2024-03-15_998d3e411a8b606af74a327cdd96858e_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-15_998d3e411a8b606af74a327cdd96858e_icedid
Size

488KB
MD5

998d3e411a8b606af74a327cdd96858e
SHA1

fb709ca7068a15b0f64db823b2f84cfec6e474a8
SHA256

f2859967090bbfccc693fbc23d7ce692bbe7a7abe5a0a3e0baa571dcfbe86827
SHA512

da00e93691a3e8d142a53738abe4e57ff65380ef91e20320a1fd3ab9d01d4f595ffb8d7add729d82eb78df2d24852b695bf3dacc3d62e4801d0149a41ea1fc5d
SSDEEP

12288:JfwoESZhndxylqQ5p9vhrIkW42jNbvj6EP:lquhnTyl95NIH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_998d3e411a8b606af74a327cdd96858e_icedid

Files

2024-03-15_998d3e411a8b606af74a327cdd96858e_icedid
.exe windows:4 windows x86 arch:x86

109245113aaf1bc43049162fe05f1190

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\gamedodo\bak\bak\Games\CnChess\CnChessClient\Release\CnChessClient.pdb

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetEnvironmentVariableA
ReadProcessMemory
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapSize
TerminateProcess
CreateThread
ExitThread
HeapReAlloc
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
GetLocaleInfoW
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
OpenProcess
GetTimeZoneInformation
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
OutputDebugStringA
GetTickCount
WriteConsoleA
GetCommandLineA
GetSystemTime
Sleep
MultiByteToWideChar
GetLastError
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
CompareStringA
CompareStringW
GetStringTypeExA
MulDiv
lstrcpynA
GetProcAddress
GetModuleHandleA
lstrcmpW
lstrcatA
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
HeapFree
RtlUnwind
ExitProcess
SetErrorMode
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameA
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetCurrentDirectoryA
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GlobalGetAtomNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetModuleFileNameA
lstrcpyA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FreeResource
GetCurrentThreadId
InterlockedExchange

user32

GetMenuItemInfoA
GetSysColorBrush
DestroyCursor
SetCursorPos
RedrawWindow
InflateRect
LoadMenuA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
ShowOwnedPopups
PostQuitMessage
GetMessageA
TranslateMessage
ValidateRect
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenuStringA
InsertMenuA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
SendMessageA
GetWindowRect
GetClientRect
InvalidateRect
EnableWindow
LoadImageA
SetRect
IsWindow
GetParent
GetWindowThreadProcessId
GetSystemMetrics
MessageBoxA
UpdateWindow
RegisterWindowMessageA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
DeleteMenu
DestroyIcon
WindowFromPoint
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetDCEx
LockWindowUpdate
GetSystemMenu
SetParent
AppendMenuA
EnableMenuItem
GetForegroundWindow
SetTimer
KillTimer
DrawIconEx
CreateMenu
DrawEdge
DrawFocusRect
FrameRect
IsMenu
DrawStateA
SetWindowTextA
PostMessageA
DestroyMenu
PeekMessageA
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
IntersectRect
IsIconic
GetWindowPlacement
CopyRect
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
GetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
CharUpperA
GetDlgItem
GetCursorPos
ReleaseCapture
SetCursor
AdjustWindowRectEx
LoadCursorA
PtInRect
SetCapture
ClientToScreen
SetWindowRgn
DrawIcon
FillRect
OffsetRect
FindWindowA
SystemParametersInfoA
GetWindow
SetFocus
GetFocus
IsChild

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
CreatePen
CreateSolidBrush
OffsetViewportOrgEx
PatBlt
CreateCompatibleBitmap
GetTextExtentPoint32A
SetRectRgn
CombineRgn
GetCharWidthA
StretchDIBits
CreateFontA
GetBkColor
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
CreateRectRgn
SelectClipRgn
DeleteObject
CreateFontIndirectA
GetObjectA
CreateEllipticRgn
LPtoDP
Ellipse
GetClipBox
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
RealizePalette
ExtCreateRegion
GetDIBits
CreateICA
SetPixel
CreateDIBSection
GetBkMode
GetTextExtentPoint32W
LineTo
MoveToEx
CreateRectRgnIndirect

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA

shell32

SHGetFileInfoA
ShellExecuteExA
DragFinish
DragQueryFileA
ExtractIconA
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
_TrackMouseEvent
ord17
ImageList_GetImageInfo
ImageList_Draw
ImageList_Create
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
OleLoadPicture

winmm

PlaySoundA

hoho_base

?g_pMusic@@3PAViGameMusic@@A
?msReleaseFont@@YAXPAUtagFont@@@Z
?GetGraphics@@YAPAViDisplay@@XZ
?g_pScreenBuffer@@3PAViBitmapX@@A
?GetMusic@@YAPAViGameMusic@@XZ
?msCreateFont@@YAPAUtagFont@@PBDPAViFilePackage@@@Z
?CreateFilePackage@@YAPAViFilePackage@@PBD@Z
?CreateMusic@@YAPAViGameMusic@@PAUHWND__@@@Z
?CreatePlane2D@@YAPAViDisplay@@PAUHWND__@@HH_N1@Z
?RGB2Hi@@YAGEEE@Z
?CreateIniFile@@YAPAViIniFile@@PBDPAViFilePackage@@@Z
?g_pDisplay@@3PAViDisplay@@A

clientpublic

?Destory@CWButton@@QAEXXZ
?GetPathFromID@CImageManage@@QAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@JPAJ0@Z
?Create@CWButton@@QAE_NPBDJJJ@Z
?OnMouseMove@CWButton@@UAEXXZ
?Proc@CWButton@@UAE_NPAUHWND__@@IIJ@Z
?Display@CWButton@@UAEXXZ
?Run@CWButton@@UAEXXZ
??0CWButton@@QAE@XZ
??1CWButton@@UAE@XZ
?OnLButtonUp@CWButton@@UAEXXZ
??0CImageManage@@QAE@XZ
??1CImageManage@@QAE@XZ
?GetImageFromID@CImageManage@@QAEPAVCMyBitmap@@JPAJ0@Z
?SetPos@CWButton@@QAEXJJ@Z
?Release@CImageManage@@QAEXXZ

Exports

Exports

??0CImageManage@@QAE@ABV0@@Z
??0CWButton@@QAE@ABV0@@Z
??4CImageManage@@QAEAAV0@ABV0@@Z
??4CWButton@@QAEAAV0@ABV0@@Z
??_7CWButton@@6B@
?GetStatus@CGButton@@QAEJXZ
?GetStatus@CWButton@@QAEJXZ
?GetVisible@CGButton@@QAEJXZ
?GetVisible@CWButton@@QAEJXZ
?SetStatus@CGButton@@QAEXJ@Z
?SetStatus@CWButton@@QAEXJ@Z
?SetVisible@CGButton@@QAEXJ@Z
?SetVisible@CWButton@@QAEXJ@Z

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

109245113aaf1bc43049162fe05f1190

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

winmm

hoho_base

clientpublic

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 8KB - Virtual size: 31KB

.rsrc Size: 48KB - Virtual size: 46KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 8KB - Virtual size: 31KB

.rsrc
Size: 48KB - Virtual size: 46KB