2024-03-13_a5f68142d4af6d8639dc3a4a309d138c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_a5f68142d4af6d8639dc3a4a309d138c_icedid
Size

912KB
MD5

a5f68142d4af6d8639dc3a4a309d138c
SHA1

acdd8444ff732edf868f9f05300c44b7806c159c
SHA256

595b9ef00e14c39dbcba7c34775acefbac8f0543451d8adf8980ab4edb49accd
SHA512

ae1217b5c1d77b3f2085c260611cd3aff9f9d7c82bebe39296e079e62c9ff9730140a6e297fe577c8089c56b2caff299723fb51b1f34765c4338c12db89f5cfc
SSDEEP

12288:XcAW0pDoWvs4usGbuX1z2OqYDfOwHdPjra879TN095wV:sAxsEB28bTUw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_a5f68142d4af6d8639dc3a4a309d138c_icedid

Files

2024-03-13_a5f68142d4af6d8639dc3a4a309d138c_icedid
.exe windows:4 windows x86 arch:x86

00aa1b347fa23f831e576798f4860727

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
FlushInstructionCache
VirtualQuery
GetWindowsDirectoryA
GetModuleFileNameA
CompareStringA
GlobalFlags
GlobalDeleteAtom
SetEnvironmentVariableA
GetDriveTypeA
IsBadCodePtr
IsBadReadPtr
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStartupInfoA
SetHandleCount
LoadLibraryA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
LCMapStringA
GetSystemInfo
VirtualProtect
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetOEMCP
TerminateProcess
ExitProcess
HeapSize
ExitThread
GetFileType
SetStdHandle
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetVersionExA
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetVersion
SuspendThread
SetThreadPriority
FileTimeToLocalFileTime
FindClose
ReleaseMutex
lstrlenA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
ResumeThread
LocalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetTickCount
GetFileTime
GetFileSize
CompareFileTime
FileTimeToSystemTime
SystemTimeToFileTime
ReadFile
ReleaseSemaphore
GetSystemTime
WaitForMultipleObjects
ResetEvent
GetCommandLineW
GetCurrentThreadId
Sleep
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedIncrement
CreateThread
WaitForSingleObject
CloseHandle
SetEvent
InterlockedDecrement
GetLastError
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetThreadLocale
GetLocaleInfoA
GetACP
GetCommandLineA
CreateFileA

advapi32

RegCloseKey
ImpersonateLoggedOnUser
LogonUserW
RevertToSelf

user32

ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
TranslateMessage
CallNextHookEx
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
IsWindowEnabled
GetParent
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
UnhookWindowsHookEx
GetForegroundWindow
GetCapture
ShowWindow
DestroyMenu
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDlgItem
ClientToScreen
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetFocus
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetWindowPos
GetLastActivePopup

gdi32

GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
DeleteObject
RectVisible
PtVisible
ScaleWindowExtEx

winspool.drv

ClosePrinter

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoUninitialize
StringFromCLSID
OleRun
CoCreateGuid
CLSIDFromProgID
CoUnmarshalInterface
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoInitialize

oleaut32

VariantInit
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VariantCopy
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
GetErrorInfo
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

comctl32

ord17

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW

ws2_32

gethostbyname
htonl
listen
select
recv
send
inet_addr
WSAEventSelect
WSACleanup
WSAGetLastError
WSAStartup
htons
socket
bind
closesocket
accept
gethostbyaddr

shell32

SHGetFolderPathW

Sections

.text
Size: 648KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00aa1b347fa23f831e576798f4860727

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

winspool.drv

oleacc

ole32

oleaut32

rpcrt4

comctl32

shlwapi

ws2_32

shell32

Sections

.text Size: 648KB - Virtual size: 644KB

.rdata Size: 224KB - Virtual size: 221KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 648KB - Virtual size: 644KB

.rdata
Size: 224KB - Virtual size: 221KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 16KB - Virtual size: 13KB