2024-04-16_b1ee6fa5763a959f42a40713db160531_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-16_b1ee6fa5763a959f42a40713db160531_icedid
Size

4.6MB
MD5

b1ee6fa5763a959f42a40713db160531
SHA1

e7b7eb3a56ef762c78e9adf603cdd18ae3a044b2
SHA256

b8b86269f6358c1e4cc288193737e66924d1efdfd0b2ef5e6a731812d11ca921
SHA512

e8edf5478aef2b6b2b29e8038a9989cf3b382b16c6f4ec1099aef9d0d92535d4638b9084a44ee833a946ffce7b0636b10a4b359ea099477c0ed0f8c7348cf9d2
SSDEEP

98304:RBEyVzKRnrjYu0UNRNnpJN1s53PymQTxMH98wVK:RBYdn7of5KxMH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-16_b1ee6fa5763a959f42a40713db160531_icedid

Files

2024-04-16_b1ee6fa5763a959f42a40713db160531_icedid
.exe windows:5 windows x86 arch:x86

c5b3b434bd28120082f2b6fb160774e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\工作\苏州\电梯上位机\NEMS\NEMS V2.2 标准版本\16.5.27_NEMS_3000NEW\NEMS V2.2 M\Release\NEMS.pdb

Imports

kernel32

GetConsoleMode
SetEnvironmentVariableA
IsProcessorFeaturePresent
LCMapStringW
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
InterlockedIncrement
VirtualQuery
VirtualAlloc
HeapSize
HeapQueryInformation
ExitProcess
CreateThread
ExitThread
RaiseException
RtlUnwind
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
lstrcpyW
GetCurrentDirectoryW
GlobalFlags
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalGetAtomNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
SetThreadPriority
lstrcmpA
FileTimeToSystemTime
lstrlenA
ReleaseActCtx
CreateActCtxW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileW
lstrcmpiW
GetThreadLocale
GetCurrentProcessId
GlobalFree
CopyFileW
GlobalSize
WriteFile
GetOverlappedResult
ReadFile
ClearCommError
CloseHandle
CreateFileW
PurgeComm
SetupComm
SetCommState
GetCommState
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemInfo
GetVersionExW
SetEvent
WaitForSingleObject
CreateEventW
ResetEvent
FreeLibrary
ResumeThread
Sleep
SuspendThread
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
GetLastError
TerminateProcess
GetExitCodeProcess
OpenProcess
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetTickCount
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileW
GetFileAttributesExW
LocalAlloc
lstrlenW
FormatMessageW
LocalFree
InterlockedDecrement
WriteConsoleW

user32

IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
OpenClipboard
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawEdge
SetClassLongW
DestroyAcceleratorTable
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
DrawIconEx
CopyImage
NotifyWinEvent
EnableScrollBar
HideCaret
InvertRect
GetAsyncKeyState
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
SetCapture
UnregisterClassW
RealChildWindowFromPoint
GetSysColorBrush
CharNextW
SystemParametersInfoW
GetMenuItemInfoW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
CreateDialogIndirectParamW
EndDialog
IntersectRect
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
GetCursorPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
IsDialogMessageW
PostThreadMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
MessageBoxExW
EnableWindow
DestroyCursor
DestroyMenu
DestroyIcon
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
GetWindow
CharUpperW
GetLastActivePopup
IsWindowEnabled
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
GetUpdateRect
GetWindowRgn
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetFocus
KillTimer
PeekMessageW
SetFocus
SetTimer
DrawIcon
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
GetWindowLongW
SendMessageW
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageW
CopyRect
InflateRect
DrawFocusRect
GetClientRect
OffsetRect
DrawStateW
FillRect
GetSysColor
GetIconInfo
GetDC
ReleaseDC
LoadImageW
LoadMenuW
FrameRect
LoadCursorW
SetWindowRgn
SetWindowLongW
UpdateWindow
FindWindowW
GetWindowThreadProcessId
IsWindow
GetWindowDC
GetSystemMetrics
DrawFrameControl
DrawTextW
PtInRect
MsgWaitForMultipleObjects
MessageBoxW
LoadIconW
GetSystemMenu
AppendMenuW
LoadBitmapW
SetWindowTextW
SetParent
IsIconic
SetClipboardData

gdi32

CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextExtentPoint32W
GetBkColor
GetTextColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
OffsetRgn
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
CreateRectRgn
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
Rectangle
DeleteObject
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
StretchBlt
CreateRoundRectRgn
GetTextMetricsW
PatBlt
FillRgn
CreatePolyPolygonRgn
CreateSolidBrush
CreateFontIndirectW
CreatePen
SetPixel
GetPixel
GetObjectW
DeleteDC
SetTextColor
SetBkColor
SelectObject
CreateBitmap
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetViewportExtEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegEnumKeyExW
RegQueryValueW

shell32

DragFinish
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
ShellExecuteW
ShellExecuteExW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW

ole32

OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateGuid
DoDragDrop
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateStreamOnHGlobal
OleRun
CoCreateInstance
CoInitialize
CoRevokeClassObject
CoRegisterMessageFilter
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
SysStringLen
VariantInit
VariantCopy
VariantChangeType
OleLoadPicture
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SysFreeString
SafeArrayPutElement
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

oledlg

OleUIBusyW

winmm

PlaySoundW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5b3b434bd28120082f2b6fb160774e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

winmm

oleacc

gdiplus

imm32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 365KB - Virtual size: 364KB

.data Size: 26KB - Virtual size: 61KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 365KB - Virtual size: 364KB

.data
Size: 26KB - Virtual size: 61KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.zero
Size: 4KB - Virtual size: 3KB