2024-03-09_005d99a7377c1645a5a7d9bf028365c1_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-09_005d99a7377c1645a5a7d9bf028365c1_icedid
Size

332KB
MD5

005d99a7377c1645a5a7d9bf028365c1
SHA1

8645941e0a6d1bfd92e5fc643fa45f9bb974392c
SHA256

2a895bf24a4966df288ef8c4439c88f136c6e845dcd7d7dfc9d0a3b8f151d60a
SHA512

3cf89294542f0485fc70dd72296942b5231e577fc1eeef1903fd869f25f91ca3a648fb5beaf1750d08d75b5aab7e20757a12f57b37dd7be1bbff70b4e99a9701
SSDEEP

6144:KEu5EIm/t8n9Bc+RQy7fuFLCuP53jLLQpUVmNGsd:w9Bc+77fuFeuP53jfQgmNGsd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-09_005d99a7377c1645a5a7d9bf028365c1_icedid

Files

2024-03-09_005d99a7377c1645a5a7d9bf028365c1_icedid
.exe windows:5 windows x86 arch:x86

3cc2d232899c681a839dee7f1e5952b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFlags
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetModuleHandleA
GlobalFindAtomW
CompareStringW
GetVersionExA
InterlockedDecrement
MulDiv
GlobalUnlock
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GlobalLock
LoadLibraryA
GetLocalTime
WritePrivateProfileSectionW
GetModuleFileNameW
IsDBCSLeadByteEx
FormatMessageW
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetPrivateProfileSectionW
MoveFileExW
GetProcAddress
GetVersionExW
SetFileAttributesW
GetTickCount
Sleep
DeleteFileW
LoadLibraryW
GetUserDefaultUILanguage
WriteProfileStringW
GetPrivateProfileStringW
GetWindowsDirectoryW
WritePrivateProfileStringW
lstrcatW
LocalAlloc
LocalFree
lstrcpynW
GlobalAlloc
GlobalFree
GetProfileStringW
GetSystemDirectoryW
SetLastError
FreeLibrary
lstrlenW
GetLastError
lstrcmpiW
FindFirstFileW
FindClose
MultiByteToWideChar
lstrlenA
lstrcpyW
lstrcmpW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
SetHandleCount

user32

UnregisterClassW
GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
PeekMessageW
SendMessageTimeoutW
wsprintfW
GetActiveWindow
MessageBoxW
LoadBitmapW
OffsetRect
ScreenToClient
GetClientRect
LoadIconW
GetSystemMenu
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
SendMessageW
EnableWindow
GetWindowRect
PtInRect
FindWindowW
SetForegroundWindow
GetWindowTextW

gdi32

DPtoLP
PtVisible
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
GetObjectW
GetStockObject
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
CreateFontIndirectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
SelectObject
DeleteDC
DeleteObject
RectVisible

winspool.drv

DeleteMonitorW
DeletePrinter
EnumPrinterDriversW
EnumPrintersW
ClosePrinter
GetPrinterW
OpenPrinterW
DocumentPropertiesW
DeletePrinterDriverW
DeletePrinterConnectionW
GetPrinterDriverDirectoryW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
StartServiceW
ControlService
QueryServiceStatus
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenServiceW
EnumDependentServicesW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

usxhrsg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 66KB - Virtual size: 66KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3cc2d232899c681a839dee7f1e5952b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

version

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 11KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

usxhrsg Size: 4KB - Virtual size: 4KB

Size: 66KB - Virtual size: 66KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB

usxhrsg
Size: 4KB - Virtual size: 4KB