2024-03-27_3e56975127f436aa5e8a9b9c7af5eb23_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-27_3e56975127f436aa5e8a9b9c7af5eb23_icedid
Size

1.3MB
MD5

3e56975127f436aa5e8a9b9c7af5eb23
SHA1

acbf171b31c25a66d7af44bf9e1f5666acaa3f2c
SHA256

7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e
SHA512

f1a2d4dcc0531ee08c3b5e407b7e250743c15d0e2f320a9d74e933a94791d1185a9dc6f5f28b9e3bc8bbc364b3c98fc72e936c45b88279c773ea4507e24b3e9f
SSDEEP

12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-03-27_3e56975127f436aa5e8a9b9c7af5eb23_icedid

Files

2024-03-27_3e56975127f436aa5e8a9b9c7af5eb23_icedid
.exe windows:5 windows x86 arch:x86

a8311b6d98c1262cc1ec0eab47dbfe32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\498883\out\Release\QHFileSmasher.pdb

Imports

kernel32

ExitThread
CreateThread
ExitProcess
GetStartupInfoW
RtlUnwind
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStdHandle
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode
LCMapStringA
SetHandleCount
GetFileType
GetStartupInfoA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsDebuggerPresent
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
SetUnhandledExceptionFilter
HeapAlloc
TerminateProcess
GetFileSizeEx
LocalFileTimeToFileTime
GetLocaleInfoW
CompareStringA
GetShortPathNameW
SetEndOfFile
FlushFileBuffers
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
lstrcmpiA
GetTempFileNameW
OpenMutexW
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
SetFilePointerEx
IsProcessorFeaturePresent
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
UnhandledExceptionFilter
HeapFree
lstrlenA
lstrcmpA
CompareStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFullPathNameW
GetLogicalDriveStringsW
DeviceIoControl
InterlockedExchange
MoveFileW
GetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
QueryPerformanceCounter
SetFileAttributesW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
SetErrorMode
SetEnvironmentVariableW
GetCommandLineW
ExpandEnvironmentStringsW
lstrcmpiW
lstrlenW
SetFilePointer
InterlockedIncrement
ProcessIdToSessionId
FreeResource
GetSystemWindowsDirectoryW
LocalAlloc
SystemTimeToFileTime
GetModuleHandleA
GetTimeZoneInformation
LocalFree
GlobalFree
CreateMutexW
FreeConsole
GetCurrentProcessId
LoadLibraryExW
GetTempPathW
GetDriveTypeW
GetWindowsDirectoryW
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
Sleep
InterlockedCompareExchange
GetVersionExW
GetModuleFileNameW
MultiByteToWideChar
WriteFile
ReadFile
GetFileSize
CreateFileW
CopyFileW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
InterlockedDecrement
MulDiv
GetCurrentProcess
SetEvent
CreateEventW
ResetEvent
GetTickCount
WaitForSingleObject
WideCharToMultiByte
GetSystemTimeAsFileTime
DeleteFileW
GetVersion
GetSystemDirectoryW
SetLastError
RaiseException
DeleteCriticalSection
InitializeCriticalSection
CreateProcessW
GetLastError
OpenProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetUserDefaultLCID

user32

GetWindowTextW
GetWindowTextLengthW
RedrawWindow
DrawTextW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowTextW
GetWindow
MonitorFromWindow
MapWindowPoints
IsRectEmpty
IsDialogMessageW
GetClientRect
DrawIconEx
DestroyIcon
GetActiveWindow
MessageBoxW
InvalidateRect
MonitorFromRect
PostQuitMessage
UnhookWindowsHookEx
GetLastActivePopup
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
CheckMenuItem
EnableMenuItem
ModifyMenuW
SetCursor
GetDlgCtrlID
GetKeyState
GetWindowDC
BeginPaint
LoadBitmapW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetWindowThreadProcessId
FindWindowW
SendMessageTimeoutW
IsWindow
KillTimer
GetMenuCheckMarkDimensions
DestroyWindow
GetWindowPlacement
ShowWindow
SetTimer
IsWindowVisible
RegisterClassExW
GetClassInfoExW
SetMenu
GetMessageTime
GetTopWindow
RemovePropW
GetPropW
SetPropW
GetCapture
WinHelpW
DestroyMenu
TabbedTextOutW
DrawTextExW
GrayStringW
EndPaint
SetCapture
ReleaseCapture
GetClassLongW
SetClassLongW
BringWindowToTop
SwitchToThisWindow
GetSystemMetrics
CharNextW
PeekMessageW
DestroyAcceleratorTable
InvalidateRgn
FillRect
CreateAcceleratorTableW
GetSysColor
GetClassNameW
GetDlgItem
IsChild
LoadImageW
LoadIconW
GetDesktopWindow
LoadCursorW
CreateWindowExW
EnableWindow
GetParent
SendMessageW
SetWindowPos
LoadStringW
UnregisterClassA
SetFocus
IsWindowEnabled
SetRectEmpty
RegisterWindowMessageW
GetDC
ReleaseDC
GetFocus
CopyRect
OffsetRect
ClientToScreen
GetMessagePos
PtInRect
ScreenToClient
MoveWindow
GetWindowRect
GetMonitorInfoW
AllowSetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetActiveWindow
SetMenuItemBitmaps
IsIconic
SystemParametersInfoA
GetMenu
AdjustWindowRectEx
RegisterClassW
PostMessageW
GetKeyboardState
keybd_event
GetClassInfoW

gdi32

ScaleWindowExtEx
PtVisible
SetWindowExtEx
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetClipBox
CreateBitmap
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
TextOutW
RectVisible
GetStockObject
BitBlt
SetViewportOrgEx
GetPixel
CreateCompatibleBitmap
CreateFontW
SetTextColor
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
GetObjectA
GetObjectW
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExA
ConvertSidToStringSidW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExA

shell32

SHOpenFolderAndSelectItems
SHGetMalloc
SHGetSpecialFolderLocation
ord155
ord190
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
ord680
SHGetSpecialFolderPathW
SHGetFolderPathW
ord165

ole32

OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

VariantChangeType
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VarUI4FromStr
SysAllocStringLen
VarBstrCmp
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

StrCmpIW
PathCompactPathW
PathStripPathW
ord437
PathFindFileNameW
PathIsDirectoryW
PathAddBackslashW
StrStrIW
PathRemoveFileSpecW
PathAppendW
PathCombineW
SHSetValueA
SHGetValueA
PathFileExistsW
ColorHLSToRGB
ColorRGBToHLS
SHGetValueW
wnsprintfW

comctl32

InitCommonControlsEx

gdiplus

GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathEllipseI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateFromHWND
GdipGetFontHeight
GdipCreatePen2
GdipDrawRectangleI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipPrivateAddMemoryFont
GdipSetPenWidth
GdipDrawEllipseI
GdipSetPenDashOffset
GdipAddPathLineI
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDrawImagePointRectI
GdipResetWorldTransform
GdipCreateBitmapFromScan0
GdipDrawPath
GdipFillPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipResetClip
GdipCreatePath
GdipFillRectangleI
GdipRotateWorldTransform
GdipGetPixelOffsetMode
GdipTranslateWorldTransform
GdipSetClipRectI
GdipSetTextRenderingHint
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCreateLineBrushFromRectI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipDrawString
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipDrawLineI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipSetPathGradientGammaCorrection
GdipSetPathGradientCenterPoint
GdipAddPathLine2
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetInterpolationMode
GdipCloneFontFamily
GdipDeleteFontFamily
GdipDeletePath
GdipSetLinePresetBlend

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetCloseHandle
HttpQueryInfoW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetOpenW

psapi

GetModuleFileNameExW

imm32

ImmDisableIME

rpcrt4

NdrAsyncClientCall
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingFree

oleacc

LresultFromObject
CreateStdAccessibleObject

wtsapi32

WTSQuerySessionInformationW

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8311b6d98c1262cc1ec0eab47dbfe32

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

wininet

psapi

imm32

rpcrt4

oleacc

wtsapi32

userenv

Sections

.text Size: 731KB - Virtual size: 730KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 24KB - Virtual size: 54KB

.rsrc Size: 391KB - Virtual size: 391KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 731KB - Virtual size: 730KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 24KB - Virtual size: 54KB

.rsrc
Size: 391KB - Virtual size: 391KB

.reloc
Size: 72KB - Virtual size: 72KB