2024-02-28_4b1b6e75eea05bb6132ba73f64fd3926_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_4b1b6e75eea05bb6132ba73f64fd3926_icedid
Size

10.6MB
MD5

4b1b6e75eea05bb6132ba73f64fd3926
SHA1

52b89466009dad114bfcd079440c7e2a933d5531
SHA256

0a77e9e6bc8a79e6e00a3732d92e0192037045a748cce0bbf13bfa0ea9abcf5d
SHA512

a33a85936a3f784c281c65a586003f5488c54f4426d5897eec759c74d0ed61c852a11f8316d6433cffca21facdc016f22108a616ee6249e26c67da5eaabe8394
SSDEEP

196608:9xzRXFmrX+pAekwnNbn8dskGMt+VbPS3h5lMKT3xSJmuyPOPaRyd:9GWWGiM+s

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_4b1b6e75eea05bb6132ba73f64fd3926_icedid

Files

2024-02-28_4b1b6e75eea05bb6132ba73f64fd3926_icedid
.exe windows:5 windows x86 arch:x86

0b9d4c2326fbf99fffc48192368f6293

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

kernel32

GetConsoleMode
ReadConsoleW
MoveFileExW
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
GetConsoleCP
GetTimeFormatW
LCMapStringW
WriteConsoleW
OutputDebugStringW
GetFileAttributesExW
SetEnvironmentVariableA
lstrlenW
GetDateFormatW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
Sleep
GetLastError
DeleteFileA
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
QueryDosDeviceA
CopyFileA
lstrlenA
MultiByteToWideChar
LoadLibraryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
FormatMessageA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DecodePointer
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MoveFileA
FindClose
FindFirstFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStartupInfoW
GetStringTypeW
IsValidCodePage
GetFileType
SetStdHandle
HeapQueryInformation
ExitThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetTimeZoneInformation
GetModuleHandleExW
ExitProcess
GetCommandLineA
AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
SearchPathA
VerifyVersionInfoA
VerSetConditionMask
lstrcpyA
GetWindowsDirectoryA
GetProfileIntA
FindResourceExW
SetErrorMode
GetCPInfo
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
LocalUnlock
LocalLock
LocalAlloc
ReplaceFileA
GetDiskFreeSpaceA
VirtualProtect
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetEvent
lstrcmpA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetFileSizeEx
FileTimeToLocalFileTime
CompareStringA
GlobalGetAtomNameA
FindNextFileA
CloseHandle
ReleaseMutex
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GlobalSize
SetLastError
LoadLibraryExA
GetComputerNameA
CreateSemaphoreA
ReleaseSemaphore
CreateFileW
GetVersionExA
IsBadReadPtr
LocalFileTimeToFileTime
SetEndOfFile
ReadFile
GetFileTime
GetFileSize
GetOEMCP
GetACP
GetComputerNameW
CreateMutexA
GetModuleFileNameA
GetCurrentThreadId
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
CompareFileTime
MoveFileW
CopyFileW
GetModuleFileNameW
SetFilePointer
SetFileAttributesW
GetFullPathNameW
GetFullPathNameA
GetFileAttributesW
GetFileAttributesA
FindNextFileW
FindFirstFileW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetCurrentDirectoryA
CreateThread
WriteFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemTimeAsFileTime
SetFileTime
GetFileAttributesExA
CreateFileA
GetVolumeInformationA
GetTickCount
SetFileAttributesA
GetTempPathA
FreeLibrary
GetProcAddress
GetModuleHandleW
GetSystemDirectoryA
GetLongPathNameA
RemoveDirectoryA
CreateDirectoryA
MulDiv
WaitForSingleObject
WinExec
GetSystemTime
TerminateProcess

user32

SetClipboardData
EnumDisplayMonitors
SetLayeredWindowAttributes
LockWindowUpdate
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
GetNextDlgGroupItem
GetMenuDefaultItem
SetWindowContextHelpId
CharNextA
InvalidateRgn
WaitMessage
RegisterClipboardFormatA
GetSystemMenu
UnionRect
CreateMenu
PostThreadMessageA
GetTabbedTextExtentW
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
PostQuitMessage
SetCursorPos
LoadAcceleratorsW
SetParent
DeleteMenu
CopyAcceleratorTableA
SendNotifyMessageA
InSendMessage
CountClipboardFormats
IsZoomed
ShowOwnedPopups
GetTabbedTextExtentA
IsClipboardFormatAvailable
ReuseDDElParam
UnpackDDElParam
LoadImageA
DestroyIcon
InsertMenuItemA
LoadMenuA
LoadAcceleratorsA
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
TranslateAcceleratorA
WindowFromPoint
IntersectRect
MapVirtualKeyA
GetKeyNameTextA
MapDialogRect
GetAsyncKeyState
TranslateMessage
GetMessageA
CharUpperA
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsRectEmpty
SetWindowRgn
DrawIcon
ReleaseCapture
SetCapture
DestroyCursor
LoadCursorW
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
DrawStateA
SetDlgItemTextA
MoveWindow
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetClassNameA
GetClassLongA
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
RegisterWindowMessageA
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
GetActiveWindow
MessageBoxA
GetDesktopWindow
LoadImageW
DrawEdge
DrawFrameControl
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetClassLongA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
CharUpperBuffA
GetUpdateRect
SubtractRect
GetWindowRgn
CheckDlgButton
OffsetRect
SetCursor
GetWindow
GetLastActivePopup
GetTopWindow
IsChild
PeekMessageA
SetWindowLongA
GetWindowLongA
GetWindowThreadProcessId
SetForegroundWindow
GetFocus
ShowWindow
GetKeyboardLayout
GetMessageExtraInfo
FindWindowA
IsWindowVisible
CopyRect
UnregisterClassA
LoadBitmapW
UpdateWindow
EqualRect
LoadCursorA
MessageBeep
EmptyClipboard
CloseClipboard
OpenClipboard
ModifyMenuA
PostMessageA
CreatePopupMenu
GetWindowInfo
GetSystemMetrics
GetDCEx
SetRectEmpty
ReleaseDC
KillTimer
SetTimer
GetDlgCtrlID
SetRect
GetCursorPos
DrawFocusRect
RedrawWindow
FrameRect
BringWindowToTop
IsIconic
FillRect
GetParent
GetSysColor
PtInRect
GetWindowRect
GetMenuItemCount
GetMenuItemID
GetDC
CheckMenuItem
ScreenToClient
WindowFromDC
AppendMenuA
InsertMenuA
IsWindow
SendMessageA
GetClientRect
InvalidateRect
RemoveMenu
GetSubMenu
EnableMenuItem
LoadMenuW
EnableWindow
IsWindowEnabled

gdi32

SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
StartDocA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
PatBlt
DPtoLP
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
SetAbortProc
CreateRectRgnIndirect
CombineRgn
GetMapMode
SetRectRgn
GetCharWidthA
GetTextMetricsA
GetWindowOrgEx
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
EnumFontFamiliesA
GetTextCharsetInfo
SetDIBColorTable
CreatePolygonRgn
Polygon
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
CopyMetaFileA
GetDIBits
SetViewportOrgEx
GetViewportOrgEx
GetStockObject
SetStretchBltMode
StretchDIBits
StretchBlt
DeleteObject
CreateDIBitmap
UnrealizeObject
SetBrushOrgEx
CreateCompatibleBitmap
Rectangle
DeleteDC
CreateFontA
BitBlt
EnumFontFamiliesExA
CreateCompatibleDC
GetTextAlign
SetPixel
GetDeviceCaps
GetTextExtentPoint32A
EndPage
GetCurrentObject
GetObjectA
EndDoc
StartPage
Arc
CreatePen
CreateSolidBrush
Pie
GetBkColor
GetTextColor
Polyline
CreateFontIndirectA
AbortDoc
GetPixel
CreateDCA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
GetJobA
ord201
EnumPrintersA
ClosePrinter
GetPrinterA
OpenPrinterA

advapi32

CryptGetUserKey
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
CryptAcquireContextA
RegEnumValueA
CryptReleaseContext
CryptGenRandom
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptImportKey
RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
RegSetValueA
CryptEnumProvidersA
CryptGetProvParam
CryptSignHashA
CryptSetHashParam
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

SHAddToRecentDocs
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteA
ExtractIconA
SHGetFileInfoA

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
StrFormatKBSizeA

uxtheme

GetThemeColor
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent

ole32

OleCreateStaticFromData
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
WriteFmtUserTypeStg
ReadFmtUserTypeStg
OleDuplicateData
ReleaseStgMedium
OleRegGetUserType
SetConvertStg
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageFile
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoInitializeEx
CreateFileMoniker
CreateILockBytesOnHGlobal
CoUninitialize
OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateMenuDescriptor
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleLockRunning
OleGetIconOfClass
GetHGlobalFromILockBytes
OleIsRunning
OleSetMenuDescriptor
CoLockObjectExternal
GetRunningObjectTable
CoDisconnectObject
OleRegGetMiscStatus
OleRegEnumVerbs
OleDraw
CoCreateGuid
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
DoDragDrop
OleIsCurrentClipboard

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
SysAllocString
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantClear
VarBstrFromDate
OleCreateFontIndirect
SysStringLen
SysFreeString
VariantInit
GetErrorInfo
CreateErrorInfo

oledlg

ord1
ord3
ord4
ord5
ord11
ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

crypt32

CryptEncryptMessage
CryptDecryptMessage
CertFindCertificateInStore
CertEnumCertificatesInStore
CertGetSubjectCertificateFromStore
CertCloseStore
CertOpenStore
CertNameToStrW
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertFreeCertificateContext
CertCreateCertificateContext
CryptDecodeObject
CryptEncodeObject
CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CryptMsgControl
CryptSignMessage
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CertDuplicateCertificateContext

ws2_32

inet_addr
accept
WSAStartup
bind
closesocket
connect
ioctlsocket
htons
getsockname
getsockopt
WSAGetLastError
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
shutdown
socket
gethostbyname
gethostname
__WSAFDIsSet

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 404KB - Virtual size: 899KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 974KB - Virtual size: 973KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b9d4c2326fbf99fffc48192368f6293

Headers

DLL Characteristics

File Characteristics

Imports

version

wtsapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

crypt32

ws2_32

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 404KB - Virtual size: 899KB

.rsrc Size: 974KB - Virtual size: 973KB

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 404KB - Virtual size: 899KB

.rsrc
Size: 974KB - Virtual size: 973KB