2024-03-12_8b7ab309b347779d0acddb30356b33c8_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-12_8b7ab309b347779d0acddb30356b33c8_icedid
Size

663KB
MD5

8b7ab309b347779d0acddb30356b33c8
SHA1

620777c3811b68edffbc7c64acf4c4e58b9b2506
SHA256

38751007ccf2bdb32661b8f5503fe2fdb0b4aa58837274fbebfb8605d9be230f
SHA512

4eac348d10b6e3e7bae2812ad2e8ce499ab9f5de406b192b73fe8f18f18a8c143bf14f3947f620af08c79dbe5dba52df0141955d5bcb47da1b58d854656c7a45
SSDEEP

12288:Z8/cOky2IPRb0+c5tAC03UR1lmXPnsgfl0KuSFxfLNF59C+Q9yW5VAtB/3hLe45Q:O/cOky2IPRVc5tAC0e1lmXPnsgfl0BCK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-12_8b7ab309b347779d0acddb30356b33c8_icedid

Files

2024-03-12_8b7ab309b347779d0acddb30356b33c8_icedid
.exe windows:5 windows x86 arch:x86

caf8a2f42bc28bb751c8b199150ee91a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\01_Project\v8600\CMSvr\CMSvr\Exe\CMSvr.pdb

Imports

gvftservice

_GvFts_ReceiveData@12
_GvFts_NotifyDisconnect@4
_GvFts_NotifyNewConnect@4
_GvFts_Release@0
_GvFts_NotifySend@16
_GvFts_Initialize@4

gvport

GetGeoSvrName
IsGeoPortLocal
IsGeoPort
GvDisableApFirewall

gvserverdll

?StopServer@@YAHXZ
?StartServer@@YAHIP6GHPBD@Z@Z

ipcsvr

IPCSvrFreeSendBuff
IPCSvrAllocSendBuff
StartIPCSvr
IPCSvrChangeCodec
IPCSvrSendRawData
IPCIsMulticamRun
StopIPCSvr
UninitIPCSvr
InitIPCSvr
IPCStopService

passdll

GetCurUser_64
ChecknCleanASBit
GetPrivilege_64
SetAutoStartBits
CheckOptionDlg_64
CheckOptionDlg

routercontrol

_ReleaseUPnPControl@4
_IsSupportUPnP@4
_CreateUPnPControl@0

rssserver

?StopRSSServer@@YAHXZ
?StartRSSServer@@YAHP6GHPBD0@ZP6GHXZ@Z

kernel32

GetFileSizeEx
GetFileTime
GetModuleFileNameW
lstrcmpA
InterlockedExchange
CompareStringA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomA
FreeResource
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetModuleHandleW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
UnhandledExceptionFilter
GetStartupInfoA
HeapReAlloc
VirtualAlloc
ReadFile
ExitProcess
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetTimeZoneInformation
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
IsDebuggerPresent
WriteFile
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteProcessMemory
GetCurrentProcess
VirtualProtect
GetProcAddress
LoadLibraryA
FreeLibrary
VirtualQuery
GetModuleFileNameA
CloseHandle
GetCurrentProcessId
GetThreadLocale
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
Sleep
LocalAlloc
ProcessIdToSessionId
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
GetFileAttributesA
CreateToolhelp32Snapshot
Process32First
Process32Next
ExpandEnvironmentStringsA
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
MoveFileExA
CreateProcessA
FormatMessageA
LocalFree
WinExec
GetDiskFreeSpaceExA
ResetEvent
DeleteFileA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetSystemDefaultLangID
GetTickCount
OpenMutexA
OutputDebugStringA
GetVersionExA
GetModuleHandleA
GetSystemInfo
GetVersion
OpenEventA
ReleaseMutex
CreateMutexA
WaitForMultipleObjects
CreateThread
CopyFileA
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetCurrentThreadId
GetCurrentDirectoryA
CreateEventA
SetEvent
OpenProcess
WaitForSingleObject
WritePrivateProfileStringA
TerminateProcess
FindFirstFileA
GetPrivateProfileIntA
FindNextFileA
FindClose
SetErrorMode
SetUnhandledExceptionFilter
GetLocalTime
CreateDirectoryA
CreateFileA

user32

CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
CreateWindowExA
GetClassInfoExA
GetNextDlgGroupItem
RegisterClassA
GetDesktopWindow
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
ReleaseDC
GetDC
GetClientRect
CopyRect
IsWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetParent
EnableMenuItem
CheckMenuItem
TranslateAcceleratorA
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
InvalidateRect
LoadAcceleratorsA
ReleaseCapture
DestroyMenu
LoadMenuA
ReuseDDElParam
UnpackDDElParam
WindowFromPoint
IsZoomed
SetRect
PostQuitMessage
UnhookWindowsHookEx
InflateRect
GetMenuItemInfoA
PostThreadMessageA
RegisterClipboardFormatA
AdjustWindowRectEx
CharNextA
ScreenToClient
MessageBeep
UnregisterClassA
GetClassInfoA
GetSysColorBrush
IsWindowVisible
SetForegroundWindow
PostMessageA
ShowWindow
IsIconic
FindWindowA
SetWindowTextA
SendMessageA
DrawFocusRect
FillRect
GetSysColor
GetFocus
DrawTextA
EnableWindow
GetSystemMetrics
GetSubMenu
ModifyMenuA
LoadIconA
UpdateWindow
FlashWindow
CloseWindow
SetTimer
KillTimer
GetCursorPos
SetCursor
LoadCursorA
GetMenuItemCount
CharUpperA
GetMenuState
GetMenuItemID

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ExcludeClipRect
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
GetCharWidthA
StretchDIBits
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
CreateFontIndirectA
GetTextColor
GetRgnBox
GetMapMode
IntersectClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
GetObjectA
CreateFontA
SetBkColor
ScaleViewportExtEx
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
IsWellKnownSid
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
GetTokenInformation
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

DragFinish
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
Shell_NotifyIconA
ord165
SHCreateDirectoryExA
DragQueryFileA
SHFileOperationA
ord680
SHGetSpecialFolderPathA

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathFileExistsA
SHGetValueA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemAlloc
CreateILockBytesOnHGlobal
CoGetClassObject
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantCopy
SysFreeString
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VarBstrFromDate
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
SysAllocString
GetErrorInfo
SafeArrayDestroy
VariantInit

iphlpapi

GetAdaptersInfo

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

inet_ntoa
inet_addr
htonl
ntohl

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caf8a2f42bc28bb751c8b199150ee91a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gvftservice

gvport

gvserverdll

ipcsvr

passdll

routercontrol

rssserver

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

wtsapi32

userenv

ws2_32

Sections

.text Size: 480KB - Virtual size: 479KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 480KB - Virtual size: 479KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 64KB - Virtual size: 63KB