2024-02-25_4cef9d3a01801d8b774c71ac0cd3a872_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_4cef9d3a01801d8b774c71ac0cd3a872_icedid
Size

312KB
MD5

4cef9d3a01801d8b774c71ac0cd3a872
SHA1

75f493e3c11df4aabd7e8238ef4156ac7ac0a12f
SHA256

6e8619c10a16888d9a90304c1dfb2bc237baaf3e3f6198dc162fa1d971af9776
SHA512

ff0ff9dfc3e5b18747491a531746151a93dffbbdf6ddc5631bc636bad0183e784f58637f598703cbbe4a511d8e550d4734ec0758eee43e8871ff71e21efa6669
SSDEEP

6144:aCInyAOm7G5OTozYj2uRVWYdWuiQt8eYVjz5AOb6d6qqDLu:aCInyAU5OToU2uRV0u7oVjz5YVqnu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-25_4cef9d3a01801d8b774c71ac0cd3a872_icedid

Files

2024-02-25_4cef9d3a01801d8b774c71ac0cd3a872_icedid
.exe windows:4 windows x86 arch:x86

ffae894fe345a1db870078ae71c6ce3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\Base\source\Clients\Admin\PackageCreator\PrnInstall\Release\PrnInstall.pdb

Imports

kernel32

GetFileAttributesA
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableA
LoadLibraryExA
CreateProcessA
OutputDebugStringA
GetSystemDirectoryA
GetLocalTime
FileTimeToLocalFileTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
GetCurrentDirectoryA
lstrcatA
WritePrivateProfileStringA
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedIncrement
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
WaitForSingleObject
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
FormatMessageA
LocalFree
CopyFileA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
Sleep
InterlockedDecrement
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnhandledExceptionFilter
InterlockedExchange

user32

DestroyMenu
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
CharUpperA
SendMessageTimeoutA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
TabbedTextOutA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextA
GetClassNameA
RegisterClassA
UnregisterClassA
PostMessageA
PostQuitMessage
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
GetCapture
ClientToScreen
GetWindowTextA
UnhookWindowsHookEx
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
wsprintfA
GetSystemMetrics
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetMessageTime

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

comdlg32

GetFileTitleA

winspool.drv

EnumPrintProcessorDatatypesA
EnumPrintProcessorsA
EnumPortsA
GetPrinterA
GetPrinterDriverDirectoryA
GetPrintProcessorDirectoryA
EnumPrinterDriversA
SetPrinterA
OpenPrinterA
DocumentPropertiesA
AddPrinterA
ClosePrinter
AddPrinterDriverA
AddPrintProcessorA
DeletePrinter

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleaut32

VarUdateFromDate
VariantClear
VariantChangeType
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
SysFreeString

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffae894fe345a1db870078ae71c6ce3f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oleaut32

version

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 36KB - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 36KB - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 14KB