2024-02-28_1f0f6e2fa54af37dfd865c0f3fcef537_icedid_vidar

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-28_1f0f6e2fa54af37dfd865c0f3fcef537_icedid_vidar
Size

7.3MB
MD5

1f0f6e2fa54af37dfd865c0f3fcef537
SHA1

5b41184a97074213b3fe011bf8d8da4455e558c6
SHA256

82cbb913227ccf9860674f04e3f004a95c0cef2b4fcb9f59624eaf07604fc459
SHA512

f8ec5db284ae0920cef81065f2311874a8b65574178b4cfe503efb99c6f4c092a75905438821e16eb9b15b3654cee62dfde485655a21fd7c665bc314b06605e3
SSDEEP

196608:+BSy+mrYsRKwDbA3b6RXDq4axK6jTv7pY+BOarNfniu6lIZJxP6j2IkgWK49Ck7w:pwDbA3mRXDq4axFj4qu/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_1f0f6e2fa54af37dfd865c0f3fcef537_icedid_vidar

Files

2024-02-28_1f0f6e2fa54af37dfd865c0f3fcef537_icedid_vidar
.exe windows:5 windows x86 arch:x86

e0f38df687136bb022b6af1df73d3553

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Connect_MachineA
CM_Get_Sibling_Ex
CM_Get_DevNode_Registry_Property_ExA
CM_Locate_DevNode_ExA
CM_Get_Child_Ex
CM_Get_Device_IDA
CM_Locate_DevNodeA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Child
CM_Get_Sibling
CM_Get_Parent
CM_Disconnect_Machine
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetACP
GetStdHandle
SetHandleCount
HeapSize
ExitProcess
GetFileType
SetStdHandle
CreateThread
ExitThread
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapAlloc
VirtualQuery
GetSystemInfo
GetDateFormatA
GetTimeFormatA
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
FindResourceExA
SetErrorMode
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetStringTypeW
GlobalFlags
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
SuspendThread
SetThreadPriority
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GlobalReAlloc
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError
HeapCreate
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetVersionExA
GetVersion
GetDriveTypeA
SetEvent
GetExitCodeThread
TerminateThread
ReleaseSemaphore
CreateSemaphoreA
MulDiv
lstrcmpA
CreateEventA
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
GetCommTimeouts
SetCommTimeouts
GetCommState
SetCommState
MultiByteToWideChar
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindClose
Beep
WritePrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetFilePointerEx
WaitForSingleObject
GetExitCodeProcess
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
OutputDebugStringA
GetModuleFileNameA
GetComputerNameA
GetModuleHandleA
VirtualAlloc
VirtualFree
InitializeCriticalSection
SetFileAttributesA
GetFileAttributesA
CopyFileA
MoveFileA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
FormatMessageA
CreateFileW
LocalFree
DeviceIoControl
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
GetLastError
GetPrivateProfileStringA
WriteFile
Sleep
FindFirstFileA
lstrcpyA
lstrcatA
FindNextFileA
CreateFileA
SetFilePointer
CloseHandle
ReadFile
GetPrivateProfileIntA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateProcessA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
LocalUnlock
LocalLock
MoveFileExA
GetSystemDirectoryA
LocalAlloc

user32

PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
DestroyMenu
DestroyCursor
DestroyIcon
SetCursor
PostMessageA
TrackPopupMenuEx
SendMessageA
GetSubMenu
FillRect
GetSysColor
ReleaseDC
GetDC
CreateIconIndirect
GetIconInfo
LoadImageA
LoadMenuA
CopyRect
InflateRect
OffsetRect
FrameRect
DrawStateA
DrawFocusRect
SetMenu
MapWindowPoints
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
GetWindowRect
GetClientRect
ClientToScreen
InvalidateRect
GetActiveWindow
GetNextDlgTabItem
SetActiveWindow
GetLastActivePopup
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
CheckRadioButton
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
GetWindowThreadProcessId
CharUpperA
EndDialog
CreateDialogIndirectParamA
GetAsyncKeyState
MapDialogRect
ValidateRect
TranslateMessage
GetMessageA
PostQuitMessage
SetWindowContextHelpId
GetSysColorBrush
LoadCursorA
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
SetCapture
GetParent
WindowFromPoint
EnableWindow
GetWindowLongA
GetMessagePos
PtInRect
ScreenToClient
SetTimer
KillTimer
GetFocus
SetForegroundWindow
GetWindowTextA
IsWindowVisible
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetKeyState
SetWindowPos
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
SetWindowRgn
DrawEdge
GetNextDlgGroupItem
ReleaseCapture
GetCapture
GetCursorPos
IsWindow
RedrawWindow
LockWindowUpdate
SetWindowLongA
GetDesktopWindow
GetForegroundWindow
LoadBitmapA
CloseWindow
UpdateWindow
IsIconic
DrawIcon
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
GetSystemMetrics
RegisterHotKey
UnregisterHotKey
MessageBoxA

gdi32

SetTextColor
DeleteDC
GetStockObject
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetDeviceCaps
CreateDCA
SelectClipRgn
CombineRgn
CreateRectRgn
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetClipBox
MoveToEx
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
BitBlt
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetMapMode
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
SetBkColor
SelectObject
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
SetPixel
GetPixel
GetObjectA
CreateSolidBrush
CreateFontIndirectA
Rectangle
CreateFontA
StretchBlt
TextOutA
LineTo
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
VarBstrFromDate
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VarDateFromStr

odbc32

ord45
ord51
ord50
ord44
ord68
ord43
ord59
ord13
ord18
ord46
ord12
ord19
ord11
ord49
ord48
ord8
ord20
ord17
ord41
ord10
ord61
ord3
ord16
ord2
ord1
ord15
ord9
ord14
ord5

ws2_32

WSACleanup
htons
inet_addr
socket
send
recv
closesocket
gethostname
WSAStartup
connect

shlwapi

PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 925KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f38df687136bb022b6af1df73d3553

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

odbc32

ws2_32

shlwapi

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 925KB - Virtual size: 924KB

.data Size: 504KB - Virtual size: 534KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 925KB - Virtual size: 924KB

.data
Size: 504KB - Virtual size: 534KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB