ffdroider | 2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber
Size

6.1MB
MD5

0001a63eaab01779eb06a240cd5fdf8b
SHA1

b60e7d24f091ad351d97fdcc7fc11ff7c45b562a
SHA256

a24743dbcee924a3d96a505f0e16515b147b74bccbed765562d59570edb2bdcc
SHA512

5878a2fe96e2c7bcf3e2cd215c1e2317f27b585cf4fd8e345504c720dc1430865d176b7faec38d40029399420febe994db7d37b7eca8e5adc37bc2acea84ad46
SSDEEP

196608:W62uK6qA6XWIkvLZH7MjOc8Tjfj3ugw30AF+sd4UFLOyomFHKnP6jEkX6Zzfa7C:Wd+UFwk

Score

10^/10

ffdroider

Malware Config

Signatures

FFDroider payload 1 IoCs

resource	yara_rule
sample	family_ffdroider

Ffdroider family
ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber

Files

2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber
.exe windows:5 windows x86 arch:x86

00ca7eafac871dfbdffd5a11c10e53a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
VirtualFree
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InterlockedDecrement
TryEnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetFullPathNameW
GetFullPathNameA
HeapCompact
MapViewOfFile
UnmapViewOfFile
SwitchToThread
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetVersionExW
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetTickCount
SignalObjectAndWait
SystemTimeToFileTime
CreateTimerQueue
SetEndOfFile
Sleep
LoadLibraryExA
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FreeResource
GetModuleHandleA
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAddAtomW
lstrcpyW
EncodePointer
GlobalFindAtomW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindClose
DuplicateHandle
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTempFileNameW
VirtualProtect
GetProfileIntW
SearchPathW
FindResourceExW
GetUserDefaultLCID
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitProcess
GetModuleHandleExW
ExitThread
GetTimeZoneInformation
GetCommandLineW
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetThreadTimes
GetExitCodeThread
FindNextFileW
FindFirstFileW
CreateFileA
LoadLibraryExW
WideCharToMultiByte
GetVolumeInformationW
CopyFileW
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
CreateMutexW
GetFileSize
WaitForSingleObject
GetCurrentProcessId
GetCurrentProcess
VirtualQuery
OutputDebugStringA
CreateProcessW
ContinueDebugEvent
WaitForDebugEvent
ReadProcessMemory
TerminateThread
TerminateProcess
LoadLibraryW
FreeLibrary
CreateFileW
OutputDebugStringW
CloseHandle
SetFilePointer
ReadFile
WriteFile
CreateThread
MultiByteToWideChar
GetPrivateProfileStringW
FindResourceW
LoadLibraryA
SizeofResource
LoadResource
GetProcAddress
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

comctl32

InitCommonControlsEx

gdi32

GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
GetPixel
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
CreatePolygonRgn
Polygon
Polyline
CopyMetaFileW
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
DeleteDC
GetClipBox
ExcludeClipRect
Escape
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
Ellipse
GetObjectType
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCW
ScaleWindowExtEx
GetTextMetricsW
GetTextFaceW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipBitmapLockBits

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

msimg32

TransparentBlt
AlphaBlend

ole32

CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoInitialize
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleRun

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

oledlg

OleUIBusyW

quartz

AMGetErrorTextW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetFolderPathA

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFileExistsW
PathRemoveFileSpecW

user32

GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
EqualRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
InvalidateRect
LoadCursorW
IntersectRect
RealChildWindowFromPoint
SendDlgItemMessageA
CopyImage
DeleteMenu
SetTimer
KillTimer
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBeep
SetLayeredWindowAttributes
SetRectEmpty
EnumDisplayMonitors
SetParent
MonitorFromPoint
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
UpdateLayeredWindow
GetUpdateRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
EndDeferWindowPos
ReuseDDElParam
RegisterClipboardFormatW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
GetKeyNameTextW
SubtractRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
DestroyCursor
GetWindowRgn
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
wsprintfW
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
MessageBoxW
GetDesktopWindow
SendMessageW
IsIconic
EnableWindow
GetSystemMetrics
GetSystemMenu
AppendMenuW
DrawIcon
GetClientRect
LoadIconW
wsprintfA
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
CopyRect
MapDialogRect
DestroyMenu
UnhookWindowsHookEx
PtInRect
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
UnpackDDElParam
RegisterWindowMessageW
GetMenuItemInfoW

uxtheme

GetCurrentThemeName
IsAppThemed
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeColor

winhttp

WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpReceiveResponse

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetQueryOptionW

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

ws2_32

socket
WSAStartup
recv
accept
bind
closesocket
htonl
send
htons
listen

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

gu_idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

gu_rsrcs
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00ca7eafac871dfbdffd5a11c10e53a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

gdiplus

imm32

msimg32

ole32

oleacc

oledlg

quartz

shell32

shlwapi

user32

uxtheme

winhttp

wininet

winmm

winspool.drv

ws2_32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 500KB - Virtual size: 500KB

.data Size: 112KB - Virtual size: 112KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 260KB - Virtual size: 260KB

gu_idata Size: 15KB - Virtual size: 16KB

gu_rsrcs Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 500KB - Virtual size: 500KB

.data
Size: 112KB - Virtual size: 112KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 260KB - Virtual size: 260KB

gu_idata
Size: 15KB - Virtual size: 16KB

gu_rsrcs
Size: 1.4MB - Virtual size: 1.4MB