Static task
static1
Behavioral task
behavioral1
Sample
2024-03-12_c3161775710aef7542268866c7780231_icedid_zxxz.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
2024-03-12_c3161775710aef7542268866c7780231_icedid_zxxz.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
2024-03-12_c3161775710aef7542268866c7780231_icedid_zxxz
-
Size
4.9MB
-
MD5
c3161775710aef7542268866c7780231
-
SHA1
e75fad83be9f571a2b2ba0d67dd114f24b5f7e44
-
SHA256
21cc283d5023fc1f698ae3f6f06c39d9cd14dc03e5a3a050fe410b817177a9d5
-
SHA512
4b78d4ce2f5fa274e13c578e4717144c2e72771914dfa9b6f9c1e8b988281036271ec4be048b97e09ceae8692a789e2f682d5897a59619ab3713aef167b53738
-
SSDEEP
98304:DwV1vQvYKg2IDSIeGnmIyRbVK0+Gw5sPkaxB:rvcSIKbVK0+Gw5s8axB
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-03-12_c3161775710aef7542268866c7780231_icedid_zxxz
Files
-
2024-03-12_c3161775710aef7542268866c7780231_icedid_zxxz.exe windows:4 windows x86 arch:x86
5b7097835b957c9e55b135509a02c160
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForMultipleObjects
GetLastError
ReadFile
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
FindClose
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
CreateFileA
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
FindFirstFileA
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
GetFileAttributesA
SetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
VirtualAlloc
CloseHandle
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalUnlock
DeviceIoControl
SetEvent
GetUserDefaultLCID
FindResourceA
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
GlobalDeleteAtom
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
MulDiv
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
GlobalReAlloc
GetTimeZoneInformation
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
TerminateThread
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
SetLastError
GetVersion
VirtualQuery
CreateMutexA
ReleaseMutex
SuspendThread
FlushFileBuffers
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
user32
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
wsprintfA
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetDC
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
AppendMenuA
CallNextHookEx
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
GetForegroundWindow
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
UpdateWindow
SetMenuItemBitmaps
GetMenuState
ModifyMenuA
CreateMenu
SetForegroundWindow
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
UnregisterClassA
LoadStringA
GetSysColorBrush
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
DestroyMenu
DefWindowProcA
EqualRect
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
GetKeyState
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
CheckMenuItem
GetWindowRect
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
CharUpperA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
GetWindowTextLengthA
GetWindowTextA
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
CreateAcceleratorTableA
CreatePopupMenu
GetClassLongA
ScreenToClient
SetWindowsHookExA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
SystemParametersInfoA
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
LoadImageA
EnumDisplaySettingsA
ClientToScreen
GetCapture
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetDesktopWindow
GetClassNameA
GetDlgItem
FindWindowExA
GetWindowTextA
GetForegroundWindow
GetWindowTextLengthA
CharUpperA
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
GetCursor
DrawTextA
SetPropA
MoveWindow
GetPropA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnregisterClassA
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
SetWindowTextA
GetTabbedTextExtentA
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
gdi32
PathToRegion
CreateEllipticRgn
SetStretchBltMode
CreateRectRgnIndirect
EndPath
BeginPath
GetDIBits
RealizePalette
SetBkColor
SaveDC
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
CreateRoundRectRgn
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
SetTextColor
SetROP2
GetClipRgn
SetBkMode
RestoreDC
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
SetPolyFillMode
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
SetViewportExtEx
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
GetTextMetricsA
GetMapMode
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDIBits
GetDeviceCaps
winmm
midiStreamClose
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutUnprepareHeader
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiStreamRestart
waveOutReset
midiOutReset
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
waveOutRestart
waveOutUnprepareHeader
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
advapi32
RegCreateKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey
RegCreateKeyExA
shell32
ShellExecuteA
Shell_NotifyIconA
DragAcceptFiles
DragFinish
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA
ole32
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleRun
CoCreateInstance
OleUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
oleaut32
RegisterTypeLi
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
SafeArrayGetUBound
VariantChangeType
VariantClear
SafeArrayGetLBound
SysAllocStringByteLen
SafeArrayGetElemsize
SysFreeString
UnRegisterTypeLi
OleCreateFontIndirect
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
VariantTimeToSystemTime
SysAllocStringLen
SysStringLen
LoadTypeLi
comctl32
ImageList_Destroy
ord17
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ImageList_Read
ImageList_DrawIndirect
ImageList_Duplicate
ws2_32
WSAAsyncSelect
recvfrom
closesocket
WSACleanup
inet_ntoa
accept
getpeername
recv
ioctlsocket
inet_ntoa
ntohl
accept
getpeername
WSACleanup
recv
ioctlsocket
recvfrom
closesocket
WSAAsyncSelect
comdlg32
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
msimg32
GradientFill
oledlg
ord8
wldap32
ord29
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 232KB - Virtual size: 560KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 184KB - Virtual size: 183KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ