2024-02-24_083fa636e2f90443a07c926a556b5d92_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_083fa636e2f90443a07c926a556b5d92_icedid
Size

436KB
MD5

083fa636e2f90443a07c926a556b5d92
SHA1

23101d88da897570185de27c48ffd01dcfe64275
SHA256

c3f3e434ad6ad091685221f4ba3965d62f1f976932ef4b6e909659cbeddfdccb
SHA512

a3f51141a76fc28f7bc733dd8b69f559258e5c8b34bf8b79a20adb7d70473787a9e7898084cee62fa28e2aaed298d1b25e99c8e3014daeb71fc93f678f52fa8d
SSDEEP

12288:Zvh6MD1crGvK/sn03AFze8XBsII4jB3Oh5wTE:RD1XKknmAFzHKIIEBMwTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_083fa636e2f90443a07c926a556b5d92_icedid

Files

2024-02-24_083fa636e2f90443a07c926a556b5d92_icedid
.exe windows:4 windows x86 arch:x86

a20886d9b3bee11bbfa9a952d284c57f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gvftservice

_GvFts_NotifyNewConnect@4
_GvFts_NotifySend@16
_GvFts_ReceiveData@12
_GvFts_Initialize@4
_GvFts_NotifyDisconnect@4
_GvFts_Release@0

gvport

IsGeoPortLocal
GetGeoSvrName
GvDisableApFirewall

gvserverdll

?StopServer@@YAHXZ
?StartServer@@YAHIP6GHPBD@Z@Z

ipcsvr

IPCSvrSendRawData
IPCSvrFreeSendBuff
IPCSvrAllocSendBuff
IPCStopService
IPCSvrChangeCodec
InitIPCSvr
UninitIPCSvr
StartIPCSvr
StopIPCSvr
IPCIsMulticamRun

passdll

SetAutoStartBits
CheckOptionDlg
CheckOptionDlg_64
GetCurUser_64
GetPrivilege_64
ChecknCleanASBit

routercontrol

_ReleaseUPnPControl@4
_CreateUPnPControl@0
_IsSupportUPnP@4

rssserver

?StopRSSServer@@YAHXZ
?StartRSSServer@@YAHP6GHPBD0@ZP6GHXZ@Z

kernel32

DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetFileAttributesA
GetFileTime
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetTickCount
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
VirtualProtect
GetFileSize
GetSystemInfo
VirtualQuery
lstrcmpW
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
VirtualAlloc
lstrcatA
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WaitForSingleObject
OpenProcess
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
FreeResource
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
MoveFileExA
GetPrivateProfileStringA
WinExec
DeleteFileA
FindNextFileA
FindFirstFileA
FindClose
GetDiskFreeSpaceExA
OutputDebugStringA
CreateProcessA
ResetEvent
FormatMessageA
LocalFree
SetErrorMode
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetLocalTime
RaiseException
ReleaseMutex
CreateMutexA
CreateEventA
CreateThread
WaitForMultipleObjects
CreateDirectoryA
CopyFileA
SetEvent
GetCurrentDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
GetACP
GetStartupInfoA

user32

PostThreadMessageA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
wsprintfA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetMenu
SetParent
ScreenToClient
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
PtInRect
ReleaseDC
GetDC
GetClientRect
CopyRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
UnhookWindowsHookEx
SetMenuItemBitmaps
ModifyMenuA
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
GetMenuItemInfoA
InflateRect
MessageBeep
DestroyWindow
GetNextDlgGroupItem
SetCapture
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
MessageBoxA
GetParent
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
GetSysColorBrush
WindowFromPoint
SetRect
IsZoomed
UnpackDDElParam
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReuseDDElParam
LoadMenuA
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
AdjustWindowRectEx
InsertMenuItemA
IsWindowVisible
PostMessageA
SetForegroundWindow
ShowWindow
IsIconic
FindWindowA
SetWindowTextA
SendMessageA
GetFocus
EnableWindow
DrawTextA
GetSysColor
DrawFocusRect
FillRect
UnregisterClassA
UpdateWindow
SetTimer
KillTimer
FlashWindow
LoadIconA
CloseWindow
GetTopWindow
GetCursorPos
SetCursor
LoadCursorA
CharUpperA

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
StretchDIBits
GetCharWidthA
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetRgnBox
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
GetClipBox
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
CreateFontA
SetTextColor
ScaleViewportExtEx
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegDeleteValueA

shell32

SHGetMalloc
SHGetDesktopFolder
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA
DragFinish
ord165
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecA

oledlg

ord8

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoTaskMemAlloc
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysFreeString
VariantCopy
VariantInit
VariantClear
VariantTimeToSystemTime
VarUdateFromDate
VariantChangeType
SystemTimeToVariantTime
VarBstrFromDate
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
OleCreateFontIndirect
GetErrorInfo
SafeArrayDestroy

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr
inet_ntoa
ntohl
htonl

Sections

.text
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a20886d9b3bee11bbfa9a952d284c57f

Headers

File Characteristics

Imports

gvftservice

gvport

gvserverdll

ipcsvr

passdll

routercontrol

rssserver

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

ws2_32

Sections

.text Size: 284KB - Virtual size: 282KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 284KB - Virtual size: 282KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 68KB - Virtual size: 66KB