2024-02-28_ac2bbb24c6ea7f24d7f63d5697d7b61e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_ac2bbb24c6ea7f24d7f63d5697d7b61e_icedid
Size

2.9MB
MD5

ac2bbb24c6ea7f24d7f63d5697d7b61e
SHA1

d616447784f561359fdf00bc36dd811e00b09104
SHA256

a9d187aa4a01dcbc5dd89e61f55a4ced21660f97cff9c80949a25be9d5be11fc
SHA512

c404df5c10b9ee68897f3f72659fb5d27b1eb1837cd0e8c37d0eb2cff7e985322eeb5e907dea061fb6600394c396679cf29d2ee5b97b77289939b6d53b5e6928
SSDEEP

49152:lNskMJ/xKCG5JjDbGoibtAdmyyIe2A33QFPfDXi78bdfMr8b6ypKyaW2dBoSKt8v:lN/MeDbBiEmyyp33QFPfDXi78bd0r85k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_ac2bbb24c6ea7f24d7f63d5697d7b61e_icedid

Files

2024-02-28_ac2bbb24c6ea7f24d7f63d5697d7b61e_icedid
.exe windows:5 windows x86 arch:x86

291c79ebeb8c34da23437d4c58610518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\FPS32\EFT GOLD\Release\EFT Gold.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

ExitProcess
ExitThread
CreateThread
HeapFree
GetCommandLineA
GetStartupInfoA
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
InitializeCriticalSectionAndSpinCount
CreateDirectoryA
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
SetErrorMode
GetSystemDirectoryW
LoadLibraryW
FindResourceExA
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleHandleW
GlobalFlags
GetShortPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
LocalLock
LocalUnlock
VirtualProtect
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcessId
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FreeLibrary
GetModuleFileNameW
FreeResource
OpenFileMappingA
CreateEventA
SetEvent
GlobalAlloc
GlobalLock
lstrcmpiA
QueryPerformanceCounter
GetComputerNameA
Sleep
WaitForSingleObject
MultiByteToWideChar
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
FormatMessageA
lstrlenA
LocalAlloc
LocalFree
GetTimeZoneInformation
MulDiv
lstrcpyA
GetModuleFileNameA
GetTickCount
ReadFile
CreateFileA
CreateFileMappingA
MapViewOfFile
OutputDebugStringA
InterlockedDecrement
GlobalUnlock
GlobalFree
UnmapViewOfFile
CloseHandle
WriteFile
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapCreate

user32

LockWindowUpdate
CharUpperA
WaitMessage
IsZoomed
SetParent
GetSystemMenu
GetTabbedTextExtentA
DestroyCursor
SetWindowRgn
DrawIcon
IsRectEmpty
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetMenuItemInfoA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
TranslateAcceleratorA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
TabbedTextOutA
FillRect
MoveWindow
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDCEx
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextLengthA
GetScrollPos
SetScrollPos
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
RemoveMenu
CreateDialogIndirectParamA
DestroyWindow
IsWindow
IsWindowEnabled
GetNextDlgTabItem
FindWindowA
SetForegroundWindow
LoadImageA
SetActiveWindow
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
MessageBeep
CloseClipboard
SetClipboardData
OpenClipboard
GetClassNameA
GetFocus
BringWindowToTop
LoadCursorA
SetCursor
PtInRect
SetMenuItemInfoA
GetMenuItemCount
AppendMenuA
DeleteMenu
DialogBoxParamA
ShowWindow
SetFocus
GetWindowLongA
SetWindowLongA
GetDlgItemInt
CreateMenu
PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetDlgItemInt
GetWindowTextA
CharNextA
DestroyIcon
UnregisterClassA
GetSysColorBrush
BeginDeferWindowPos
IsWindowVisible
GetClientRect
CopyRect
OffsetRect
EndDialog
GetWindow
RegisterWindowMessageA
GetDlgItem
SetWindowTextA
GetSystemMetrics
IntersectRect
InflateRect
SetRect
DrawFrameControl
DrawTextA
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
GetActiveWindow
LoadMenuA
GetSubMenu
EnableMenuItem
RedrawWindow
ReleaseCapture
WindowFromPoint
GetParent
GetDesktopWindow
SetCapture
UpdateWindow
ClientToScreen
GetWindowRect
MessageBoxA
LoadIconA
GetCursorPos
PostMessageA
ScreenToClient
SendMessageA
EnableWindow
MapWindowPoints

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
SetViewportOrgEx
DPtoLP
ExtTextOutA
CreateEllipticRgn
Ellipse
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetViewportOrgEx
Rectangle
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
EnumFontFamiliesExA
PatBlt
Escape
SetTextAlign
MoveToEx
LineTo
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
StretchDIBits
SelectPalette
GetCharWidthA
RealizePalette
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDIBColorTable
GetStockObject
GetTextExtentPoint32A
Arc
CreateFontA
GetDeviceCaps
CreateDCA
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
DeleteDC
CreateHalftonePalette
DeleteObject
CreatePalette
SetStretchBltMode

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
GetJobA
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegSetValueA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA
DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA
ShellExecuteExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
IsAccelerator
OleTranslateAccelerator
CoRevokeClassObject
OleDestroyMenuDescriptor

oleaut32

VariantTimeToSystemTime
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SafeArrayDestroyDescriptor
SysAllocStringLen
VarDateFromStr
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrFromDate
SysFreeString
VarUdateFromDate
SystemTimeToVariantTime
GetErrorInfo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

291c79ebeb8c34da23437d4c58610518

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 17KB - Virtual size: 33KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB