2024-03-13_5259ef3f4334b9e17d8a8ac0a3ee120b_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_5259ef3f4334b9e17d8a8ac0a3ee120b_icedid
Size

228KB
MD5

5259ef3f4334b9e17d8a8ac0a3ee120b
SHA1

e3b02b5b9d148a8f0644e7184a3cad304952a4f7
SHA256

a6b29473d59df949d4a511faa694c89bc0e98c859133a5417792e7d03de9c144
SHA512

041f6d53f57663f3071202d16af954b6d589ac04c19b93927f53fa33bcfdd7706ed098a8a43e0c3dbc29f669cb38fc70d15b8429838b104959608211b60e4f4a
SSDEEP

6144:g2zWqBKwG53lm3U9ylqrYo3OVKIEPbt37aQx:5zD8z5W7KIEDtraQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_5259ef3f4334b9e17d8a8ac0a3ee120b_icedid

Files

2024-03-13_5259ef3f4334b9e17d8a8ac0a3ee120b_icedid
.exe windows:4 windows x86 arch:x86

f85bae2ce20c98360618afc642e2e956

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Samsung\SPS3.0\NetworkingWizard\$$$\OpenEntry\Release\OpenEntry.pdb

Imports

kernel32

ConvertDefaultLocale
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetCurrentThreadId
GetCurrentThread
SizeofResource
LockResource
LoadResource
CloseHandle
GetVersion
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalUnlock
GlobalFlags
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
LocalFree
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetVersionExA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
SetErrorMode
ExitProcess
RtlUnwind
TerminateProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
LCMapStringA
SetStdHandle
EnumResourceLanguagesW
SetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
FreeLibrary
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
GetLastError
HeapAlloc
HeapFree

rasdlg

RasDialDlgW

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

advapi32

RegCloseKey

user32

AdjustWindowRectEx
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetForegroundWindow
DestroyMenu
GetMenuCheckMarkDimensions
CallNextHookEx
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetParent
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
ShowWindow
GetDlgItem
GetSystemMetrics
GetSysColorBrush
GetMenuItemID
GetSubMenu
GetSysColor
ReleaseDC
GetDC
UnhookWindowsHookEx
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetMenuItemCount
GetCapture
ClientToScreen
SetMenuItemBitmaps
GetFocus
GetMenuState
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
EnableMenuItem
CheckMenuItem

gdi32

DeleteObject
SaveDC
RestoreDC
GetClipBox
SetMapMode
SetTextColor
SetBkColor
GetDeviceCaps
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
PtVisible
CreateBitmap

winspool.drv

ClosePrinter

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f85bae2ce20c98360618afc642e2e956

Headers

File Characteristics

PDB Paths

Imports

kernel32

rasdlg

comctl32

shlwapi

oleaut32

advapi32

user32

gdi32

winspool.drv

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 28KB - Virtual size: 26KB

.yrdata Size: 68KB - Virtual size: 68KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 28KB - Virtual size: 26KB

.yrdata
Size: 68KB - Virtual size: 68KB