2024-04-05_bc37e29729b797cfa62c3695526c7779_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-05_bc37e29729b797cfa62c3695526c7779_icedid
Size

3.5MB
MD5

bc37e29729b797cfa62c3695526c7779
SHA1

1f051ce1318ff305c3c2f64f609d3231f68da873
SHA256

62f64a5c96b5071908d90e2258429d66ed5569dcb3e939aaef95889e0e56a61c
SHA512

6485cdde609cc0ac0ccd81fc6528fadf2b0e91e265dcaba095c0d58f8dd8d9821d7d25759b990b7ff3325b9bc0640696cc1f3245d964650a9f43f347e2d542ea
SSDEEP

24576:FiiAlzkA5s96H0CA5oLMVLMKA5NDKnxYaXJi2Y3MpbwnCvzb4cbmYdTyVDEHA5/T:FiiAl4qHNgiDkYOMwwnMb4PmyVQm73

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-05_bc37e29729b797cfa62c3695526c7779_icedid

Files

2024-04-05_bc37e29729b797cfa62c3695526c7779_icedid
.exe windows:4 windows x86 arch:x86

e791258d96e10d4d21caa3d8d49afe49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Acro_root_at\Acrobat\Viewer\Win\output\acrobat\AcroRd32Exe.pdb

Imports

kernel32

UnmapViewOfFile
CreateFileA
VirtualQueryEx
GetCurrentProcess
MapViewOfFile
CreateFileMappingA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
ReadFile
CloseHandle
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemInfo
IsDebuggerPresent
OutputDebugStringA
SetFilePointer
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

FindWindowA
SendMessageA
MessageBoxA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

msvcr80

??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
strchr
strrchr
free
strcpy
malloc
strlen
strcmp
?terminate@@YAXXZ
??0exception@std@@QAE@ABQBD@Z
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_snprintf
_amsg_exit
??1exception@std@@UAE@XZ

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e791258d96e10d4d21caa3d8d49afe49

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp80

msvcr80

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 292KB - Virtual size: 291KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 292KB - Virtual size: 291KB