2024-03-27_e34a7c855c708536f224894251cbab89_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_e34a7c855c708536f224894251cbab89_icedid
Size

950KB
MD5

e34a7c855c708536f224894251cbab89
SHA1

93f7b9a916797550a7b2349a2c8cfbd0681f113b
SHA256

c7f318c3915d4a49870d31be382f5c426d25a995a9afccd4bc95de537fa74603
SHA512

b3a6eb663b9d4c9ff3020f80faeb537b88fd6b1166735b9f2d639854659f58bc9ca2077a2db2933509a320215248eeea989dd2eb862dd7915a7dcad85e93bb41
SSDEEP

6144:2UsBrtF1RUVevGXdfp4H8Z2l4LNOgNpBPVs1Dwr3eV9z6Tk6kD55JwOVkPEG/8jH:2FBBFbaevGXdfpg8FpBPZku/8SWz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-27_e34a7c855c708536f224894251cbab89_icedid

Files

2024-03-27_e34a7c855c708536f224894251cbab89_icedid
.exe windows:4 windows x86 arch:x86

4ecb3973993c9a4887919a54a6e8c9bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\Burst\installers\NeroInstaller\redist\x86\UninstallNero.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
GlobalFlags
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
VirtualProtect
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GetModuleHandleA
GetCommandLineA
GetFileTime
CreateFileA
GetCurrentProcess
CloseHandle
WaitForSingleObject
SetFileAttributesA
CreateDirectoryA
SetLastError
FindClose
FindFirstFileA
GetUserDefaultLCID
FreeResource
lstrcatA
WinExec
GetWindowsDirectoryA
lstrcpyA
IsBadReadPtr
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
FreeLibrary
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersion
GetVersionExA
DeleteCriticalSection
CompareStringA
GetThreadLocale
lstrcmpiA
GetLastError
InterlockedExchange
RaiseException
lstrlenW
MultiByteToWideChar
GetACP
CompareStringW
WideCharToMultiByte
InitializeCriticalSection
GetLocaleInfoA
lstrlenA
VirtualFree

user32

DestroyMenu
wsprintfA
WindowFromPoint
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MoveWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
CallWindowProcA
SetWindowPos
IsIconic
GetWindowPlacement
CopyRect
GetLastActivePopup
UnhookWindowsHookEx
SetWindowsHookExA
GetActiveWindow
PeekMessageA
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconA
DispatchMessageA
TranslateMessage
GetWindowTextLengthA
GetMessageA
UpdateWindow
ShowWindow
DefWindowProcA
PostQuitMessage
SetForegroundWindow
SetFocus
CreateWindowExA
GetClassInfoExA
FindWindowA
GetTopWindow
RegisterWindowMessageA
SetWindowTextA
GetDlgCtrlID
GetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowEnabled
IsDialogMessageA
IsWindowVisible
MapDialogRect
GetWindow
KillTimer
GetCursorPos
SetWindowLongA
SetTimer
MessageBeep
GetDesktopWindow
CopyIcon
DrawTextA
DrawFocusRect
DestroyCursor
SetCursor
RedrawWindow
GetWindowRect
InflateRect
SetRectEmpty
PtInRect
MessageBoxA
GetKeyState
WinHelpA
GetParent
GetFocus
ScreenToClient
PostMessageA
SendMessageA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
EnableWindow
ReleaseCapture
GetSysColorBrush
LoadCursorA
IsWindow
DestroyWindow
SetCapture
InvalidateRect
ReleaseDC
GetDC
GetClientRect
OffsetRect
CharUpperA
UnregisterClassA
CallNextHookEx

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateFontIndirectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPointA
SetTextJustification
TextOutA
GetStockObject
GetObjectA
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsDirectoryA
PathIsUNCA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ecb3973993c9a4887919a54a6e8c9bd

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

Sections

.text Size: 192KB - Virtual size: 190KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 686KB - Virtual size: 686KB

.text
Size: 192KB - Virtual size: 190KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 686KB - Virtual size: 686KB