker_StopAudioCapture@4
_PacketMaker_CreateAudioCaptureChannel@12
_PacketMaker_Initial@12

ws2_32

select
WSACleanup
WSAStartup
connect
htons
gethostbyname
inet_addr
recv
closesocket
setsockopt
ioctlsocket
socket
send

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetSetOptionA

iphlpapi

GetNetworkParams

kernel32

CreateFileMappingA
CopyFileA
TerminateThread
GetExitCodeThread
GetCurrentProcess
SetProcessShutdownParameters
GetModuleHandleA
CreateThread
CreateEventA
ResetEvent
WaitForMultipleObjects
GetCurrentDirectoryA
ReleaseSemaphore
WaitForMultipleObjectsEx
GetTimeFormatA
CreateSemaphoreA
lstrcpynA
WaitForSingleObjectEx
GlobalMemoryStatus
SetThreadPriority
GlobalMemoryStatusEx
RaiseException
lstrcmpiA
lstrlenW
CompareStringA
CompareStringW
OutputDebugStringA
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
MulDiv
SetLastError
MapViewOfFile
GetStdHandle
FindFirstFileA
FindClose
QueryPerformanceCounter
FlushConsoleInputBuffer
TlsSetValue
GetCurrentThread
TlsAlloc
TlsFree
InterlockedCompareExchange
ResumeThread
TlsGetValue
QueryPerformanceFrequency
FreeResource
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
InterlockedDecrement
LocalFree
FormatMessageA
lstrcmpA
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetProfileIntA
InterlockedIncrement
GlobalFlags
GlobalHandle
LocalReAlloc
GetCPInfo
GetOEMCP
FileTimeToSystemTime
WritePrivateProfileStringA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
FileTimeToLocalFileTime
GetFileAttributesA
SetErrorMode
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
GetDateFormatA
GetStartupInfoA
GetCommandLineA
SetConsoleCtrlHandler
SetStdHandle
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
UnmapViewOfFile
GetCurrentProcessId
OpenProcess
WinExec
SleepEx
TerminateProcess
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
SetFileTime
CompareFileTime
GetFileTime
GetSystemDirectoryA
GetVersion
CreateMutexA
OpenMutexA
ReleaseMutex
GetDiskFreeSpaceExA
GetLastError
GetLocalTime
SetLocaleInfoA
CreateDirectoryA
lstrlenA
FreeLibrary
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetTickCount
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GlobalAlloc
CreateFileA
WriteFile
CloseHandle
GlobalFree
GetSystemInfo
SetEvent
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
GetFileType

user32

SetDlgItemTextA
IsDialogMessageA
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenuState
SetMenuItemBitmaps
wsprintfA
GetWindowDC
BeginPaint
EndPaint
PostQuitMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
CharNextA
GetSysColorBrush
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetProcessWindowStation
GetUserObjectInformationW
IsRectEmpty
GetMessagePos
IsClipboardFormatAvailable
GetClassInfoA
DefWindowProcA
InvertRect
SetRect
IsWindowVisible
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetDoubleClickTime
ClipCursor
RedrawWindow
ValidateRect
UnregisterClassA
CharUpperA
EnumDisplaySettingsA
MoveWindow
ChangeDisplaySettingsA
SystemParametersInfoA
GrayStringA
DrawTextExA
TabbedTextOutA
DrawEdge
GetFocus
wvsprintfA
GetWindow
GetDlgItem
GetWindowTextA
SetWindowTextA
GetDlgCtrlID
ExitWindowsEx
SetWindowLongA
EnumDisplayMonitors
GetMonitorInfoA
LoadIconA
ChildWindowFromPointEx
IsIconic
GetSystemMenu
ModifyMenuA
InsertMenuA
EnableMenuItem
AppendMenuA
CreatePopupMenu
DrawIcon
IntersectRect
MessageBoxA
CreateWindowExA
SetWindowPos
LockWindowUpdate
DrawTextA
ReleaseDC
GetDC
LoadBitmapA
GetCursorPos
ReleaseCapture
GetDesktopWindow
SetCapture
GetCapture
ScreenToClient
PtInRect
EnumThreadWindows
GetClassNameA
GetKeyState
GetSubMenu
TrackPopupMenuEx
DestroyMenu
DestroyCursor
LoadImageA
GetIconInfo
SetCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
SendMessageA
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
LoadCursorA
SetClassLongA
GetSysColor
DrawStateA
DestroyIcon
GetSystemMetrics
GetWindowRect
PostMessageA
IsWindow
SetForegroundWindow
RegisterWindowMessageA
WinHelpA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
KillTimer
SetTimer
LoadStringA
EnableWindow
GetClientRect
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
MapWindowPoints
ShowWindow
TrackPopupMenu
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
RegisterClassA
CallWindowProcA
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
EndDialog
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DrawFocusRect

gdi32

GetPixel
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
GetObjectA
CreateFontIndirectA
Rectangle
EndDoc
EndPage
StretchBlt
CreateDIBSection
StartPage
StartDocA
GetDeviceCaps
GetTextExtentPoint32A
TextOutA
GetBkColor
GetViewportOrgEx
GetWindowOrgEx
PtVisible
RectVisible
ExtTextOutA
Escape
LineTo
MoveToEx
GetTextMetricsA
GetCurrentObject
CreateFontA
PatBlt
SetBkMode
GetClipBox
SaveDC
RestoreDC
SetMapMode
SetTextAlign
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CopyMetaFileA
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
CreatePen
SetPixel
DeleteObject
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
PrintDlgA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetNamedSecurityInfoA
RevertToSelf
ImpersonateLoggedOnUser
LogonUserA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteExA
SHBrowseForFolderA

comctl32

ImageList_Create
_TrackMouseEvent
InitCommonControlsEx
ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Destroy

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
DoDragDrop
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData

oleaut32

SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreateVector
SysAllocString
VariantInit
VariantChangeType
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantCopy
VariantTimeToSystemTime
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
VarUdateFromDate
SystemTimeToVariantTime
SysFreeString
SafeArrayGetLBound

wsock32

bind
WSASetLastError
getsockopt
getsockname
accept
sendto
listen
__WSAFDIsSet
shutdown
ntohs
getservbyport
gethostbyaddr
getservbyname
inet_addr
htonl
WSAGetLastError

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 696KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef25e5121c076726cc9e388fdecab19b

Headers

File Characteristics

PDB Paths

Imports

winmm

avsynchronizer

databroker

database

serverutl

audioout

srvdepresource

packetmaker

ws2_32

version

wininet

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 72KB - Virtual size: 803KB

.rsrc Size: 696KB - Virtual size: 693KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 72KB - Virtual size: 803KB

.rsrc
Size: 696KB - Virtual size: 693KB