2024-04-09_390b41030e11c62951c591810aea5c0c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_390b41030e11c62951c591810aea5c0c_icedid
Size

3.3MB
MD5

390b41030e11c62951c591810aea5c0c
SHA1

e9cf309a8057f11ba8bf979d53c4089fd557ba34
SHA256

396a0732593877477b21b1c429753061516c635f846b5e01a612cb6796ad883d
SHA512

d25e4acc163b501b8a410bc45a0685b2e62e273b1c8c8f2e0880ceadb1bca626b08a13b5d70e5e1590baf5b3df822a36d99a8c5f512baccd0f7ff48f1ba9673e
SSDEEP

49152:ATa1VRZVPzDhHYeplOqd5pz28UNJABbDA+AkfrE0Fi2T6WZxrSU5R:lVRZVPpJvMAJDA+DFi2Tt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_390b41030e11c62951c591810aea5c0c_icedid

Files

2024-04-09_390b41030e11c62951c591810aea5c0c_icedid
.exe windows:5 windows x86 arch:x86

102be54e7c01935c41813a7445af5520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\MySource\Rubik7T\Temp\Compile\DogUpload\Release\DogUpload.pdb

Imports

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetUnhandledExceptionFilter
QueryPerformanceFrequency
GetQueuedCompletionStatus
CreateIoCompletionPort
GetStdHandle
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
ExitProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetProcessHeap
GetLocalTime
OpenProcess
CreateMutexA
GetDriveTypeA
LoadLibraryExA
CreateProcessA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
lstrcatA
lstrcpyA
CreateDirectoryA
GetDiskFreeSpaceExA
RemoveDirectoryA
FindNextFileA
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
ResetEvent
FreeEnvironmentStringsA
IsDebuggerPresent
RaiseException
RtlUnwind
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
DeleteFileA
MoveFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
CopyFileA
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
WritePrivateProfileStringA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
Sleep
SizeofResource
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SetEnvironmentVariableA

user32

SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterWindowMessageA
IsDialogMessageA
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
DrawIcon
AppendMenuA
SendMessageA
PostMessageA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetMenuItemID
GetMenuItemCount
SetWindowTextA
MoveWindow
ShowWindow
GetSubMenu
RegisterClassA
GetSystemMenu
IsIconic
DrawFocusRect
DestroyMenu
GetSysColor
FillRect
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
wsprintfA
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
SetCapture
LoadCursorA
ReleaseCapture
GetSysColorBrush
CharUpperA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
PostThreadMessageA
KillTimer
RegisterClipboardFormatA
GetWindow
SetWindowContextHelpId
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetDesktopWindow
SetWindowPos
MapDialogRect
InvalidateRect

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateSolidBrush
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetMapMode
RestoreDC
SaveDC
SelectObject
DeleteObject
GetTextMetricsA
ExtTextOutA
BitBlt
CreateCompatibleDC
GetObjectA
SetBkColor
SetTextColor
GetDeviceCaps
GetClipBox
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetSecurityDescriptorDacl
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ord17

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VarUdateFromDate
VarDateFromStr
SafeArrayGetElement
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

iphlpapi

GetIpAddrTable

ws2_32

inet_addr
inet_ntoa
getsockopt
socket
WSAGetLastError
bind
listen
accept
connect
select
__WSAFDIsSet
send
recv
htons
closesocket
setsockopt
getsockname
gethostname
gethostbyname
WSAIoctl
WSASend
WSARecv
WSAGetOverlappedResult
gethostbyaddr
WSAStartup
WSACleanup
recvfrom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

102be54e7c01935c41813a7445af5520

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

ws2_32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 836KB - Virtual size: 835KB

.data Size: 44KB - Virtual size: 418KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 836KB - Virtual size: 835KB

.data
Size: 44KB - Virtual size: 418KB

.rsrc
Size: 19KB - Virtual size: 18KB