2024-03-14_efc7c7aeb504e45934b717cd9a959a97_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_efc7c7aeb504e45934b717cd9a959a97_icedid
Size

366KB
MD5

efc7c7aeb504e45934b717cd9a959a97
SHA1

5165e7f1265169412b68fdf93536a4bdb3b74d51
SHA256

888f3e399e3d7a9883e7c622ec5a52c919a27c0347fefdc32bd670ede1b1015f
SHA512

dda920d4bbd8a21e5de21ab15cbd6968811b87eac926b92d8f3c8940874c65950db10bc7d0a36905d298459288a05878fa88a136cc60d5c866b59eb784591bb6
SSDEEP

6144:UVl8TlbLqW7HbOUXwE6nJieuz1WuErd+QyZCBNpsW3i++RsjO7IBqxbI99:vT8UXwJYz1/5ZCBNpYsjO7IBAy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-14_efc7c7aeb504e45934b717cd9a959a97_icedid

Files

2024-03-14_efc7c7aeb504e45934b717cd9a959a97_icedid
.exe windows:5 windows x86 arch:x86

6da6cc1b05173092414fba7b23f93aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharToOemBuffA
RegisterClipboardFormatA
OemToCharA
DdeGetData
DdeCmpStringHandles
PostMessageA
SendMessageA
MapDialogRect
GetSystemMetrics
EnableWindow
UpdateWindow
DdeInitializeA
wsprintfA
DdeDisconnect
DdeQueryStringA
DdeKeepStringHandle
DdeFreeStringHandle
DdeFreeDataHandle
DdeCreateDataHandle
DdeCreateStringHandleA
DdeEnableCallback
DdePostAdvise
DdeNameService
DdeUninitialize
MessageBeep
SetForegroundWindow
GetNextDlgGroupItem
InvalidateRgn
SetRect
SetWindowContextHelpId
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetWindowThreadProcessId
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
CopyAcceleratorTableA
CharNextA
CharUpperA
SetActiveWindow
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemInfoA
InflateRect
UnregisterClassA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
ReleaseCapture
LoadCursorA
SetCapture
KillTimer
SetTimer
ClientToScreen
SetWindowRgn
DrawIcon
FillRect
IsRectEmpty
InvalidateRect
UnhookWindowsHookEx
GetWindow
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
PtInRect
CopyRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
MessageBoxA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetClientRect
IsWindowVisible
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
ScrollWindow
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
IsWindow
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
PostThreadMessageA

lccom32

??0LCC32XCnapProtocol@@QAE@PAVLCC32Channel@@PBD@Z
??2LCC32XCnapProtocol@@SAPAXI@Z
?Open@LCC32SerialPortChannel@@QAEKHKEEE@Z
??0LCC32SerialPortChannel@@QAE@PBD_N0@Z
??2LCC32SerialPortChannel@@SAPAXI@Z
??1HCAttribList@@UAE@XZ
?LogOnOffWait@LCC32MiscClient@@QAEJ_NAAVHCAttribList@@@Z
?LocalRefreshWait@LCC32MiscClient@@QAEJEG_N0AAVHCAttribList@@@Z
??0HCAttribList@@QAE@XZ
?Next@HCAttribList@@QBE_NAAVHCAttrConstSearchInfo@@@Z
?UShort@HCAttribute@@QBEGXZ
??AHCAttribute@@QBEABV0@J@Z
??DHCAttrConstSearchInfo@@QAEABVHCAttribute@@XZ
?Id@HCAttribute@@QBEJXZ
?First@HCAttribList@@QBE_NAAVHCAttrConstSearchInfo@@@Z
?DetectBaudrate@LCC32XCnapProtocol@@QAEKPAKH@Z
??CHCAttrConstSearchInfo@@QAEPBVHCAttribute@@XZ
??1HCAttrConstSearchInfo@@UAE@XZ
?Search@HCAttribList@@QBE_NJAAVHCAttrConstSearchInfo@@@Z
?ReadAPPTTWait@LCC32MiscClient@@QAEJAAVHCAttribList@@@Z
??0HCAttrConstSearchInfo@@QAE@XZ
??1HCDynamicMemory@@UAE@XZ
??1HCAttribute@@UAE@XZ
?String@HCAttribute@@QBEXAAVHCDynamicMemory@@@Z
?Float@HCAttribute@@QBEMXZ
?Bool@HCAttribute@@QBE_NXZ
?Byte@HCAttribute@@QBEEXZ
?ULong@HCAttribute@@QBEKXZ
??0HCAttribute@@QAE@ABV0@@Z
?Resize@HCDynamicMemory@@QAEXKE@Z
??0HCDynamicMemory@@QAE@_NK@Z
?SetBaudrate@LCC32SerialPortChannel@@QAEKK@Z
?ConnectReceiver@LCC32MsgClient@@QAEXPAVHCMessageReceiver@@@Z
??3LCC32SerialPortChannel@@SAXPAX@Z
??3LCC32XCnapProtocol@@SAXPAX@Z
?DisconnectReceiver@LCC32MsgClient@@QAEXPAVHCMessageReceiver@@@Z
?Record@HCAttribute@@QBEPBVHCAttribList@@XZ
?WriteDpAttrWait@LCC32DataPointClient@@QAEJGEGPBUATTR_INFO@@HAAVHCAttribList@@@Z
?ReadParameterWait@LCC32RaclClient@@QAEJGEG_NAAVHCAttribList@@@Z
?Clear@HCAttribList@@QAEXXZ
?GetPasswordWait@LCC32MiscClient@@QAEJAAVHCAttribList@@@Z
?ReadControllerInfoWait@LCC32MiscClient@@QAEJAAVHCAttribList@@@Z
??AHCAttribList@@QBEABVHCAttribute@@J@Z
?LocalRefresh@LCC32MiscClient@@QAEKEG_N0PAX@Z
?WriteZRegisterWait@LCC32RaclClient@@QAEJGEGABUVALUE@@AAVHCAttribList@@@Z
?WriteParameterWait@LCC32RaclClient@@QAEJGEGABUVALUE@@EAAVHCAttribList@@@Z
?ReadZRegisterWait@LCC32RaclClient@@QAEJGEGAAVHCAttribList@@@Z
?CommByUAWait@LCC32DataPointClient@@QAEJEEPBDEPBEAAVHCAttribList@@@Z
?GetStatus@LCC32XCnapProtocol@@QAEJXZ
?ReadDpAttrWait@LCC32DataPointClient@@QAEJGEGEPBEAAVHCAttribList@@@Z

careconf

?getLCBPortDumpFile@ccfg@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

kernel32

CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
GetModuleFileNameA
GetCurrentProcessId
GlobalAlloc
GlobalLock
InterlockedExchange
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalFree
GlobalUnlock
WritePrivateProfileStringA
MulDiv
LocalFree
FormatMessageA
LoadLibraryA
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetModuleHandleW
FileTimeToSystemTime
GetFileAttributesA
GetFileTime
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
Sleep
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetLastError
MultiByteToWideChar
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleA
GetProcAddress
lstrcmpA
WideCharToMultiByte
GetTickCount
lstrcpyA
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAddAtomA
CreateEventA
SetEvent
CloseHandle

gdi32

ScaleWindowExtEx
GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
Ellipse
LPtoDP
CreateEllipticRgn
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey

shell32

DragQueryFileA
DragFinish

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

Exports

Exports

?DDEServerCallback@CDDEServer@@CGPAUHDDEDATA__@@IIPAUHCONV__@@PAUHSZ__@@1PAU2@KK@Z

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6da6cc1b05173092414fba7b23f93aff

Headers

DLL Characteristics

File Characteristics

Imports

user32

lccom32

careconf

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 262KB - Virtual size: 262KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 11KB - Virtual size: 25KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 262KB - Virtual size: 262KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 25KB - Virtual size: 25KB