2024-03-26_66a392186d2e82d1c5e8fae53c82460e_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-26_66a392186d2e82d1c5e8fae53c82460e_icedid
Size

384KB
MD5

66a392186d2e82d1c5e8fae53c82460e
SHA1

db785fe7e15ead17f050f225ba5ff360ae6ed12c
SHA256

c395e3a758024864f5f090b2bd6b7744da0cca95c87b39398e43dabcc9c593ed
SHA512

8d7a1b52265905b9d859b4fba81a689834e57581ebbaf219c7e0d94f8eb08acfbe5b8fd67a56f5c9df48b268877c41192bbe38fc8cc3dd80eb7ed01cc5d412db
SSDEEP

6144:1vIz4nVyk5HSFIYxzmkA0QQ0XD6F76cpUt6aYL0fVKffAxftJKpZx/if3F+NcO:1vo4nYLFIYxzW0QQQO6aRkKLxm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-26_66a392186d2e82d1c5e8fae53c82460e_icedid

Files

2024-03-26_66a392186d2e82d1c5e8fae53c82460e_icedid
.exe windows:4 windows x86 arch:x86

285e6c8859ec4981eaa3acb2ca9d90dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\PC7_Rel_7\BackendApps\AutoLoad\Release\AutoLoad.pdb

Imports

dbaccess

?GetpString@c_SQL_STRING@@QAEPADXZ
?Open@DB_ACCESS_CLS@@SAJXZ
?Connect@DB_ACCESS_CLS@@SAJQAD@Z
??0DB_QUERY_RESULT_CLS@@QAE@XZ
?SetResultSetInfo@DB_QUERY_RESULT_CLS@@QAEJJFJH@Z
?SetField@DB_QUERY_RESULT_CLS@@QAEJHPADJ@Z
??1DB_QUERY_RESULT_CLS@@QAE@XZ
??0c_SQL_STRING@@QAE@XZ
??1c_SQL_STRING@@QAE@XZ
?Close@DB_ACCESS_CLS@@SAJXZ
??4c_SQL_STRING@@QAEAAV0@PAD@Z
?GetConnection@DB_ACCESS_CLS@@SAPAVDB_QUERY_CLS@@XZ
?SendQuery@DB_QUERY_CLS@@QAEJPAVc_SQL_STRING@@PAVDB_QUERY_RESULT_CLS@@@Z
?GetRowCount@DB_QUERY_RESULT_CLS@@QAEJXZ
?GetpResult@DB_QUERY_RESULT_CLS@@QAEPADXZ
?AddString@c_SQL_STRING@@QAEAAV1@PAD0J0@Z
?SendQuery@DB_QUERY_CLS@@QAEJPAVc_SQL_STRING@@@Z
?AddDateTime@c_SQL_STRING@@QAEAAV1@PADAAUdbdaterec@@0@Z
?AddLong@c_SQL_STRING@@QAEAAV1@PADJ0@Z
??Yc_SQL_STRING@@QAEAAV0@PAD@Z

mtekutil

SetVersionInfo

audit

?AuditDone@@YAXXZ
?LogAuditMessage@@YAHJQAD00PAXHE1HE1HE1HE1HE1HE1HE1HE1HE1HE@Z

kernel32

TerminateProcess
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetEnvironmentVariableA
SetEnvironmentVariableW
SetUnhandledExceptionFilter
LCMapStringA
VirtualQuery
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersion
MultiByteToWideChar
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExA
lstrcmpiA
lstrlenA
GetLastError
FindResourceA
SizeofResource
LockResource
LoadResource
GetComputerNameA
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
Sleep
CreateEventA
CreateMutexA
SetConsoleCtrlHandler
ReleaseMutex
GetCurrentThreadId
CreateThread
LocalFree
GetModuleFileNameA
FormatMessageA
GetOverlappedResult
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
GetTickCount
SetErrorMode
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetShortPathNameA
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DeleteFileA
MoveFileA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
InterlockedIncrement
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GlobalAddAtomA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
MulDiv
lstrcpynA
GetCurrentThread
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrcmpA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetDateFormatA
CreateNamedPipeA
DisconnectNamedPipe
CancelIo
PeekNamedPipe
TerminateThread
WriteFile
ConnectNamedPipe
SetEvent
ReadFile
WaitForMultipleObjects
LCMapStringW

user32

PostThreadMessageA
CreateMenu
CopyAcceleratorTableA
GetMenuItemInfoA
InflateRect
DestroyIcon
GetSysColorBrush
SetParent
GetSystemMenu
DeleteMenu
IsZoomed
wsprintfA
LoadMenuA
DestroyMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
WaitMessage
GetWindowThreadProcessId
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ReleaseCapture
SetCapture
ClientToScreen
SetWindowRgn
DrawIcon
IsRectEmpty
FindWindowA
FillRect
ReleaseDC
DestroyCursor
SetRect
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetTabbedTextExtentA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
RegisterClassA
CharUpperA
EnableWindow
SendMessageA
LoadIconA
GetClientRect
GetDC
InvalidateRect
PostMessageA
SetTimer
KillTimer
EndDialog
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
GetDCEx
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
RegisterClipboardFormatA
GetForegroundWindow
LockWindowUpdate
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
GetSystemMetrics
SetActiveWindow
GetActiveWindow
GetDesktopWindow
PostQuitMessage
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
UnregisterClassA
SetCursor
ShowOwnedPopups
GetLastActivePopup
LoadCursorA

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
SetStretchBltMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
CreatePatternBrush
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
GetTextMetricsA
GetTextExtentPoint32A
StretchDIBits
GetCharWidthA
GetBkColor
CreateFontIndirectA
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetTextAlign
GetTextFaceA
GetWindowOrgEx
CreateRectRgnIndirect
SetRectRgn
CombineRgn
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
GetStockObject
PatBlt
Rectangle
DPtoLP
GetViewportOrgEx
CreatePen
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateDCA
CreateFontA
SelectObject
Escape
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
CommDlgExtendedError
PrintDlgA

winspool.drv

GetJobA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA

shell32

DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragFinish

comctl32

ord17
ImageList_Destroy
ImageList_GetImageInfo
ImageList_Draw

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoDisconnectObject

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
VariantClear
LoadTypeLi
SysFreeString

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

285e6c8859ec4981eaa3acb2ca9d90dd

Headers

File Characteristics

PDB Paths

Imports

dbaccess

mtekutil

audit

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 71KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 71KB

.rsrc
Size: 36KB - Virtual size: 35KB