2024-02-22_38c4efa0e61c57fe965632449bc0527e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-22_38c4efa0e61c57fe965632449bc0527e_icedid
Size

780KB
MD5

38c4efa0e61c57fe965632449bc0527e
SHA1

0587f9c62edf1d2a1808246b6ca942277dc7e8b8
SHA256

50d6f2625b9a434668935ca7abf4743a6d556079fb2047aa13558b889b1e2b2b
SHA512

5c8516ed3c7d595b8df1c19a5fc6814d115e8cbde3a8425ad75077f6ea36c36d15fb37f682d6a76f80f6b824b9e5a5e2d5e92e43a7cb1fd5f2729178ac6539fc
SSDEEP

12288:s/fmwjRBJox7LhCDJYtW/c4VgvSy6FjHp61NlObJI4xXAlF8sLuVQ:8JjRBuHhrW/c4ySy6FdauJIWXk8sL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-22_38c4efa0e61c57fe965632449bc0527e_icedid

Files

2024-02-22_38c4efa0e61c57fe965632449bc0527e_icedid
.exe windows:4 windows x86 arch:x86

606d7cac5bc908cf84ff0f02d61a4459

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SpamBuster\src\Tmas_oe\make\Release\TMAS_OE.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
SetFileAttributesA
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetErrorMode
LocalUnlock
LocalLock
GetTempFileNameA
GetDiskFreeSpaceA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStartupInfoA
GetCommandLineA
GetDriveTypeA
HeapReAlloc
SetStdHandle
GetFileType
GetCurrentProcess
HeapSize
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
FatalAppExitA
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetCurrentDirectoryA
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetLocaleInfoW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
SystemTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
SuspendThread
ResumeThread
SetThreadPriority
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
RaiseException
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
FreeResource
SetLastError
GlobalFree
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
CreateFileA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
GetCurrentProcessId
VirtualQuery
LoadLibraryA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
ReleaseSemaphore
CreateSemaphoreA
LoadLibraryExA
FreeLibrary
Sleep
GetModuleFileNameA
CreateMutexA
CreateEventA
GetTimeZoneInformation
CreateProcessA
CloseHandle
GetPrivateProfileIntA
ReleaseMutex
WritePrivateProfileStringA
GetPrivateProfileStringA
SetEvent
InterlockedDecrement
DeleteCriticalSection
ResetEvent
InterlockedIncrement
WaitForSingleObject
FormatMessageA
LocalFree
MultiByteToWideChar
GetLastError
CreateDirectoryA
RemoveDirectoryA
FindFirstFileA
CopyFileA
FindNextFileA
FindClose
DeleteFileA
GetProcAddress
GetModuleHandleA
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TerminateProcess

user32

SetMenu
TranslateAcceleratorA
GetTabbedTextExtentA
SetRect
MessageBeep
IsClipboardFormatAvailable
DestroyIcon
DeleteMenu
DestroyMenu
GetMenuItemInfoA
InflateRect
GetDialogBaseUnits
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadCursorA
GetSysColorBrush
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowOwnedPopups
SetCursor
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
SetRectEmpty
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
ShowScrollBar
GetClientRect
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
UnregisterClassA
SetWindowPlacement
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
SetParent
PtInRect
GetFocus
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
SetFocus
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetSystemMenu
SetCapture
LockWindowUpdate
GetDCEx
WindowFromPoint
UnionRect
IsRectEmpty
LoadMenuA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
TrackPopupMenuEx
CreatePopupMenu
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfA
InvalidateRect
UpdateWindow
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetClassInfoA
KillTimer
SetTimer
MessageBoxA
LoadIconA
FindWindowA
FindWindowExA
IsWindowVisible
PostMessageA
SendMessageA
SetForegroundWindow
SetActiveWindow
BringWindowToTop
EnableWindow
GetSystemMetrics
GetSysColor
PostQuitMessage

gdi32

EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
ExtTextOutA
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetCharWidthA
StartPage
EndPage
SetAbortProc
GetObjectType
EndDoc
CreateCompatibleBitmap
StretchDIBits
CreateFontA
GetBkColor
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDCOrgEx
CreateDCA
CopyMetaFileA
AbortDoc
GetDeviceCaps
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape

comdlg32

FindTextA
CommDlgExtendedError
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA
PageSetupDlgA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

SetFileSecurityA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegSetValueA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
GetFileSecurityA
RegCloseKey
RegCreateKeyA

shell32

Shell_NotifyIconA
SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetFileInfoA
DragQueryFileA
DragFinish
ExtractIconA

comctl32

ord17
ord13
ImageList_Read
ImageList_Write
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Draw
ImageList_GetImageInfo

shlwapi

UrlUnescapeA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString

oleaut32

SysAllocString
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarDateFromStr
SysReAllocStringLen
VariantChangeType
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
GetErrorInfo
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysStringLen
LoadRegTypeLi
VariantClear
SysAllocStringLen
SetErrorInfo
CreateErrorInfo

rpcrt4

UuidCreateNil

wininet

InternetQueryOptionA
HttpOpenRequestA
InternetOpenUrlA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
GopherFindFirstFileA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionExA
InternetSetCookieA

Sections

.text
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606d7cac5bc908cf84ff0f02d61a4459

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

rpcrt4

wininet

Sections

.text Size: 600KB - Virtual size: 596KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 600KB - Virtual size: 596KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 24KB - Virtual size: 22KB