2024-04-08_2a1c98955fb5de80b5d5502c6c3f64dd_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_2a1c98955fb5de80b5d5502c6c3f64dd_icedid
Size

1.6MB
MD5

2a1c98955fb5de80b5d5502c6c3f64dd
SHA1

d0e79a53fe12d4bd055fac52fb9ba98e4bb88987
SHA256

b12229132cb3cab07ecabdc981ce2265cdb36f34cfbe9c1bd765a8a94221715e
SHA512

0b04ce56b2418727a4959b090678bd2f4d402bc2a93914ac833178fe509a73af598dea476dea9e2ef06fc49cbf630cb653dd0eb13198c2a16fe6ec50826abc72
SSDEEP

24576:5yhhclumQnsNW0LTISLfjDzMuUX/1+vt+w4TE:oklzQsNW0HISPDzW2oTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-08_2a1c98955fb5de80b5d5502c6c3f64dd_icedid

Files

2024-04-08_2a1c98955fb5de80b5d5502c6c3f64dd_icedid
.exe windows:4 windows x86 arch:x86

5c065179eea1366161b4090503a389ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\Burst\installers\NeroInstaller\redist\x86\SetupX.pdb

Imports

kernel32

LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
RtlUnwind
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
TerminateProcess
SetStdHandle
GetFileType
TlsSetValue
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualProtect
GlobalGetAtomNameA
lstrcmpW
InterlockedDecrement
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynA
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
GetDriveTypeA
GetFileTime
CreateFileA
GetCurrentProcess
GetLongPathNameA
GetTempPathA
SetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
SetLastError
CopyFileA
FindClose
GetUserDefaultLCID
GetSystemDefaultLangID
FreeResource
lstrcatA
WinExec
CreateProcessA
GetFileAttributesA
GetUserDefaultLangID
GetModuleHandleA
GetWindowsDirectoryA
lstrcpyA
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
SetThreadLocale
GetModuleFileNameA
GetVersion
DeleteCriticalSection
CompareStringA
lstrcmpiA
RaiseException
lstrlenW
CompareStringW
InitializeCriticalSection
lstrlenA
MultiByteToWideChar
MoveFileA
WaitForSingleObject
DeleteFileA
OutputDebugStringA
Sleep
CloseHandle
GetLastError
CreateMutexA
GetCommandLineA
FindFirstFileA
FreeLibrary
GetProcAddress
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
LoadLibraryA

user32

DestroyMenu
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
WindowFromPoint
MoveWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
CallWindowProcA
IntersectRect
GetWindowPlacement
CopyRect
GetLastActivePopup
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PeekMessageA
ValidateRect
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadBitmapA
SetWindowContextHelpId
SetWindowPos
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetNextDlgTabItem
EndDialog
DispatchMessageA
TranslateMessage
GetWindowTextLengthA
GetMessageA
UpdateWindow
ShowWindow
DefWindowProcA
PostQuitMessage
SetFocus
CreateWindowExA
GetClassInfoExA
SetForegroundWindow
BringWindowToTop
DrawIcon
IsIconic
wsprintfA
LoadIconA
RegisterWindowMessageA
ExitWindowsEx
FindWindowA
GetTopWindow
SetWindowTextA
WaitForInputIdle
GetDesktopWindow
GetDlgCtrlID
GetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowEnabled
IsDialogMessageA
IsWindowVisible
MapDialogRect
GetWindow
KillTimer
GetCursorPos
SetWindowLongA
SetTimer
PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
CopyIcon
DrawTextA
DrawFocusRect
DestroyCursor
SetCursor
RedrawWindow
GetWindowRect
InflateRect
SetRectEmpty
PtInRect
MessageBoxA
GetKeyState
WinHelpA
GetParent
SetMenuItemBitmaps
IsChild
GetFocus
ScreenToClient
PostMessageA
SendMessageA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
EnableWindow
ReleaseCapture
GetSysColorBrush
LoadCursorA
IsWindow
DestroyWindow
SetCapture
InvalidateRect
ReleaseDC
GetDC
GetClientRect
OffsetRect
SetRect
CharUpperA
UnregisterClassA
GetMenuCheckMarkDimensions

gdi32

CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetTextColor
GetWindowExtEx
GetViewportExtEx
GetBkColor
CreateSolidBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateFontIndirectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPointA
SetTextJustification
TextOutA
GetStockObject
GetObjectA
GetTextExtentPoint32A
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegSetValueA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegOpenKeyA

shell32

SHFileOperationA
ShellExecuteA

comctl32

ord17

shlwapi

PathIsDirectoryA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringByteLen
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5c065179eea1366161b4090503a389ec

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 328KB - Virtual size: 324KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 328KB - Virtual size: 324KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB