2024-04-05_c306faa2ab5834a33ddc07a45f442969_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-05_c306faa2ab5834a33ddc07a45f442969_icedid
Size

668KB
MD5

c306faa2ab5834a33ddc07a45f442969
SHA1

eddf8ed14e3205be8bc7efa535775e2c7e5066fb
SHA256

4b90e272bbe12f7aea44ccc4bb6c88d09d21f38c2e40d1925189f65e897f8cf1
SHA512

2f02bc02d781b76dfb070febacb99e7dfc4f2b2cc229cd9ca4b8e6572bafcf25d722dd7d5a7fe276eb47a7344d18cd6d4d93882d5fc31a05c7e522e007826f22
SSDEEP

12288:sDPvDKi7Ac0viOpiJqVvyo+gmeu3ujUmKeE0Lg5PtQ4X33GM0xbwB4geSihu:sLDKi7Ac0viOpii4YE0vyybgihu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-05_c306faa2ab5834a33ddc07a45f442969_icedid

Files

2024-04-05_c306faa2ab5834a33ddc07a45f442969_icedid
.exe windows:4 windows x86 arch:x86

6e1642d34b10f2c5d2ba3a6ea8b8707a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

kernel32

InterlockedDecrement
LoadLibraryA
LocalFree
LocalAlloc
GetExitCodeThread
WaitForMultipleObjects
SetNamedPipeHandleState
GetCurrentThread
GetComputerNameW
GetProcessHeap
HeapAlloc
HeapFree
EnumResourceLanguagesW
lstrcmpiA
LoadLibraryExW
FlushFileBuffers
DisconnectNamedPipe
LeaveCriticalSection
ReleaseMutex
OpenMutexW
EnterCriticalSection
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetOEMCP
GetACP
GetDriveTypeA
GetStringTypeA
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentDirectoryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetTimeZoneInformation
HeapReAlloc
HeapSize
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
GetDriveTypeW
OpenFileMappingW
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleFileNameA
ExpandEnvironmentStringsW
GetShortPathNameW
MoveFileExW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetProfileIntW
WriteProfileStringW
GetProfileStringW
EnumSystemLocalesW
GetSystemInfo
GetVersion
GetVersionExW
IsBadReadPtr
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
WriteProcessMemory
ReadProcessMemory
GlobalReAlloc
GlobalSize
GlobalFlags
GetWindowsDirectoryW
GetLocalTime
EnumResourceNamesW
FindResourceW
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
MoveFileW
GetProcessVersion
lstrcmpiW
InterlockedIncrement
TlsGetValue
LocalReAlloc
TlsSetValue
TlsAlloc
LoadResource
LockResource
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetFileAttributesW
CreateProcessW
SetThreadPriority
ResumeThread
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
GetSystemDirectoryW
SetEndOfFile
ReadFile
GetFileSize
SetFilePointer
CreateFileW
GetModuleHandleW
FormatMessageW
GlobalGetAtomNameW
GetCurrentThreadId
TransactNamedPipe
WriteFile
GetTickCount
WaitNamedPipeW
SetLastError
lstrcmpW
MulDiv
GetLocaleInfoW
OpenProcess
TerminateProcess
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
CopyFileW
SetFileAttributesW
GetLastError
Sleep
GetCommandLineW
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpynW
GetModuleHandleA
lstrlenA
lstrlenW
GetStringTypeW
lstrcpyW
GlobalDeleteAtom
SetErrorMode
lstrcatW
GlobalAddAtomW
GlobalFindAtomW

user32

GetCapture
GetParent
PtInRect
IsWindowEnabled
SetCursor
ShowCursor
LoadCursorW
CharUpperW
GetWindow
SetWindowPos
GetSystemMetrics
GetClassNameW
GetWindowLongW
ReleaseDC
GetDC
GetWindowTextW
GetDlgCtrlID
GetWindowTextLengthW
GetClientRect
MessageBoxW
SendMessageW
GetWindowRect
EnableWindow
GetDlgItem
IntersectRect
GetDlgItemTextW
GetDialogBaseUnits
SetWindowTextW
wvsprintfW
LoadStringA
MessageBoxA
IsZoomed
ScreenToClient
PeekMessageW
PostQuitMessage
IsDialogMessageW
TranslateMessage
DispatchMessageW
DeferWindowPos
GetClassLongW
ClientToScreen
ExitWindowsEx
SetRect
GetSysColorBrush
FillRect
GetSysColor
RemovePropW
CallWindowProcW
GetPropW
SetPropW
MsgWaitForMultipleObjects
BeginPaint
EndPaint
DefWindowProcW
IsIconic
GetClassInfoW
RegisterClassW
LoadImageW
SystemParametersInfoW
KillTimer
DestroyWindow
UnregisterClassW
GetSystemMenu
GetMenuItemCount
GetMenuItemID
DeleteMenu
OffsetRect
GetWindowThreadProcessId
SendMessageTimeoutW
GrayStringW
TabbedTextOutW
EndDialog
DialogBoxParamW
wsprintfW
GetDesktopWindow
OpenClipboard
EmptyClipboard
SetClipboardData
GetCursorPos
IsWindowVisible
ValidateRect
GetKeyState
GetActiveWindow
GetMessageW
GetWindowPlacement
RegisterWindowMessageW
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
GetSubMenu
GetMenu
UpdateWindow
GetTopWindow
CopyRect
AdjustWindowRectEx
GetFocus
MapWindowPoints
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
DestroyMenu
CloseClipboard
GetAsyncKeyState
IsDlgButtonChecked
LoadIconW
DestroyIcon
WinHelpW
EnumWindows
CharLowerW
LoadStringW
CallNextHookEx
CreateWindowExW
MessageBeep
SetWindowsHookExW
UnhookWindowsHookEx
GetLastActivePopup
PostMessageW
FindWindowW
SetTimer
ShowWindow
IsWindow
SetFocus
SetDlgItemTextW
SetWindowLongW
InvalidateRect
DrawTextW

gdi32

GetRgnBox
GetFontLanguageInfo
SetBkColor
StretchBlt
BitBlt
CreateFontW
TranslateCharsetInfo
GetCharacterPlacementW
GetCharacterPlacementA
GetObjectType
GetGlyphOutlineW
GetCurrentObject
SetPixel
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
ResetDCW
EnumFontFamiliesExW
CreateCompatibleBitmap
PatBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetOutlineTextMetricsW
GetCharWidthW
GetCharWidthA
GetStockObject
GetObjectW
CreateDCW
ExtEscape
DeleteDC
GetTextExtentPointW
GetTextMetricsW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
SaveDC
RestoreDC
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateBitmap

winspool.drv

DeleteMonitorW
DeletePrinterDriverW
ClosePrinter
DeletePrinter
DeletePrinterConnectionW
GetPrinterDriverDirectoryW
AddPrinterW
DeviceCapabilitiesW
AddPrinterConnectionW
AddMonitorW
AddPrinterDriverW
SetPrinterW
DocumentPropertiesW
GetPrinterDriverW
GetPrinterA
GetPrinterW
EnumPrinterDriversW
EnumPrintersW
EnumPortsW
GetJobW
OpenPrinterW

advapi32

FreeSid
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenThreadToken
OpenProcessToken
GetUserNameW
RegDeleteKeyW
RegDeleteKeyA
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorOwner
LookupAccountNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
RegCloseKey
ControlService
StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
EnumDependentServicesW
DeleteService
CreateServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegSetKeySecurity
RegConnectRegistryW
RegFlushKey
RegUnLoadKeyW
RegLoadKeyW
LookupAccountSidW
RegEnumKeyW
RegCreateKeyW
RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
CommandLineToArgvW
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ord17

Sections

.text
Size: 480KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e1642d34b10f2c5d2ba3a6ea8b8707a

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 480KB - Virtual size: 476KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 96KB - Virtual size: 129KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 480KB - Virtual size: 476KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 96KB - Virtual size: 129KB

.rsrc
Size: 48KB - Virtual size: 44KB