2024-03-11_f457e827ce51bfb266f2de99ac639790_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-11_f457e827ce51bfb266f2de99ac639790_icedid
Size

2.7MB
MD5

f457e827ce51bfb266f2de99ac639790
SHA1

19e3a1680f19682d79e2ecb1357e5997f9546894
SHA256

4231faf2dde479dc2e28039977bcdd85f5d27b83f0065ebba889edc1460e8160
SHA512

862fb8d2b03e9c76570df67b0e72d8056264d2373a76194c9cb8abb9c854692bf6b08785c1f0640eae26bbbcbeeccefe63f5caa276fb39b84d174565e82cca94
SSDEEP

49152:WggYgsaKXDVmOH9Gj/44aKXDVmOH9Gj8HaKXDVmOH9Gjg:WggVVKZpKOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_f457e827ce51bfb266f2de99ac639790_icedid

Files

2024-03-11_f457e827ce51bfb266f2de99ac639790_icedid
.exe windows:4 windows x86 arch:x86

3316a946598d6fd3347a465cd58b9470

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\rajashen\Installer_WIN\Source\REL\Installer_V4\CommonInstaller\CommonInstaller3\release\totalUninstaller.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupOpenInfFileW
SetupGetStringFieldW
SetupGetLineCountW
SetupGetLineTextW
SetupCloseInfFile
SetupGetLineByIndexW

kernel32

GetVersion
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
SetErrorMode
GetFileAttributesW
lstrlenA
WritePrivateProfileStringW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
EnumResourceLanguagesW
HeapReAlloc
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
SuspendThread
SetThreadPriority
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetModuleHandleA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrlenW
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
InterlockedDecrement
CompareFileTime
GetFileTime
MoveFileExW
WriteFile
GetTimeFormatW
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
SetEndOfFile
GetStdHandle
CreateFileW
GetVersionExW
LocalFree
WideCharToMultiByte
FormatMessageW
SetInformationJobObject
OpenJobObjectW
RemoveDirectoryW
GetTempFileNameW
ReleaseMutex
CreateMutexW
GetTempPathW
SetLastError
GetTickCount
WaitForMultipleObjects
OpenProcess
QueryInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
GetCurrentProcess
IsProcessInJob
GetExitCodeThread
Sleep
GetExitCodeProcess
CreateDirectoryW
SetFileAttributesW
CopyFileW
FreeResource
GlobalUnlock
GlobalLock
ResumeThread
SetEvent
CreateEventW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
TerminateProcess
CloseHandle
WaitForSingleObject
GetModuleFileNameW
GetLastError
GlobalFree
GetUserDefaultUILanguage
DeleteFileW
FindResourceW
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
RaiseException

user32

SetCursor
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetMenuState
GetWindowThreadProcessId
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CharUpperW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetParent
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetSysColor
SetTimer
DestroyMenu
GetSysColorBrush
LoadCursorW
IsIconic
MessageBoxW
GetFocus
LoadImageW
DestroyIcon
DrawIconEx
GetIconInfo
PostMessageW
IsWindow
LoadBitmapW
ReleaseDC
InvalidateRect
RedrawWindow
GetSystemMetrics
GetWindowRect
SendMessageW
EnableWindow
LoadIconW
GetClientRect
FillRect
GetDC
UnregisterClassW
GetDlgItem
UnregisterClassA
DispatchMessageW

gdi32

DeleteDC
CreateBitmap
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
CreateFontIndirectW
GetObjectW
CreatePen
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
PtVisible

comdlg32

GetFileTitleW

winspool.drv

GetPrinterDriverDirectoryW
EnumPrinterDriversW
EnumPrintersW
OpenPrinterW
DeletePrinter
ClosePrinter
DeletePrinterDriverW
DocumentPropertiesW

advapi32

RegSetValueExW
RegQueryValueW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyW

shell32

SHGetFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW
ExtractIconW
ord680
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

SHDeleteEmptyKeyW
PathFileExistsW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
SHDeleteKeyW
PathFindFileNameW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

VariantChangeType
VariantInit
VariantClear

gdiplus

GdipImageGetFrameCount
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipGetImageWidth
GdipGetImageHeight
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromStreamICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipDisposeImage
GdipImageGetFrameDimensionsList
GdipAlloc
GdipFree

Exports

Exports

?CI3_Wow64@@YAAAVCWow64@@XZ

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3316a946598d6fd3347a465cd58b9470

Headers

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.zero
Size: 4KB - Virtual size: 3KB