2024-04-11_efbd79b494de2976167e4479104d62eb_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-11_efbd79b494de2976167e4479104d62eb_icedid
Size

660KB
MD5

efbd79b494de2976167e4479104d62eb
SHA1

e1093c54c1c84050ea5a6c9e31ae5aefeaae16ad
SHA256

a27a7eda4a2cafb43a5c0ceb6f1a6aad0d8ca449a0410290899a643b5e4621dc
SHA512

786ddf948c2288f4bee27ace954d70a3984f6dc2932bb2cc92558db0ee2f317d2723c1a3169fc495a55723953dd3ee3972a3c5bcf6ed446ae46a26415b961474
SSDEEP

12288:LDOcH+8WB5BxbxQ2/c5hb3rf6xMhEN3puh3DDJGlc:Lgnc5BriMhEZpuhsc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-11_efbd79b494de2976167e4479104d62eb_icedid

Files

2024-04-11_efbd79b494de2976167e4479104d62eb_icedid
.exe windows:4 windows x86 arch:x86

51a13994fc87951619d29383bbea8f31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate

winmm

timeGetTime

kernel32

TerminateProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
ExitProcess
GetExitCodeProcess
CreateProcessA
SetEnvironmentVariableA
Sleep
GetLastError
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
RtlUnwind
GetSystemTimeAsFileTime
SetErrorMode
WritePrivateProfileStringA
GetFileAttributesA
CreateFileA
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcpynA
GetProcAddress
GetModuleHandleA
lstrcmpW
lstrcatA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
InterlockedIncrement
RaiseException
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
FreeLibrary
GlobalFlags
GlobalFree
FormatMessageA
LocalFree
WaitForSingleObject
CloseHandle
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetLastError
GetModuleFileNameA
InterlockedDecrement
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMessageA
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MoveWindow
SetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
AdjustWindowRectEx
DeferWindowPos
RegisterClassA
UnregisterClassA
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
RegisterWindowMessageA
wsprintfA
LoadMenuA
DestroyMenu
GetSysColor
SetWindowPos
WinHelpA
SetFocus
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetKeyState
GetDlgCtrlID
GetMenu
UnpackDDElParam
ReuseDDElParam
GetClassInfoA
PeekMessageA
GetCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
InsertMenuItemA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
PostMessageA
SetMenu
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
EnableWindow
TranslateAcceleratorA
GetSysColorBrush
GetMenuItemInfoA
InflateRect
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SetRect
EnumWindows
GetWindowDC
ReleaseDC
GetDC
MessageBoxA
LoadIconA
SendMessageA
UpdateWindow
GetWindowTextA
GetClassNameA
ReleaseCapture
GetCursorPos
PtInRect
DestroyCursor
LoadCursorA
SetCapture
KillTimer
SetTimer
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
IsZoomed
IsIconic
SetCursor
GetSystemMetrics

gdi32

BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

select
gethostbyname
htonl
htons
inet_addr
bind
WSASetLastError
socket
sendto
accept
closesocket
WSACleanup
WSAStartup
WSAAsyncSelect
send
recv
WSACancelAsyncRequest
inet_ntoa
WSAAsyncGetHostByName
shutdown
WSAGetLastError
connect
recvfrom

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51a13994fc87951619d29383bbea8f31

Headers

File Characteristics

Imports

ddraw

winmm

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 16KB - Virtual size: 1.4MB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 16KB - Virtual size: 1.4MB

.rsrc
Size: 24KB - Virtual size: 20KB