2024-03-12_eff906fadc488fa3016592635d6afbe5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-12_eff906fadc488fa3016592635d6afbe5_icedid
Size

724KB
MD5

eff906fadc488fa3016592635d6afbe5
SHA1

4ee016286b0ecc918a7d58d18f8167d7e88608f0
SHA256

f1454f3b3cd9f9ce15479f6fabfaf4a761484254340b0599bbe526a91916ff45
SHA512

17d72dd9aff986e7b4f833b17bb0a020564b78532761bebad6ff4ad08fd951deced9aed2301526f9053819589f656b197c57bd9b14c6c97fccf61b7a36db06d2
SSDEEP

12288:gmcSpO7Yhr3gE7Gx7Syh6jxvmqrrgNt36q3pNfO:BcMAEg7FOxvvYtJ3pd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-12_eff906fadc488fa3016592635d6afbe5_icedid

Files

2024-03-12_eff906fadc488fa3016592635d6afbe5_icedid
.exe windows:4 windows x86 arch:x86

cbd76629fb456323651aec73db51e311

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
accept
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
listen
closesocket
bind
htonl
htons
WSACleanup
socket
WSAStartup
recv

gdiplus

GdipAlloc
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreatePen2
GdipDeletePen
GdipFree
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawLineI
GdipGraphicsClear
GdipDrawImageRectI
GdipSetClipRectI
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetImageEncodersSize
GdiplusShutdown
GdiplusStartup
GdipSetPenStartCap
GdipGetImageEncoders
GdipDisposeImage

kiccdsc

ord2

psapi

GetProcessMemoryInfo

kernel32

SetThreadPriority
SuspendThread
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetModuleFileNameA
InterlockedDecrement
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalFlags
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
lstrcmpA
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
HeapSize
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FormatMessageA
LocalFree
SetLastError
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
lstrcpyA
GetDiskFreeSpaceExA
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateProcessA
GetLastError
GetTickCount
GetVersionExA
InterlockedExchange
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
DeleteFileA
CreateDirectoryA
FindFirstFileA
CopyFileA
FindNextFileA
FindClose
ResetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
GetACP
MulDiv
GlobalFree
SetLocalTime
GetPrivateProfileStringA
WaitForSingleObject
Sleep
CreateEventA
SetEvent
CloseHandle
GetLocalTime
WritePrivateProfileStringA
OpenFile
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetPrivateProfileIntA
FreeLibrary
LoadLibraryA
OutputDebugStringA
GetProcAddress
GetThreadLocale
GetLocaleInfoA
RtlUnwind

user32

GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
wsprintfA
PostQuitMessage
SetCursor
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
LoadCursorA
DestroyMenu
CharNextA
IsRectEmpty
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
DrawTextExA
SendDlgItemMessageA
GetFocus
IsChild
GetWindowTextA
GetLastActivePopup
DispatchMessageA
EnableMenuItem
UnhookWindowsHookEx
ShowWindow
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetCapture
ReleaseCapture
PtInRect
CharUpperA
LoadIconA
InSendMessage
ReplyMessage
FindWindowA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
RemovePropA
GetMenuState
GetWindow
SetWindowPos
ShowCursor
InvalidateRect
CopyRect
FillRect
GetDC
ReleaseDC
GetParent
KillTimer
SetTimer
SendMessageA
GetForegroundWindow
SetFocus
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
RedrawWindow
GetSysColor
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetTopWindow
EnableWindow
SetRectEmpty
SetRect
LoadImageA
GetMessageTime
MoveWindow
IntersectRect

gdi32

MoveToEx
GetViewportExtEx
GetWindowExtEx
LineTo
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleBitmap
DeleteDC
GetDeviceCaps
CreateSolidBrush
BitBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectA
CreatePen
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA

comctl32

ord17

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
OleFlushClipboard

oleaut32

OleLoadPicture
VariantClear
SysAllocString
VariantInit
VariantChangeType
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect

Sections

.text
Size: 472KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbd76629fb456323651aec73db51e311

Headers

File Characteristics

Imports

ws2_32

gdiplus

kiccdsc

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 472KB - Virtual size: 468KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 472KB - Virtual size: 468KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 96KB - Virtual size: 95KB