2024-04-17_13dff02732efba436707e04eb27bdfef_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-17_13dff02732efba436707e04eb27bdfef_icedid
Size

688KB
MD5

13dff02732efba436707e04eb27bdfef
SHA1

e7a64cfec79768097bc5f02aa529f6502bb1174e
SHA256

cf39c0b410d51ea3daa1fff4bf8995017c9b4dd6dcbab904a82efa55784f1471
SHA512

73f2cdcc15d7dda871a770302a452bd0014f2073d92c2d71c6d216443270fa05d5d677a6dbb84532773725da42b89fdba264f501d6703a2015974680fd87b74b
SSDEEP

12288:E6cqZC5+3Pi1PH9o5Smw2TWdOO6VhDIoiEttWJMZl2tA0N:E/eC59s02TbDI7EtIJMGA0N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-17_13dff02732efba436707e04eb27bdfef_icedid

Files

2024-04-17_13dff02732efba436707e04eb27bdfef_icedid
.exe windows:5 windows x86 arch:x86

f41675334ef2509a4aa96058faa84499

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
RtlUnwind
RaiseException
HeapSize
VirtualAlloc
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetModuleHandleW
GetFileTime
GetFileSizeEx
GetFileAttributesA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
InterlockedIncrement
FormatMessageA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalFlags
GlobalFree
GlobalUnlock
InterlockedDecrement
GetModuleFileNameW
WritePrivateProfileStringA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
MultiByteToWideChar
FindFirstFileA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
SetErrorMode
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
WideCharToMultiByte
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetProcAddress
SetFileAttributesA
Sleep
CloseHandle
WaitForSingleObject
CreateProcessA
GetStdHandle
GetCurrentDirectoryA
GetLastError
GetTickCount
GetModuleHandleA
CreateFileW

datalibrary

DLSetTypeDefTypeName
DLSetTypeDefType
DLSetTypeDefAlignment
DLSetTypeDefSize
DLCreateTypeDef
DLSetSapEnumDefKey
DLSetMessageEnumDefKey
DLSetModuleEnumDefKey
DLDeleteEnumDef
DLAddEnumDef
DLAddEnumDefPair
DLCreateEnumDef
DLClearEnumDefPair
DLDeleteEnumDefPairTrav
DLGetEnumDefNextPairTrav
DLGetEnumDefPairValue
DLCreateEnumDefFirstPairTrav
DLGetEnumDef
DLSetTargetTypeInfo
DLUnloadDBHandle
DLLoadDBFromFile
DLCreateModuleFilter
DLSetModuleFilterClassFilterSwitch
DLSetModuleFilterName
DLSetModuleFilterId
DLSetModuleFilterSwitch
DLAddModuleFilter
DLDeleteModuleFilter
DLRemoveModuleFilter
DLClearSapFilter
DLCreateSapFilter
DLSetSapFilterName
DLSetSapFilterId
DLSetSapFilterLevel
DLAddSapFilter
DLGetEnumDefPairCount
DLSetModuleFilterClassFilterName
DLCreateEnumAllDefFirstPairTrav
DLGetEnumAllDefPairValue
DLGetEnumAllDefNextPairTrav
DLDeleteEnumAllDefPairTrav
DLRemoveEnumDefPair
DLClearTypeDefArrayDef
DLSetTypeDefVariableName
DLGetTypedefDefFinalTypeDef
DLGetTypeDefSize
DLGetTypeDefAlignment
DLAddMessageTypeDef
DLCreateFirstEnumDefTrav
DLGetEnumDefTravValue
DLGetNextEnumDefTrav
DLDeleteEnumDefTrav
DLGetEnumDefSize
DLGetEnumDefAlignment
DLAddEnumAllDefPair
DLRemoveEnumDef
DLSetEnumDefSize
DLSetEnumDefAlignment
DLSetEnumDefTypeDef
DLRemoveTypedefDef
DLGetEnumDefEnumValue
DLGetStructDef
DLGetL1TraceModuleDefCount
DLGetL1TraceModuleDef
DLGetL1TraceModuleName
DLCreateL1TraceModuleDef
DLReinitL1TraceModuleDef
DLAddL1TraceModuleDef
DLGetL1TraceModuleTraceMessageDefCount
DLClearL1Filter
DLCreateL1Filter
DLSetL1FilterModuleName
DLSetL1FilterModuleId
DLGetL1TraceModuleClassFilterBitmask
DLSetL1FilterSwitch
DLClearL1TraceClassFilter
DLGetL1TraceModuleClassCount
DLCreateL1TraceClassFilter
DLSetL1TraceClassFilterName
DLGetL1TraceModuleClass
DLSetL1TraceClassFilterId
DLSetL1TraceClassFilterSwitch
DLAddL1TraceClassFilter
DLDeleteL1TraceClassFilter
DLAddL1Filter
DLDeleteL1Filter
DLGetL1TraceModuleTraceMessageDef
DLAddTypedefDef
DLGetL1TraceMessageDefParameter
DLSetTraceDefAllParameterSize
DLAddTraceDefTraceParameter
DLAddL1TraceMessageDefParameter
DLSetL1TraceMessageDefTraceText
DLSetL1TraceMessageDefAllParameterSize
DLGetL1TraceMessageDefAllParameterSize
g_dbType
DLDeleteTypeDef
DLGetTypedefDef
DLGetTypeDefTypeName
DLSetTypeDefOffset
DLSetGlobalVariableDefModuleId
DLGetL1TraceMessageDefName
DLCreateL1VDef
DLGetL1VDefCount
DLGetL1VDef
DLGetL1VUIName
DLSetL1VUIName
DLCreateFirstTraceDefTrav
DLGetTraceDefTravValue
DLGetTraceDefName
DLGetTraceDefTraceIndex
DLDeleteTraceDefTrav
DLGetTraceDefModuleId
DLGetTraceDefTraceParameterCount
DLGetTraceDefTraceParameter
DLGetNextTraceDefTrav
DLCreateFirstStructDefTrav
DLGetStructDefTravValue
DLGetStructDefName
DLSetStructDefName
DLSetStructDefTravProperty
DLCreateStructDefFirstMemberTrav
DLGetStructDefMemberTravValue
DLGetStructDefNextMemberTrav
DLDeleteStructDefMemberTrav
DLGetNextStructDefTrav
DLDeleteStructDefTrav
DLSetEnumDefTravProperty
DLCreateFirstTypeDefTrav
DLGetTypeDefTravValue
DLGetTypeDefType
DLGetNextTypeDefTrav
DLDeleteTypeDefTrav
DLGetTargetTypeInfo
DLMergeStructEnumTypeDef
DLClearMessageTypeDef
DLMergeNvramDB
DLGetNvramDB
DLGetEnumAllDefEnumValue
DLReplaceEnumDefPair
DLClearEnumAllDefPair
DLSetEnumAllDefPair
DLGetEnumDefTypeDef
DLCreateFirstModuleFilterTrav
DLGetModuleFilterTravValue
DLGetModuleFilterName
DLGetModuleFilterId
DLDeleteModuleFilterTrav
DLGetNextModuleFilterTrav
DLGetModuleFilter
DLCreateFirstSapFilterTrav
DLGetSapFilterTravValue
DLGetSapFilterName
DLGetSapFilterId
DLDeleteSapFilterTrav
DLGetNextSapFilterTrav
DLGetL1FilterCount
DLGetL1Filter
DLGetL1TraceClassFilterCount
DLGetL1TraceClassFilter
DLGetL1TraceClassFilterName
DLGetL1FilterModuleName
DLGetStructDefSize
DLGetL1TraceModuleType
DLGetL1TraceMessageDefParameterCount
DLGetL1StringTableCategoryStringCount
DLGetL1StringTableCategoryName
DLGetL1TraceModuleStringTableCategory
DLGetL1TraceModuleStringTableCategoryCount
DLSetL1TraceMessageDefComment
DLSetL1StringTableCategoryStringCount
DLSetL1StringTableCategoryName
DLAddL1StringTableCategoryDef
DLAddL1TraceModuleStringTableEntry
DLDeleteL1TraceMessageDef
DLSetL1TraceMessageDefClass
DLSetL1TraceMessageDefName
DLGetL1TraceMessageDefComment
DLAddL1TraceModuleClass
DLSetL1TraceModuleName
DLSetL1TraceMessageDefType
DLSetL1TraceModuleType
DLGetL1TraceMessageDefClass
DLSetL1TraceModuleClassFilterBitmask
DLCreateL1StringTableCategoryDef
DLCreateL1TraceMessageDef
DLAddL1TraceModuleTraceMessageDef
DLGetL1TraceModuleStringTableCount
DLGetStructDefPointerCount
DLSetStructDefPointerCount
DLDBExtControl
DLClearTypedefDef
DLReinitEnumDef
DLClearEnumDef
DLDeleteStructDef
DLAddStructDef
DLSetStructDefAlignment
DLSetStructDefSize
DLSetStructDefType
DLAddStructDefMemberDef
DLReinitTypeDef
DLReinitStructDef
DLCreateStructDef
DLGetStructDefMemberDefCount
DLAddStructDefSpecialField
DLAddUnionFieldTagValue
DLAddUnionTagName
DLGetTraceDefAllParameterSize
DLSetTraceDefTraceIndex
DLCreateTraceDef
DLSetTraceDefModuleId
DLReinitTraceDef
DLRemoveTraceDef
DLGetTraceDef
DLSetTraceDefName
DLAddTraceDef
DLSetTraceDefTraceText
DLSetNvramDB
DLSetTypeDefDescription
DLAddL1VDef
DLCreateL1VParamterEntryDef
DLSetL1VParameterType
DLGetStructDefMemberDef
DLDeleteL1VParamterEntryDef
DLSetL1VParameterEntryValueDef
DLGetL1VParameterEntryCount
DLSetL1VModuleId
DLSetL1VModuleName
DLGetL1VParameterMemberName
DLReinitL1VDef
DLSetL1VMessageId
DLSetL1VParameterMemberName
DLGetMessageTypeDef
DLSetL1VMessageName
DLAddL1VParameterDef
DLReinitL1VParamterDef
DLGetL1VMessageId
DLSetL1VParameterEntryOptionDef
DLCreateL1VParamterDef
DLAddL1VParameterEntry
DLSetL1VParameterUIName
DLGetL1VParameterDefaultValue
DLSetL1VParameterDefaultValue
DLAddTypeDefArrayDef
DLAddGlobalVariableDefPointToPointerOffsetInfo
DLSetGlobalVariableDefDataTypeDef
DLGetStructDefType
DLSetGlobalVariableDefId
DLGetGlobalVariableDefPointerToPointerCount
DLGetGlobalVariableDefPointerToPointerOffsetInfo
DLGetGlobalVariableDefTypeDef
DLSetGlobalVariableDefOffset
DLSetGlobalVariableDefSize
DLAddGlobalVariableDef
DLSetGlobalVariableDefType
DLGetGlobalVariableDef
DLGetGlobalVariableDefType
DLClearModuleFilter
DLSetGlobalVariableDefName
DLClearGlobalVariableDefPointToPointerOffsetInfo
DLGetGlobalVariableDefOffset
DLGetGlobalVariableDefSize
DLCreateGlobalVariableDef
DLDeleteGlobalVariableDef
DLCopyTypeDef
DLRemoveTypeDefArrayFirstDim
DLGetTypeDefArrayDimDef
DLGetTypeDefOffset
DLGetTypeDefArrayDimSize
DLSaveDBFileByFileStream
DLLoadDBFromFileStream
DLGetTypeDefVariableName

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

user32

ValidateRect
GetSystemMetrics
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
GetActiveWindow
PostMessageA
PostQuitMessage
GetCursorPos
CharUpperA
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
SetWindowsHookExA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongA
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetMenuItemCount
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
DeleteObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 538KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f41675334ef2509a4aa96058faa84499

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

datalibrary

shlwapi

user32

gdi32

winspool.drv

comdlg32

advapi32

oleaut32

Sections

.text Size: 538KB - Virtual size: 537KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 31KB - Virtual size: 141KB

.rsrc Size: 512B - Virtual size: 35KB

.text
Size: 538KB - Virtual size: 537KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 31KB - Virtual size: 141KB

.rsrc
Size: 512B - Virtual size: 35KB