2024-03-13_65e206be2ffbf9ad2531dc2e6b54f200_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_65e206be2ffbf9ad2531dc2e6b54f200_icedid
Size

1.8MB
MD5

65e206be2ffbf9ad2531dc2e6b54f200
SHA1

239b427a00d26f2dccfa9eef9ee62310846e53e8
SHA256

dc4d053eb6d0f91316e38bf9382f842de0a85a5ca2d6e82bd12fb53ff54fd454
SHA512

55d494bb517d5ce9538f36d6080069f87cd93560935cacd8d3a6bf056f74f5a6dbde33a3f57dd728f1a6f1cbfee10630f0e2cd4ace2f8c7085ca669476a2e553
SSDEEP

49152:HPEaU/ezHzFrdymRTDfu5T3cDLr8TI0fX7k:HPEaZHxrdNRTDfuBcYXY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_65e206be2ffbf9ad2531dc2e6b54f200_icedid

Files

2024-03-13_65e206be2ffbf9ad2531dc2e6b54f200_icedid
.exe windows:4 windows x86 arch:x86

aba519336da3b7b440b206736e9c4b64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
select
inet_addr
connect
send
recv
sendto
ioctlsocket
gethostbyname
ntohs
recvfrom
socket
setsockopt
htonl
htons
bind
listen
inet_ntoa
closesocket

winmm

timeGetTime
PlaySoundA

shlwapi

StrStrIA
PathUnquoteSpacesA
PathRemoveArgsA
PathGetArgsA
StrStrIW
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

wininet

InternetCloseHandle
GetUrlCacheEntryInfoA
InternetReadFile
InternetGetCookieA
InternetCombineUrlA
InternetOpenA
InternetOpenUrlA
InternetQueryDataAvailable

zrc

zrc_ensure_disconnect
zrc_monitor_process
zrc_ensure_connect
zrc_buddy_unset
zrc_init
zrc_connect_preset
zrc_valid_nick
zrc_ensure_pm
zrc_buddy_set

iwadpatcher

patch_iwad2
patch_iwad_to2

kernel32

GetPrivateProfileIntA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
OpenProcess
GetProfileStringA
LocalFree
FormatMessageA
FreeResource
lstrcmpW
GlobalFindAtomA
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
DeleteFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
CreateFileA
FindFirstFileA
GetFullPathNameA
FindNextFileA
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
lstrcmpA
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetFileAttributesA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SystemTimeToFileTime
SetErrorMode
LocalFileTimeToFileTime
SetFileAttributesA
GetCurrentDirectoryA
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
CreateDirectoryA
ExitThread
CreateThread
GetTimeFormatA
GetDateFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
RaiseException
GetProcessHeap
GetStartupInfoA
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCommandLineA
GetVolumeInformationA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexA
GlobalGetAtomNameA
GlobalDeleteAtom
CreateProcessA
OpenMutexA
CloseHandle
GetVersionExA
MulDiv
GetTempFileNameA
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcessId
GetTempPathA
GetWindowsDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
WinExec
GlobalAddAtomA
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetProcAddress
LoadLibraryA
Sleep
GetModuleHandleA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetStringTypeExA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
FindClose

user32

AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
IsWindowVisible
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetLastActivePopup
GetForegroundWindow
GetFocus
GetClassLongA
CallNextHookEx
SetWindowsHookExA
IsChild
WinHelpA
SendDlgItemMessageA
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDlgButtonChecked
IsDialogMessageA
GetWindowDC
WindowFromPoint
InflateRect
SetCursorPos
DestroyCursor
GetMenuItemInfoA
IsRectEmpty
DrawIcon
SetWindowRgn
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
GetWindowThreadProcessId
LoadMenuA
ReuseDDElParam
UnpackDDElParam
ValidateRect
GetMessageA
PostQuitMessage
ShowOwnedPopups
DefMDIChildProcA
DrawMenuBar
GetSysColorBrush
UnregisterClassA
CopyAcceleratorTableA
SetRect
InvalidateRgn
CharNextA
MapDialogRect
SetWindowContextHelpId
SetParent
RegisterClipboardFormatA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
PostThreadMessageA
GetScrollPos
SetScrollPos
GetMenuState
GetDlgItemTextA
IsCharLowerA
IsCharUpperA
GetWindowTextLengthA
DialogBoxParamA
EndDialog
OpenClipboard
EmptyClipboard
EqualRect
CloseClipboard
PeekMessageA
DispatchMessageA
TranslateMessage
GetAsyncKeyState
DrawIconEx
EnumChildWindows
SystemParametersInfoA
DrawEdge
FrameRect
CopyRect
SetWindowPos
GrayStringA
DrawTextExA
TabbedTextOutA
IsWindow
RedrawWindow
SetWindowTextA
GetWindowTextA
GetKeyState
RegisterWindowMessageA
DestroyMenu
GetActiveWindow
DestroyIcon
LoadIconA
SetForegroundWindow
IsZoomed
IsIconic
GetMenu
ModifyMenuA
GetSubMenu
GetMenuStringA
GetMenuItemID
DeleteMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetSystemMetrics
KillTimer
SetTimer
GetClassNameA
GetWindow
GetParent
SetPropA
GetWindowLongA
LoadCursorA
SetCursor
GetCapture
InvalidateRect
SetCapture
ClientToScreen
PtInRect
UpdateWindow
GetPropA
CallWindowProcA
SetWindowLongA
RemovePropA
SetDlgItemTextA
DestroyWindow
ShowWindow
CreateWindowExA
SetFocus
ScreenToClient
CheckMenuItem
CreatePopupMenu
GetDlgItem
FindWindowA
PostMessageA
BeginPaint
EndPaint
MoveWindow
GetClientRect
FillRect
GetSysColor
LoadBitmapA
GetDC
ReleaseDC
DrawTextA
GetMenuItemCount
RemoveMenu
AppendMenuA
GetCursorPos
TrackPopupMenu
wsprintfA
LoadImageA
GetWindowRect
MessageBoxA
MessageBeep
SendMessageA
EnableWindow
CharUpperA
CharLowerA
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
SetClipboardData
GetNextDlgTabItem
ReleaseCapture

gdi32

StretchBlt
SetStretchBltMode
StretchDIBits
CreateSolidBrush
CreateRectRgn
PtVisible
SetBitmapBits
GetBitmapBits
CreateFontIndirectA
CreateCompatibleBitmap
SetMapMode
GetStockObject
SetBkMode
CreatePen
MoveToEx
LineTo
GetObjectA
CreateCompatibleDC
SelectObject
DeleteDC
RectVisible
TextOutA
ExtTextOutA
Escape
GetDeviceCaps
GetTextExtentPoint32A
GetClipBox
SetBkColor
CreateBitmap
SaveDC
RestoreDC
CreateFontA
SetTextColor
ExcludeClipRect
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SelectClipRgn
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
PatBlt
CreateEllipticRgn
LPtoDP
Ellipse
GetCharWidthA
GetTextMetricsA
SetRectRgn
CombineRgn
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
IntersectClipRect
BitBlt
DeleteObject

comdlg32

GetFileTitleA
ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegSetValueExA

shell32

ExtractIconA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
SHGetDesktopFolder
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRegisterMessageFilter
CoTaskMemAlloc
CLSIDFromString
OleFlushClipboard

oleaut32

SafeArrayCreate
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 772KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 848KB - Virtual size: 846KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba519336da3b7b440b206736e9c4b64

Headers

File Characteristics

Imports

wsock32

winmm

shlwapi

wininet

zrc

iwadpatcher

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Sections

.text Size: 772KB - Virtual size: 770KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 28KB - Virtual size: 228KB

.rsrc Size: 848KB - Virtual size: 846KB

.text
Size: 772KB - Virtual size: 770KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 28KB - Virtual size: 228KB

.rsrc
Size: 848KB - Virtual size: 846KB