2024-03-14_a9712887320231cc47f0fed508250100_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_a9712887320231cc47f0fed508250100_icedid
Size

2.5MB
MD5

a9712887320231cc47f0fed508250100
SHA1

9e7c4972eaaa5ebabc88e035242da0ce857bf309
SHA256

30f46f064bac6c5f6e3c1c439dcdde61d7ae9f1c6ad7b847fdda2cb7dd5e78ad
SHA512

c4a3163be91b1295ee532d52cd44c48843f9c2225f54a1dfdc69e2e1399de32b7afd38e51130fd3f68dd63b870efea062644dea64b8ce917614853699ddc2969
SSDEEP

49152:D6+D468PlJTi6UiIGeX6iOC7EC6Fz/SeVXV2TZnCG1:3D46uVi6UhGi6iOC7EC6Fz/SSXVynCG1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-14_a9712887320231cc47f0fed508250100_icedid

Files

2024-03-14_a9712887320231cc47f0fed508250100_icedid
.exe windows:4 windows x86 arch:x86

83ab1a5d6dfa722714004519e1dd0dda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\PC Software\北京现代平安开发\RecWebServer\release\RecWebServer.pdb

Imports

sqlite3

sqlite3_column_int
sqlite3_column_double
sqlite3_column_name16
sqlite3_column_type
sqlite3_open16
sqlite3_errmsg16
sqlite3_column_count
sqlite3_column_text16
sqlite3_prepare16
sqlite3_busy_timeout
sqlite3_finalize
sqlite3_step
sqlite3_close

kernel32

QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
VirtualQuery
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
RaiseException
lstrcpynW
LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
CreateFileW
SetFilePointer
ExitProcess
RtlUnwind
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
FileTimeToLocalFileTime
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentDirectoryW
ReadFile
WriteFile
CloseHandle
GetFileSize
LoadLibraryW
GetProcAddress
DeleteFileW
FreeLibrary
WideCharToMultiByte
GetACP
GetLocalTime
Sleep
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
GetTickCount
GetVersionExW
MultiByteToWideChar
GetDateFormatW
GetTimeFormatW
CreateDirectoryW
InitializeCriticalSection
GetExitCodeThread
TerminateThread
DeleteCriticalSection
MoveFileW
GetLastError
WaitForSingleObject
GlobalMemoryStatus
GetSystemInfo
GetVolumeInformationW
WinExec
SetLastError
VirtualFree
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetFullPathNameW
GetFileTime
GetFileAttributesW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedIncrement
GetVersion
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
ResumeThread
SetThreadPriority
InterlockedDecrement
lstrlenA
lstrcmpA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetModuleHandleA
GlobalFree
FormatMessageW
LocalFree
lstrlenW
MulDiv
ClearCommError
SetCommState
SetupComm
GetCommState
CreateEventW
SetCommTimeouts
FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetDiskFreeSpaceExW
ReleaseMutex
GlobalUnlock
GlobalLock
GetModuleFileNameW
GlobalAlloc
SetUnhandledExceptionFilter
CopyFileW

user32

PostQuitMessage
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
SetMenu
TranslateAcceleratorW
ValidateRect
DestroyMenu
GetMenuItemInfoW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapVirtualKeyW
GetKeyNameTextW
SetCursorPos
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
InflateRect
WindowFromPoint
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
SendDlgItemMessageA
RegisterClipboardFormatW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
MapDialogRect
DrawEdge
GetDoubleClickTime
IsWindowUnicode
GetWindowLongA
SetWindowLongA
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetScrollPos
GetScrollPos
IsWindowVisible
GetMenu
SetWindowContextHelpId
ShowOwnedPopups
UnregisterClassW
IsRectEmpty
GetSystemMenu
UnionRect
DestroyIcon
CharUpperW
CharNextW
CopyAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RegisterClassW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetDCEx
WinHelpW
wsprintfW
RegisterWindowMessageW
SendMessageW
GetClientRect
GetParent
GetSysColor
GetMessageW
TranslateMessage
KillTimer
DispatchMessageW
GetKeyState
ReleaseCapture
GetDC
EnableWindow
PtInRect
ReleaseDC
SetRect
SetRectEmpty
DrawFrameControl
TranslateMDISysAccel
DrawMenuBar
UnregisterClassA
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuState
GetMenuStringW
InsertMenuW
GetMenuItemCount
PostThreadMessageW
SetDlgItemTextA
GetDlgItemTextA
AppendMenuW
CreatePopupMenu
ClientToScreen
MessageBoxW
ShowWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetFocus
GetWindowDC
SystemParametersInfoW
SetWindowRgn
SendMessageTimeoutW
LookupIconIdFromDirectoryEx
SetClassLongW
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
DrawIconEx
CreateIconFromResourceEx
CreateIconIndirect
GetIconInfo
HideCaret
ShowCaret
GetWindowRgn
InvertRect
IsMenu
DrawStateW
GetMenuDefaultItem
IsClipboardFormatAvailable
DrawFocusRect
WaitMessage
GetClassInfoW
GetCursor
OffsetRect
DefWindowProcW
LoadCursorW
SetCursor
SetCapture
DestroyCursor
LoadBitmapW
GetSysColorBrush
DrawTextW
SetActiveWindow
SetParent
FindWindowW
GetClassNameW
LoadIconW
GetMenuItemID
LoadImageW
PostMessageW
LoadMenuW
SetForegroundWindow
GetCursorPos
EnableMenuItem
SetMenuDefaultItem
ModifyMenuW
GetSubMenu
DeleteMenu
GetSystemMetrics
LockWindowUpdate
CopyRect
SetWindowLongW
GetWindowLongW
FillRect
UpdateWindow
DefWindowProcA
CallWindowProcA
EnableScrollBar
InvalidateRect
CopyIcon
SetTimer
IsWindow
GetWindowRect
RedrawWindow
EnumWindows

gdi32

GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateRectRgnIndirect
SetRectRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
GetCharWidthW
StretchDIBits
GetTextMetricsW
Ellipse
GetBkColor
GetTextColor
GetRgnBox
SetStretchBltMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
PtInRegion
Rectangle
CreateBitmap
GetPixel
BitBlt
FillRgn
StretchBlt
DeleteObject
CreateFontIndirectW
GetObjectW
CreatePolygonRgn
CreateSolidBrush
GetStockObject
GetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
CombineRgn
GetDIBits
SelectObject
DeleteDC
SetBkMode
SetViewportExtEx
CreatePen
Polygon
SetPixel
GetCurrentObject
CreateDIBSection
EnumFontFamiliesExW
GetBitmapBits
ExtCreateRegion
Polyline
OffsetRgn
GetTextCharsetInfo
GetWindowOrgEx
RoundRect
SetBrushOrgEx
CreatePalette
CreateDIBitmap
SetTextColor

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW

shell32

DragFinish
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetMalloc
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_GetImageInfo

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VarDateFromStr
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantInit
SysAllocString
VariantCopy
VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi
SystemTimeToVariantTime
SysFreeString

ws2_32

WSACleanup
WSAStartup
WSAAccept
listen
bind
closesocket
recvfrom
connect
inet_addr
send
htons
socket
gethostbyname
sendto
WSASocketW
recv
gethostname

wininet

FtpOpenFileW
FtpGetFileSize
InternetCloseHandle
FtpDeleteFileW
InternetWriteFile
InternetOpenW
InternetConnectW
InternetOpenUrlW
InternetReadFile
FtpCreateDirectoryW

ad800device

AD800_SetRecVolume
AD800_Free
AD800_SendDTMF
AD800_SetPlaybackVolume
_AD800_ReadDeviceSN@4
AD800_SetSilenceThreshold
AD800_SetVoiceThreshold
AD800_VoiceTrigger
AD800_SetHookTime
AD800_GetDevSN
AD800_StopDetBusyTone
AD800_SetHookVoltage
AD800_GetDialed
AD800_Init
AD800_GetCallerId
AD800_DetBusyTone
AD800_PlayFile
AD800_PickUp
AD800_HangUp
AD800_StopRec
AD800_StartFileRecFile
AD800_SetAudioCallbackFun
AD800_SetCallbackFun
AD800_SetFskCallbackFun
AD800_SetAGC

netapi32

Netbios

dbghelp

MiniDumpWriteDump
ImageDirectoryEntryToData

winmm

waveOutClose
waveOutReset
waveOutPrepareHeader
waveOutWrite
PlaySoundW
waveOutUnprepareHeader
waveOutOpen

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83ab1a5d6dfa722714004519e1dd0dda

Headers

File Characteristics

PDB Paths

Imports

sqlite3

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

ad800device

netapi32

dbghelp

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 416KB - Virtual size: 414KB

.data Size: 64KB - Virtual size: 2.4MB

.rsrc Size: 208KB - Virtual size: 205KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 416KB - Virtual size: 414KB

.data
Size: 64KB - Virtual size: 2.4MB

.rsrc
Size: 208KB - Virtual size: 205KB