2024-02-23_721fcc7e9a7bf2465fe8a8b1b15f0cc6_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-23_721fcc7e9a7bf2465fe8a8b1b15f0cc6_icedid
Size

1.9MB
MD5

721fcc7e9a7bf2465fe8a8b1b15f0cc6
SHA1

eb38d0303f105f36b75a9cf62fc324b5a09b92ca
SHA256

0283c1f675dc65c2af8ae4765ade58d749d6fcf98bda9648085fa95d58a0c013
SHA512

edb89862f8be5e2fbf64459c2914463a5bec0e88a31b409d89172879dced0e9d46cd06b630cc98d3c1d6aedad3d2e55f1b940d78e58a701edf8a4890a92b2fad
SSDEEP

49152:39S/eqOBlt7WsDgyKEx5GWbBydt+9ZVtckd4lTbdl4edkn:3U2qOrNWsUyx5GWbBAt+fskdATbdl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-23_721fcc7e9a7bf2465fe8a8b1b15f0cc6_icedid

Files

2024-02-23_721fcc7e9a7bf2465fe8a8b1b15f0cc6_icedid
.exe windows:5 windows x86 arch:x86

21f199283322a9035e08f282e4aa89c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sources\VCPP\cz_1x\tmp\Client2\ReleaseDemo\PDB\Client2.pdb

Imports

language

?UDP_ERROR_CANT_START@@3QBDB
?SETUPCLIENT2_NAPOMINANIYA_DEFAULT_DOKONCA@@3QBDB
?SETUPCLIENT2_NAPOMINANIYA_DEFAULT_OTRABOTANNO@@3QBDB
?SETUPCLIENT2_NAPOMINANIYA_DEFAULT_TIMEOUT@@3QBDB
?SETUPCLIENT2_NAPOMINANIYA_DEFAULT_FREE@@3QBDB
?GOGA_USER_TITLE@@3QBDB
?GOGA_USER_ACCEPT@@3QBDB
?USBPLUG_NOTIFY_VOLUME@@3QBDB
?T_ADMINPASSWORD@@3QBDB
?CLIENT_BANNER_PAUSE_MODE@@3QBDB
?WARNING_V@@3QBDB
?MSG_SETTINGS_ERR@@3QBDB
?MSG_OLE_ERR@@3QBDB
?MSG_SOCK_ERR@@3QBDB
?ERROR_V@@3QBDB
?TYPE_SPECIAL_CLIENT_PWD@@3QBDB
?CANCEL_V@@3QBDB
?PRINYAT_V@@3QBDB
?T_BLOCK_INFO@@3QBDB

kernel32

SetUnhandledExceptionFilter
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetCurrentDirectoryW
GetStdHandle
GetStringTypeW
ReadConsoleW
CreateDirectoryW
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
LCMapStringW
WriteConsoleW
OutputDebugStringW
CreateFileW
UnhandledExceptionFilter
ExitProcess
IsValidCodePage
GetFileType
SetStdHandle
HeapQueryInformation
OpenProcess
CloseHandle
LockResource
LoadResource
SizeofResource
FindResourceW
WideCharToMultiByte
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
GetVersionExA
FreeLibrary
AreFileApisANSI
GetVersion
GetCurrentProcess
GetCurrentProcessId
SetThreadPriority
GetLastError
ReleaseMutex
WaitForSingleObject
FindClose
lstrlenA
CreateMutexA
CreateEventA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
FindFirstFileA
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetDriveTypeW
ExitThread
CreateThread
GetFullPathNameW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetTempPathA
GetTempFileNameA
VerifyVersionInfoA
VerSetConditionMask
lstrcpyA
GetACP
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
SetErrorMode
GetFileTime
GetProcAddress
GetModuleHandleExW
FindNextFileA
SetPriorityClass
MultiByteToWideChar
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
lstrcmpA
SuspendThread
CompareStringA
GlobalFindAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GlobalGetAtomNameA
GlobalAddAtomA
GetVolumeInformationA
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFileSize
FlushFileBuffers
DeleteFileA
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
GetFullPathNameA
CreateProcessA
Sleep
GetCurrentThreadId
lstrcmpiA
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
HeapReAlloc
DecodePointer
InterlockedDecrement
GetPriorityClass
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFileAttributesA
CreateFileA
GetWindowsDirectoryA
DeviceIoControl
ResumeThread
GetProcessHeap
HeapFree
HeapAlloc
WinExec

user32

DrawIcon
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
DrawFrameControl
DrawEdge
LoadImageW
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
GetIconInfo
DrawIconEx
DrawFocusRect
GetNextDlgGroupItem
GetMenuDefaultItem
LockWindowUpdate
SetCapture
WindowFromPoint
SetRect
IsClipboardFormatAvailable
CopyImage
SetParent
DeleteMenu
GetSystemMenu
IsRectEmpty
UnionRect
GetMenuItemInfoA
RealChildWindowFromPoint
GetSysColorBrush
MapVirtualKeyA
GetKeyNameTextA
RegisterClipboardFormatA
WaitMessage
ShowOwnedPopups
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetCursorPos
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
GetTopWindow
GetClassLongA
PtInRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
TrackPopupMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
ToAsciiEx
IsChild
GetWindowRgn
CallWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
ReuseDDElParam
UnpackDDElParam
WinHelpA
LoadImageA
DestroyIcon
GetComboBoxInfo
GetWindow
GetClassNameA
SetWindowLongA
EqualRect
OffsetRect
SetRectEmpty
SetCursor
SetActiveWindow
UpdateWindow
InsertMenuItemA
DestroyMenu
CreatePopupMenu
SetMenu
GetMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
GetCapture
GetKeyState
GetActiveWindow
GetDlgCtrlID
GetDlgItem
BringWindowToTop
IsIconic
IsWindowVisible
IsWindow
GetClassInfoA
CharUpperA
GetLastActivePopup
GetWindowLongA
IsWindowEnabled
IntersectRect
InflateRect
CopyRect
GetSysColor
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetDesktopWindow
MessageBeep
ExitWindowsEx
UnregisterClassA
BlockInput
GetClipCursor
ReleaseDC
GetDC
PostThreadMessageA
PeekMessageA
EnumChildWindows
GetParent
SetWindowPos
GetWindowModuleFileNameA
SystemParametersInfoW
SystemParametersInfoA
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
OemToCharBuffA
UnregisterDeviceNotification
DestroyCursor
MapDialogRect
CreateMenu
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
FrameRect
CharUpperBuffA
ModifyMenuA
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetCursorPos
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
GetClassInfoExA
LoadAcceleratorsW
GetKeyboardLayout
DestroyWindow
IsZoomed
RegisterDeviceNotificationA
RegisterHotKey
CreateDesktopA
GetWindowThreadProcessId
GetShellWindow
ClipCursor
InvalidateRect
SetForegroundWindow
GetForegroundWindow
EnableWindow
mouse_event
keybd_event
ShowWindow
GetUserObjectInformationA
CloseDesktop
OpenInputDesktop
LoadCursorA
SetClassLongA
FillRect
GetWindowRect
GetClientRect
GetWindowTextA
RedrawWindow
GetSystemMetrics
KillTimer
SetTimer
SetFocus
MoveWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SetThreadDesktop
SwitchDesktop
LoadIconW
LoadMenuW
ShowScrollBar

gdi32

SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsA
GetBkColor
RestoreDC
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SelectPalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetDeviceCaps
ExtSelectClipRgn
SelectClipRgn
GetDIBits
SaveDC
CreateDCA
CopyMetaFileA
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
SetDIBitsToDevice
TextOutA
GetClipBox
CreatePalette
CreateSolidBrush
DeleteObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptGetHashParam
CryptDestroyKey
CryptDeriveKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegOpenCurrentUser
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegSetValueExA
RegDeleteValueA
RegSetValueExW
RegOpenKeyExW
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetFileInfoA
DragQueryFileA
DragFinish
SHAppBarMessage
SHGetMalloc
ShellExecuteA
SHGetDesktopFolder

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
StrFormatKBSizeA
StrStrIA
PathRemoveFileSpecW

uxtheme

DrawThemeParentBackground
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeText

ole32

CoCreateInstance
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
CoUninitialize
CoInitialize
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoDisconnectObject
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysAllocStringLen
VariantInit
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantChangeType

ws2_32

socket
sendto
send
ntohs
htons
gethostbyname
listen
accept
bind
closesocket
connect
WSAAsyncSelect
WSASetLastError
inet_addr
WSACleanup
getpeername
WSAGetLastError
htonl
inet_ntoa
recv
recvfrom
WSAStartup
select

oledlg

ord8

winmm

waveOutOpen
mmioAscend
mixerGetNumDevs
mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetID
PlaySoundA
mixerSetControlDetails
mixerGetControlDetailsA
waveOutClose
mmioDescend
mmioRead
mmioClose
mmioOpenA
mixerGetLineControlsA

setupapi

SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

iphlpapi

GetExtendedUdpTable
GetAdaptersInfo

psapi

GetModuleFileNameExA

crashrpt1402

ord9
ord8
ord24

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21f199283322a9035e08f282e4aa89c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

language

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

ws2_32

oledlg

winmm

setupapi

iphlpapi

psapi

crashrpt1402

oleacc

gdiplus

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 341KB - Virtual size: 341KB

.data Size: 24KB - Virtual size: 56KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 341KB - Virtual size: 341KB

.data
Size: 24KB - Virtual size: 56KB

.rsrc
Size: 40KB - Virtual size: 39KB