2024-03-11_cbfa771a7308922fb03facf041ff3af5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-11_cbfa771a7308922fb03facf041ff3af5_icedid
Size

5.3MB
MD5

cbfa771a7308922fb03facf041ff3af5
SHA1

ea68fac17261c55e7d33f2f25cf79e479af12bff
SHA256

4dda9a2338648181543dda13c8297070f0a0f833899c6ca65e4f3769b284b313
SHA512

922945766b09b92961166f9bcee2e79369551fd96b82bec72effbedc8a65221395188a73bd4d5d9a76df3dc40abe235ec89ccaa2b4cfd5cb12cb24348f45b2fb
SSDEEP

98304:R/zUW79+8uyXLrYWZVpIAGTODkWl1hqmG2CJTZESI9pdmd:RoWw8uyPVSmG5vC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_cbfa771a7308922fb03facf041ff3af5_icedid

Files

2024-03-11_cbfa771a7308922fb03facf041ff3af5_icedid
.exe windows:5 windows x86 arch:x86

30e03f04c7bb2be9982d4ac2e38f719d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\work\2014年软件\XT+PSU\Release\XtremeTuner Plus.pdb

Imports

dxosd

?InitMasterWnd@HookControl@@QAE_NPAUHWND__@@@Z
?SetOsdInf@HookControl@@QAEXPB_W@Z
?DX11_Shared@@3UHookControl@@A

mposd

?InitMasterWnd@OsdShared@@QAE_NPAUHWND__@@@Z
?SetOsdInf@OsdShared@@QAEXPBD@Z
?HookCBT_Uninstall@OsdShared@@QAE_NXZ
?sg_Shared@@3UOsdShared@@A

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
LCMapStringA
WriteConsoleA
HeapAlloc
WriteConsoleW
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
GetModuleHandleW
GetLastError
LoadLibraryW
GetProcAddress
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
FindFirstFileW
FindClose
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentThreadId
Sleep
GetCurrentProcess
ResumeThread
GetVersionExW
GetFileAttributesW
CreateDirectoryW
CopyFileW
DeleteFileW
Beep
GetLocalTime
SuspendThread
TerminateProcess
WideCharToMultiByte
CreateProcessW
GetExitCodeProcess
CreateThread
ExitThread
GetStartupInfoW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GetConsoleOutputCP
WinExec
InterlockedExchange
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
lstrlenW
GetSystemDefaultLangID
MultiByteToWideChar
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
ReadFile
CreateEventW
SetEvent
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
lstrlenA
lstrcmpA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
GetSystemDirectoryW
GetCurrentProcessId
FormatMessageW
LocalFree
MulDiv
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
SetLastError
GetModuleHandleA
LoadLibraryA
GlobalFree
FlushFileBuffers
WriteFile
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileW
OutputDebugStringW

user32

GetNextDlgGroupItem
SetRectEmpty
InvalidateRgn
CopyAcceleratorTableW
SetRect
UnregisterClassW
GetSysColorBrush
IsRectEmpty
CharUpperW
ShowOwnedPopups
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
DestroyMenu
GetMenuItemInfoW
CharNextW
InflateRect
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
RemovePropW
SetFocus
GetWindowTextLengthW
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
ShowScrollBar
UpdateWindow
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindow
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EqualRect
SystemParametersInfoW
AdjustWindowRect
PtInRect
GetDlgItemTextA
SetWindowLongW
AnimateWindow
EnumWindows
GetWindowTextA
GetAsyncKeyState
GetFocus
FillRect
GetCapture
WindowFromPoint
ClientToScreen
IsWindowVisible
GetDlgCtrlID
GetClassNameW
GetDlgItem
EnumChildWindows
IsWindow
GetWindowTextW
PostThreadMessageW
wsprintfW
ChildWindowFromPoint
ScreenToClient
DrawIcon
IsIconic
AppendMenuW
GetSystemMenu
GetWindowThreadProcessId
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
ShowWindow
RegisterClipboardFormatW
UnpackDDElParam
ReuseDDElParam
FindWindowW
ReleaseDC
DefWindowProcW
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
GetScrollPos
MessageBeep
SetForegroundWindow
GetForegroundWindow
KillTimer
GetDC
SetCursor
LoadCursorW
SetPropW
CheckMenuItem
EnableMenuItem
GetMenuItemID
ModifyMenuW
GetSubMenu
LoadMenuW
GetCursorPos
SetWindowRgn
SetWindowPos
GetWindowPlacement
GetSystemMetrics
GetWindowLongW
LoadImageW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetKeyState
PostMessageW
SetCapture
GetClientRect
ReleaseCapture
LoadBitmapW
GetPropW
GetParent
DrawFocusRect
GetUpdateRect
InvalidateRect
SetTimer
GetWindowRect
SendMessageW
EnableWindow
DeferWindowPos

gdi32

AddFontResourceW
DeleteDC
SetDIBColorTable
CreateDIBSection
StretchBlt
GetDIBColorTable
CreatePen
CreateSolidBrush
CreateRoundRectRgn
GetTextMetricsW
SetBkColor
SetTextColor
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
SetMapMode
LineTo
MoveToEx
EnumFontFamiliesW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
GetTextColor
CreateEllipticRgn
GetRgnBox
Ellipse
Polyline
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreatePolygonRgn
CreateRectRgn
GetBitmapBits
DeleteObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
CreateBitmap
GetObjectW
SelectObject
GetBkColor
BitBlt
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegDeleteValueW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitiateSystemShutdownW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
OpenProcessToken

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
StrStrIW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SysStringLen
VariantChangeType
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

urlmon

URLDownloadToFileW

wsock32

bind
htons
WSACleanup
closesocket
socket
WSAStartup
accept
recv
send
listen

gdiplus

GdipCloneBrush
GdipDeleteBrush
GdipDeleteFont
GdipDeleteStringFormat
GdipGraphicsClear
GdipReleaseDC
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRect
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawString
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdiplusShutdown
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM

winmm

waveOutGetDevCapsW
waveOutGetNumDevs

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent

Sections

.text
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30e03f04c7bb2be9982d4ac2e38f719d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dxosd

mposd

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wsock32

gdiplus

winmm

ws2_32

Sections

.text Size: 912KB - Virtual size: 912KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 22KB - Virtual size: 363KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

.text
Size: 912KB - Virtual size: 912KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 22KB - Virtual size: 363KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB