2024-04-16_c0f79cf0e7726dd0b6fa3889eca9ec81_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_c0f79cf0e7726dd0b6fa3889eca9ec81_icedid
Size

9.3MB
MD5

c0f79cf0e7726dd0b6fa3889eca9ec81
SHA1

939169c2a30ba14eb6c419413f822a01920f6471
SHA256

880d14c7cc262a2c67b04519f6edd05ddfb41deb1cfc66fda1a50a095b0e8e40
SHA512

6c361dd73a8c91e3175366a15d40bf3d8f7c9cc3acbe130b13abd1b09c1dc0913d1a57b56bd193df97db8a099b039daf26a262e539ae6bf202ceb2359a73496f
SSDEEP

196608:2t2Q1kQLOJv6JeP6TMjVUQtvs1GThccKzLpgtHyvWE:aXkzF6JeP+cmG1KheHyv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_c0f79cf0e7726dd0b6fa3889eca9ec81_icedid

Files

2024-04-16_c0f79cf0e7726dd0b6fa3889eca9ec81_icedid
.exe windows:4 windows x86 arch:x86

35f45fa69f7700ea14d5a7ad46f92e3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\AFPSetup\AFPClient再打包程序\Release\AFPCLIENT.pdb

Imports

kernel32

GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetErrorMode
lstrlenA
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
MoveFileW
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
SetLastError
GlobalAddAtomW
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringW
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
WideCharToMultiByte
WriteFile
LockResource
CreateDirectoryW
GetSystemDirectoryW
ExitProcess
DeleteFileW
CreateProcessW
GetStartupInfoW
CreateEventW
GetLastError
TerminateProcess
GetCurrentProcess
CreateFileW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
lstrlenW
WaitForSingleObject
CloseHandle
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime

user32

LoadCursorW
ShowWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
UnregisterClassW
GetSysColorBrush
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
PostMessageW
EnableWindow
DrawIcon
GetClientRect
SendMessageW
IsIconic
AppendMenuW
GetSystemMenu
LoadIconW
GetSystemMetrics
SetForegroundWindow
UnregisterClassA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueW

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35f45fa69f7700ea14d5a7ad46f92e3c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 9.1MB - Virtual size: 9.1MB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 9.1MB - Virtual size: 9.1MB