2024-03-26_57ff1ae376c396aedcb9ceb7d15e961c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-26_57ff1ae376c396aedcb9ceb7d15e961c_icedid
Size

9.2MB
MD5

57ff1ae376c396aedcb9ceb7d15e961c
SHA1

5fc9c1f8f1fa35cf593c81b7c4ccdb60a9fed3c9
SHA256

0ff681f32c25c9841fa25ac8a81b7d9c7d474bb3d4cea87989fb572891c6c8e7
SHA512

4c02a251b077e89ddd914340cdc465cc4bdce52552f94c13c8da76e455e05f28cee8a5155d6d25eda67b56930a396ce72de299728a1c95ee29cc2d2383caf008
SSDEEP

196608:P6BUqiRRsfBeQUUQIMxo+HqGcE9i0S2gyTGb62TWLo:PiUqiRyfBefUnM2+Dd9i0dgiLo

Score

10^/10

Malware Config

Signatures

Detects executables with modified PE resources using the unpaid version of Resource Tuner 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_PE_ResourceTuner

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-26_57ff1ae376c396aedcb9ceb7d15e961c_icedid

Files

2024-03-26_57ff1ae376c396aedcb9ceb7d15e961c_icedid
.exe windows:5 windows x86 arch:x86

392e5ee53f6c361cebd5c300950ca0a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\slave\workspace\9060\bin\pdb\BarServer.pdb

Imports

iocptcp

TcpListen
TcpGetLinkAddr
TcpConnect
TcpCreate
TcpUninit
TcpInit
TcpSend
TcpDestroy
TcpSetLinkAttr

iocpudp

UdpDestroy
UdpCreate
UdpUninit
UdpInit
UdpSendTo

routemonitordll

RM_SetHostUrl
RM_GetClientChecksum
RM_Init
RM_Uninit
RM_DeleteFlowControlRule
RM_AddFlowControlRule
RM_DeleteStaticNat
RM_AddStaticNat
RM_EnableSwQos
RM_QueryRuleList
RM_QuerySwQos
RM_QueryNatList
RM_QueryWanList
RM_GetIcon
RM_QueryRouteInfo

uxtheme

GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetWindowTheme

kernel32

LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
CompareStringW
GetLocaleInfoW
GetUserDefaultUILanguage
GetOEMCP
GetCPInfo
GetACP
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetTempPathA
GetTempFileNameA
GetProfileIntA
SearchPathA
VirtualProtect
GetDiskFreeSpaceA
GetUserDefaultLCID
FindResourceExW
GetFullPathNameW
CreateMutexW
QueryPerformanceCounter
InterlockedCompareExchange
OutputDebugStringW
UnlockFileEx
FormatMessageW
HeapCreate
HeapValidate
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetSystemInfo
GetSystemTime
AreFileApisANSI
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
GetConsoleCP
CompareStringA
GetConsoleMode
FreeResource
GetStdHandle
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
CreateEventW
UnhandledExceptionFilter
SetEnvironmentVariableA
GetDriveTypeW
GetCurrentDirectoryW
SetStdHandle
HeapQueryInformation
ExitThread
VirtualAlloc
GetCommandLineA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
FreeLibraryAndExitThread
GetThreadTimes
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW
GetExitCodeThread
FindFirstFileExW
SetThreadPriority
MulDiv
GlobalSize
FindResourceW
GetSystemDirectoryW
EncodePointer
IsValidCodePage
GlobalGetAtomNameA
ReadConsoleW
LocalReAlloc
Sleep
SetConsoleCtrlHandler
SetFileAttributesA
WriteFile
ReadFile
SetFilePointer
CloseHandle
CreateFileA
GetLastError
GetTickCount
FreeLibrary
GetProcAddress
GetCurrentThread
GetCurrentThreadId
SetLastError
ResumeThread
LoadLibraryA
GetModuleFileNameA
OutputDebugStringA
GetCurrentDirectoryA
GetFileAttributesA
GetVersionExA
OpenProcess
GetCurrentProcess
TerminateProcess
GetFileSizeEx
DeviceIoControl
FindClose
SetSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
OpenMutexA
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
GetDriveTypeA
CreateDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
GetVolumeInformationA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
LockFile
UnlockFile
GetFileSize
FlushFileBuffers
SetEndOfFile
GetFileTime
DuplicateHandle
lstrcmpiA
lstrlenA
GetFullPathNameA
MoveFileA
LocalFree
GetFileType
SetFilePointerEx
lstrlenW
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
LockResource
LoadResource
SizeofResource
lstrcpyA
LoadLibraryExA
FindResourceA
EnumResourceNamesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetComputerNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetCurrentProcessId
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
LoadLibraryW
GetModuleHandleA
IsBadWritePtr
GetModuleFileNameW
GetDiskFreeSpaceExA
InterlockedIncrement
GetExitCodeProcess
CreateProcessA
InterlockedDecrement
lstrcmpA
GetModuleHandleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
LocalAlloc

user32

ShowOwnedPopups
IntersectRect
IsIconic
PostQuitMessage
CopyImage
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
FillRect
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
DestroyIcon
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
LoadAcceleratorsA
TranslateAcceleratorA
GetDC
ReleaseDC
MessageBoxA
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
wsprintfA
CharUpperA
GetSystemMetrics
LoadMenuA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
UnhookWindowsHookEx
SendMessageA
EnableWindow
IsWindowEnabled
GetWindowLongA
DrawFocusRect
SetRectEmpty
OffsetRect
IsRectEmpty
LoadImageA
DrawIconEx
GetIconInfo
MessageBeep
GetAsyncKeyState
EnableScrollBar
SetCursor
InvertRect
LoadCursorW
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyA
BringWindowToTop
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
GetSysColor
GetSysColorBrush
LoadCursorA
GetWindowTextA
GetWindowTextLengthA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextA
TrackMouseEvent
LoadMenuW
GetComboBoxInfo
IsZoomed
DeleteMenu
SetTimer
KillTimer
InvalidateRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
ReleaseCapture
HideCaret
GetSystemMenu
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetCursorPos
SetRect
SetParent
LockWindowUpdate
SetClassLongA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
DrawIcon
GetWindowRgn
DestroyCursor
IsMenu
UpdateLayeredWindow
MonitorFromPoint
WindowFromPoint
GetScrollPos
SetScrollPos
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow

gdi32

CreateDCA
CopyMetaFileA
CreateDIBSection
StretchBlt
SelectObject
GetStockObject
GetPaletteEntries
DeleteObject
DeleteDC
CreateCompatibleDC
SetDIBColorTable
GetTextFaceA
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetPixel
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetNearestPaletteIndex
CreatePalette
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32A
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
BitBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AllocateAndInitializeSid
RegEnumKeyExA
RegDeleteValueA
FreeSid
RegDeleteKeyA
SetNamedSecurityInfoA
SetEntriesInAclA

shell32

ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHAppBarMessage
SHGetSpecialFolderPathA

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysStringLen
LoadTypeLi
SysAllocStringByteLen
VariantInit
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocString
VarBstrFromDate

bcmanagerupdate

Clit_Init
Clit_UnInit
Clit_SetSrvInfo
Clit_SetUpdateNotify
Clit_SetSyncInfo

dbghelp

MiniDumpWriteDump

ws2_32

htonl
ntohl
inet_addr
setsockopt
sendto
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
closesocket
htons
ntohs

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetIfEntry
SendARP
GetAdaptersInfo

rpcrt4

UuidCreate

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA

wininet

InternetCrackUrlA
InternetReadFile
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
HttpAddRequestHeadersA

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapSetResolution
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageGraphicsContext

psapi

GetProcessMemoryInfo

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

msimg32

TransparentBlt
AlphaBlend

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 364KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

392e5ee53f6c361cebd5c300950ca0a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

routemonitordll

uxtheme

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

bcmanagerupdate

dbghelp

ws2_32

version

iphlpapi

rpcrt4

shlwapi

wininet

gdiplus

psapi

oleacc

msimg32

imm32

winmm

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 364KB - Virtual size: 414KB

.rsrc Size: 190KB - Virtual size: 192KB

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 364KB - Virtual size: 414KB

.rsrc
Size: 190KB - Virtual size: 192KB