2024-02-29_3ce0562d5a41b3b61542dc511d7ef387_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-29_3ce0562d5a41b3b61542dc511d7ef387_icedid
Size

2.8MB
MD5

3ce0562d5a41b3b61542dc511d7ef387
SHA1

0049e07cafadfe2373ffdb5f9aec5adc85eed2a0
SHA256

6236cc5f3309d10be8771ac45c24bbf94eb45f374aaf3f9e3bc376021b827ccd
SHA512

911a112d509c7a6c3bdb98b1761f8bd11d5959fac3bec569ce7a873549a5ad7676dede8acebd210331df2b2d2c052e9851c3ed861a4197ad2634348f28e51073
SSDEEP

24576:eGbkf815Fsyx/UhnsbCALr+R2flTLkAm0i9Fq5uAzqKTcj13H8GCpDPmUDw5GbK8:XxUg7L6R2flTZm0HyKs9H8GzUIG9Ma

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-29_3ce0562d5a41b3b61542dc511d7ef387_icedid

Files

2024-02-29_3ce0562d5a41b3b61542dc511d7ef387_icedid
.exe windows:4 windows x86 arch:x86

4ae00b2287191237679b0de4edc96a5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Data\VisualSourceSafe\DustKleen A\Release\DustKleen.pdb

Imports

kernel32

GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
ExitThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
GetFileInformationByHandle
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
SetErrorMode
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
InterlockedIncrement
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
SuspendThread
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
SetLastError
MulDiv
FormatMessageA
lstrcpynA
LocalFree
CreateEventA
GetTempFileNameA
SetFileAttributesA
MoveFileA
FreeLibrary
GetWindowsDirectoryA
FindFirstFileA
FindClose
FreeResource
DeleteFileA
CreateThread
TerminateThread
GetExitCodeThread
RaiseException
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetUserDefaultLangID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameA
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
WriteFile
CloseHandle
GetModuleHandleA
GetProcAddress
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
Sleep
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
PeekNamedPipe
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetEvent

user32

SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetForegroundWindow
GetDlgItemTextA
UnregisterClassA
KillTimer
SetDlgItemTextA
MessageBoxA
EndDialog
FindWindowExA
LoadAcceleratorsA
MonitorFromRect
GetMonitorInfoA
ClipCursor
LoadIconA
LoadCursorA
SetForegroundWindow
GetDesktopWindow
SetActiveWindow
SetTimer
EndPaint
BeginPaint
GetSystemMenu
GetSysColorBrush
ModifyMenuA
EnableMenuItem
CheckMenuItem
AppendMenuA
DialogBoxIndirectParamA
TranslateAcceleratorA
EqualRect
PtInRect
GetWindowPlacement
IsWindowVisible
ShowWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnumChildWindows
CreateWindowExA
SetWindowPos
GetMenu
AdjustWindowRect
GetDlgCtrlID
ScreenToClient
GetDlgItem
GetSystemMetrics
IsWindow
SetWindowLongA
RedrawWindow
LoadMenuA
LoadImageA
GetSysColor
GetSubMenu
TrackPopupMenuEx
SetCursor
DestroyCursor
DestroyMenu
GetWindowLongA
wsprintfA
RegisterClipboardFormatA
PostQuitMessage
WaitMessage
GetWindowThreadProcessId
ReleaseCapture
SetCapture
CreateDialogIndirectParamA
EnableWindow
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
GetIconInfo
CreateIconIndirect
PostThreadMessageA
GetDC
ReleaseDC
DrawStateA
DestroyIcon
PostMessageA
SubtractRect
UnionRect
IntersectRect
SetRectEmpty
SetRect
IsRectEmpty
LoadBitmapA
GetMenuCheckMarkDimensions
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckDlgButton
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetMenuItemBitmaps
GetFocus
UnhookWindowsHookEx

gdi32

GetDeviceCaps
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetROP2
SetMapMode
LineTo
MoveToEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
CreateRectRgn
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CombineRgn
FillRgn
Ellipse
CreateBrushIndirect
CreatePenIndirect
Polyline
CreateSolidBrush
CreatePen
SetStretchBltMode
StretchDIBits
CreateDIBSection
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
SetViewportExtEx
DeleteObject
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegEnumKeyA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantInit
VariantChangeType

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 564KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ae00b2287191237679b0de4edc96a5e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 564KB - Virtual size: 561KB

.rdata Size: 280KB - Virtual size: 279KB

.data Size: 132KB - Virtual size: 200KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 564KB - Virtual size: 561KB

.rdata
Size: 280KB - Virtual size: 279KB

.data
Size: 132KB - Virtual size: 200KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB