2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid
Size

4.0MB
MD5

d5bfe20d5faf0e1fd21352cd5c301705
SHA1

f70675c9e3449931763e02473859e81f5dfa42a4
SHA256

990c0d4c483f48ab674323f2af077520ec1e2d572eff6aa6cf683788fda462d4
SHA512

ffd08c9027134f5cd3f025a283a76b812ae4f9079d77e563a21cb3338a4b19a18a9e92b9d0b198852962fa5eb648a081eb01c3205acb8c1e6e363d07aead7aa8
SSDEEP

12288:p1V5z4orgIEI2Q/Q1PoZx+BC+ZbXIrW0iI:pJzLEIR3H+uW0iI

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid

Files

2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid
.exe windows:4 windows x86 arch:x86

835677e04e17d195939dcdd26fb3a87a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TLBB\TLBB_RTM359_JD\Prj\GameCode\ClientLib\Bin\Release\TLBBIE.pdb

Imports

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
TerminateProcess
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
VirtualProtect
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
InterlockedExchange
HeapFree
HeapAlloc
RtlUnwind
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetTickCount
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcatA
lstrcmpW
GetProcAddress
CreateThread
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleFileNameA
Sleep
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
FreeEnvironmentStringsA

user32

RegisterClipboardFormatA
MessageBeep
SetCapture
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
LoadCursorA
GetSysColorBrush
DestroyMenu
wsprintfA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
SetCursor
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
EnableWindow
CharUpperA
SendMessageA
MessageBoxW
GetDesktopWindow
PtInRect
SetWindowPos
GetWindowLongA
LoadBitmapA
DrawIcon
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostThreadMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
ScreenToClient
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
RegisterWindowMessageA
PostMessageA
IsIconic
SetWindowRgn
GetWindowRect
GetClientRect
GetDC
ReleaseDC
LoadIconA
GetParent
GetSystemMetrics
UnregisterClassA
CharNextA
ReleaseCapture
GetCapture
DrawEdge
InvalidateRect
GetSysColor
WindowFromPoint
ClientToScreen
GetNextDlgGroupItem
OffsetRect
DrawFocusRect
GetCursorPos
GetWindow
CopyRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
SetWindowLongA
CallWindowProcA
DefWindowProcA

gdi32

CreateRectRgnIndirect
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetRgnBox
CreateRectRgn
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
SelectClipRgn
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectA
GetPixel
BitBlt
CreateCompatibleDC
CombineRgn
GetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr
VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

835677e04e17d195939dcdd26fb3a87a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.vmp0 Size: 72KB - Virtual size: 72KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.vmp0
Size: 72KB - Virtual size: 72KB