2024-03-11_a4da10997cb7b1c7df08e57c003cd4cc_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-11_a4da10997cb7b1c7df08e57c003cd4cc_icedid
Size

17.2MB
MD5

a4da10997cb7b1c7df08e57c003cd4cc
SHA1

b075758d0ae4f4bc9c3d10c1e0dd1b7b87781ed5
SHA256

e9edb1349b0bd62927da621a3b1f40c99165ff04548e1cd02fbbc28f30d42ed8
SHA512

0972d13d4d72138a87b96b3271a2503c00bf21678bd08c0f86c2e237d468f39c72c07ff729949cf37fbd3809a36dccd7afe17d63141a56e4721fc9070b6f3858
SSDEEP

196608:Xp6jusXHibqlco0PyCymOigawCiDHABI7F4+MBT/BPP1SEuH8:X2Hibmco0PbvF/YHABI7F4+MBTNP1W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_a4da10997cb7b1c7df08e57c003cd4cc_icedid

Files

2024-03-11_a4da10997cb7b1c7df08e57c003cd4cc_icedid
.exe windows:4 windows x86 arch:x86

81af72653060f176de65480bdc83c098

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

secur32

GetUserNameExA

urlmon

URLDownloadToFileA

wininet

InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable
InternetErrorDlg
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
HttpOpenRequestA
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback

kernel32

GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
FormatMessageW
DeleteFileW
CreateMutexW
CreateFileMappingW
CreateFileW
AreFileApisANSI
InterlockedCompareExchange
VirtualQuery
RtlUnwind
GetTimeFormatA
GetDateFormatA
ExitThread
RemoveDirectoryA
GetFileType
IsBadWritePtr
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
IsBadCodePtr
GetLocaleInfoW
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetStringTypeExA
Sleep
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetTempPathA
GetTickCount
MulDiv
PulseEvent
OpenEventA
DeleteFileA
GetTempFileNameA
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
UnmapViewOfFile
CloseHandle
SetLastError
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
LocalFree
FormatMessageA
GetExitCodeProcess
CreateEventA
GetLongPathNameA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualFree
VirtualAlloc
SetThreadPriority
GetCurrentThread
GetUserDefaultLCID
GlobalFree
ResumeThread
SuspendThread
GetSystemTime
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
QueryPerformanceFrequency
GetThreadTimes
GlobalMemoryStatusEx
PeekNamedPipe
GetACP
InterlockedExchange
GlobalReAlloc
SetEnvironmentVariableA
CreateProcessA
GetStartupInfoA
CreateDirectoryA
SetThreadLocale
GetCPInfoExA
GetUserDefaultLangID
CopyFileA
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
CreateThread
lstrcpynA
GetModuleHandleA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
FindClose
FindNextFileA
FindFirstFileA
lstrcpyA
GetModuleFileNameA
GetFileAttributesA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
SetEvent
GetProfileIntA
MoveFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
CreateFileA
GetShortPathNameA
SystemTimeToFileTime
LocalUnlock
LocalLock
LocalAlloc
lstrcmpA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFileTimeToFileTime
SetFileAttributesA
VirtualProtect
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
FindResourceExA
GetCurrentDirectoryA
HeapFree
GetProcessHeap
TerminateThread
ExitProcess
HeapAlloc
GetCommandLineA
HeapValidate
GetLogicalDrives
GetDriveTypeA
GetFileInformationByHandle
GetDiskFreeSpaceExA
SetCurrentDirectoryA
IsBadReadPtr
GetBinaryTypeA
GetLocalTime
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalMemoryStatus
WritePrivateProfileSectionA
OutputDebugStringW
UnlockFileEx
QueryPerformanceCounter
LockFileEx
LoadLibraryW
HeapCompact
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetVersionExW
GetTempPathW
GetSystemInfo
GetFullPathNameW

user32

GetMenuStringA
CallWindowProcA
GetWindowLongA
SetWindowLongA
PostQuitMessage
GetDlgItem
MapDialogRect
ShowWindow
EnumWindows
DrawIconEx
CreatePopupMenu
PostThreadMessageA
LoadAcceleratorsA
GetDlgCtrlID
LoadImageA
IntersectRect
RegisterWindowMessageA
GetForegroundWindow
AttachThreadInput
SetWindowPos
DestroyIcon
GetWindowThreadProcessId
GetWindowPlacement
RegisterClassA
SetFocus
SystemParametersInfoA
LoadIconA
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
IsZoomed
IsIconic
CheckMenuRadioItem
GetMenuState
GetMenuItemID
WindowFromPoint
GetFocus
RedrawWindow
ReleaseCapture
IsClipboardFormatAvailable
CloseClipboard
RegisterClipboardFormatA
OpenClipboard
MoveWindow
IsWindowEnabled
EmptyClipboard
DefWindowProcA
GetMenuCheckMarkDimensions
CheckMenuItem
BeginPaint
EndPaint
SetWindowPlacement
SetCapture
ClientToScreen
LoadStringA
DrawMenuBar
GetMenu
SetMenuItemBitmaps
RemoveMenu
InsertMenuA
MapVirtualKeyA
GetMenuItemCount
AppendMenuA
GetClassInfoA
GetMessageA
GetSystemMenu
SetForegroundWindow
IsWindow
SetCursorPos
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UpdateWindow
GetWindowDC
CopyRect
GetAsyncKeyState
GetKeyState
ValidateRect
LoadMenuA
ModifyMenuA
GetSubMenu
EnableMenuItem
DeleteMenu
FillRect
FindWindowA
SetClipboardData
GetClipboardData
LoadBitmapA
PostMessageA
GetCursorPos
SetCursor
InflateRect
GetSysColor
GetSystemMetrics
PeekMessageA
SetScrollInfo
GetScrollInfo
AdjustWindowRectEx
ShowScrollBar
GetScrollPos
GetScrollRange
TrackPopupMenu
TrackPopupMenuEx
MessageBoxA
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
SetActiveWindow
TranslateMessage
DispatchMessageA
LoadCursorA
SetScrollRange
SetScrollPos
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetClientRect
OffsetRect
EqualRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
GetClassNameA
EnableWindow
GetCaretPos
GetParent
GetWindow
GetDesktopWindow
IsWindowVisible
GetWindowRect
SendMessageA
UnregisterClassA
CharUpperA
GetLastActivePopup
GetWindowTextA
GetWindowTextLengthA
IsChild
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetCapture
WinHelpA
CheckDlgButton
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetActiveWindow
wsprintfA
TranslateAcceleratorA
SetMenu
BringWindowToTop
InsertMenuItemA
DestroyMenu
ReuseDDElParam
UnpackDDElParam
GetMenuItemInfoA
MessageBeep
GetTabbedTextExtentA
DrawIcon
SetWindowRgn
GetIconInfo
CreateIconIndirect
DrawFocusRect
DrawStateA
FrameRect
ClipCursor
DrawEdge
InvertRect
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
GetNextDlgGroupItem
LockWindowUpdate
GetDCEx
CharNextA
InvalidateRgn
GetDialogBaseUnits
WaitMessage
SetWindowContextHelpId
ShowOwnedPopups
GetSysColorBrush
CreateMenu
CopyAcceleratorTableA
SetParent
UnionRect
SetMenuItemInfoA
DestroyCursor

gdi32

SetPixel
GetCurrentObject
EnumFontFamiliesExA
GetRgnBox
GetWindowOrgEx
GetTextFaceA
GetTextAlign
GetTextColor
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
AbortDoc
SetAbortProc
EndPage
StartPage
CreateFontA
StretchDIBits
CreateEllipticRgn
GetCharWidthA
GetTextMetricsA
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreatePatternBrush
ExtSelectClipRgn
PolylineTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocA
GetPixel
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CopyMetaFileA
CreateSolidBrush
PatBlt
DeleteDC
DeleteObject
CreatePen
EndDoc
Rectangle
Ellipse
GetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
GetDeviceCaps
CreateFontIndirectA
SetDIBits
GetObjectA
GetStockObject
GetTextExtentPoint32A
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

ReplaceTextA
CommDlgExtendedError
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
FindTextA

winspool.drv

EnumPrintersA
EnumMonitorsA
GetPrinterDriverA
ord201
GetPrinterA
SetPrinterA
GetJobA
OpenPrinterA
DocumentPropertiesA
EnumPortsA
ClosePrinter

advapi32

GetSecurityInfo
GetNamedSecurityInfoA
BuildTrusteeWithSidA
GetEffectiveRightsFromAclA
ConvertStringSidToSidA
LookupAccountNameA
QueryServiceConfigA
RegCloseKey
RegCreateKeyExA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegSetValueA
RegOpenKeyA
SetFileSecurityA
GetFileSecurityA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA
CloseEventLog
ReadEventLogA
GetOldestEventLogRecord
OpenEventLogA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
RegDeleteKeyA
GetLengthSid
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor

shell32

ShellExecuteA
ExtractIconExA
DuplicateIcon
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetFolderPathA
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA
ExtractIconA

comctl32

ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Draw
ImageList_SetOverlayImage
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_Remove
ord17
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_SetImageCount
_TrackMouseEvent
ImageList_ReplaceIcon

shlwapi

PathUnquoteSpacesA
PathRemoveBlanksA
PathAddBackslashA
PathAddExtensionA
PathFindFileNameA
PathAppendA
PathFileExistsA
PathRenameExtensionA
PathGetArgsA
SHGetValueA
SHCopyKeyA
PathRemoveFileSpecA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathCompactPathA
PathCanonicalizeA
PathRemoveArgsA
PathRemoveExtensionA
PathStripPathA
PathIsNetworkPathA

oledlg

ord8

ole32

CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
OleGetClipboard
CoTaskMemFree
CreateStreamOnHGlobal
DoDragDrop
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateInstance
CLSIDFromString
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateGuid
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
StgOpenStorageOnILockBytes

oleaut32

SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayCreateVector
SysAllocString
OleCreateFontIndirect
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
VariantInit
VariantClear
VarUdateFromDate
VarBstrFromDate
SysAllocStringLen
SysFreeString
VarDateFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime

ws2_32

WSAAsyncSelect
ntohl
ntohs
WSAStartup
WSACleanup
closesocket
accept
socket
select
htonl
htons
inet_addr
bind
WSAGetLastError
WSASetLastError
connect
listen
recv
send
recvfrom
sendto

gdiplus

GdipDrawRectangle
GdipCombineRegionRectI
GdipCreatePen2
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipCreateFont
GdipCreateRegion
GdipFillRectangle
GdipGetClip
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipSaveAdd
GdipSaveAddImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageSelectActiveFrame
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromGdiDib
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipGetImageThumbnail
GdipDeleteBrush
GdipSetSolidFillColor
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteRegion
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateBitmapFromGraphics
GdipCreateSolidFill
GdipSetPenColor
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipSetInterpolationMode
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipSetPageUnit
GdipSetPageScale
GdipGetDpiX
GdipDrawRectangleI
GdipFillRectangleI
GdipFillRegion
GdipDrawString
GdipMeasureString
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipDrawImagePointsRectI

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

mpr

WNetGetUniversalNameA

netapi32

NetApiBufferFree
NetGetDCName
DsGetDcNameA

Exports

Exports

?GetNetData2@@YGXPADPAPAEH@Z
?GetNetData@@YGXHPAD@Z
?get_doc_type@@YAHPBD@Z
?get_ini_section@@YAHPBDPADH@Z
?get_user_img@@YAHPBDPADH@Z
?has_color@@YAHPAH@Z
?ncs_get_printmode@@YAHXZ
?setProgressPos@@YGXKJ@Z

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 904KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81af72653060f176de65480bdc83c098

Headers

File Characteristics

Imports

version

secur32

urlmon

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

gdiplus

oleacc

mpr

netapi32

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 8.1MB - Virtual size: 8.1MB

.data Size: 904KB - Virtual size: 1.4MB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 8.1MB - Virtual size: 8.1MB

.data
Size: 904KB - Virtual size: 1.4MB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB