2024-04-18_8d4d6e8ca934cee8012465da15efe7e5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_8d4d6e8ca934cee8012465da15efe7e5_icedid
Size

1.7MB
MD5

8d4d6e8ca934cee8012465da15efe7e5
SHA1

c0355e7bd695628fff9c8301b4642971824c7881
SHA256

a4ed6c17212662ec1130bd1df1be268082abb976ab9d6afcf23aac81ec5f4897
SHA512

a236f5e962e6da6a22e4e8f608b0fcf8bb60a9b35e61b22a58f9309f600ca7a0b82916d4e018fc9ab7c967788f510879b3ecfe3dbcfab77c84857ad9f5bec753
SSDEEP

12288:BmlaPMY/8yh1FKerWEZB0fDWG2w/gON7XOUu3HFbRexOp63TKOKohHTms7K3b12i:BmI0Ykyh1U4Z+fDokgON7DeH/eMwTR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_8d4d6e8ca934cee8012465da15efe7e5_icedid

Files

2024-04-18_8d4d6e8ca934cee8012465da15efe7e5_icedid
.exe windows:4 windows x86 arch:x86

1b4d9f07f916f78a0c272841698d3cd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSCInstallProvider
WSCGetProviderPath
WSCDeinstallProvider
gethostbyname
WSAGetLastError
WSAStartup
WSCEnumProtocols
WSCUnInstallNameSpace
WSAEnumNameSpaceProvidersA

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetCanonicalizeUrlA
InternetQueryOptionA
HttpQueryInfoA
InternetGetConnectedState
InternetGetCookieA
InternetCrackUrlA
InternetOpenUrlA

rpcrt4

UuidCreate

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FlushFileBuffers
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetFileTime
GetPrivateProfileIntA
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
GetCurrentDirectoryA
SetErrorMode
GlobalHandle
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
RemoveDirectoryA
GetTimeFormatA
GetDateFormatA
ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
HeapReAlloc
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeA
IsBadCodePtr
GetLocaleInfoW
SetEnvironmentVariableA
GlobalReAlloc
InterlockedIncrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
ReleaseMutex
CreateMutexA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventA
SuspendThread
SetThreadPriority
VirtualProtect
InterlockedDecrement
SetLastError
MulDiv
GlobalAlloc
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
TerminateProcess
CompareStringW
CompareStringA
lstrlenW
GetVersion
MoveFileExA
SetFileAttributesA
CreateDirectoryA
TerminateThread
GetCommandLineA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetCurrentProcessId
WaitForMultipleObjects
IsBadReadPtr
CreateFileMappingA
MapViewOfFile
lstrcpynA
ResetEvent
ResumeThread
OpenProcess
UnmapViewOfFile
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
GetCurrentProcess
OpenMutexA
GetTickCount
LocalFree
LocalAlloc
Sleep
SetCurrentDirectoryA
GetModuleFileNameA
GetShortPathNameA
CreateProcessA
WaitForSingleObject
WritePrivateProfileStringA
OpenEventA
SetEvent
GetExitCodeProcess
MultiByteToWideChar
GetModuleHandleA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageA
lstrcpyA
GetFileSize
ReadFile
DeleteFileA
MoveFileA
GetFileAttributesA
CopyFileA
CreateFileA
SetFilePointer
LockFile
WriteFile
UnlockFile
CloseHandle
lstrcmpiA
GetLastError
lstrlenA
GetCurrentThreadId
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
RtlUnwind

user32

GetAsyncKeyState
DestroyMenu
wsprintfA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
DefWindowProcA
SetWindowPos
GetWindowPlacement
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharUpperBuffA
DestroyCursor
RegisterClipboardFormatA
GetMessageA
DrawFrameControl
SetActiveWindow
BringWindowToTop
IsIconic
DrawIcon
EnumThreadWindows
ReleaseCapture
RegisterWindowMessageA
GetSystemMetrics
CreateWindowExA
DestroyWindow
KillTimer
SetTimer
ModifyMenuA
InsertMenuA
GetMenuItemID
EnableMenuItem
FillRect
LoadBitmapA
ExitWindowsEx
CharNextA
IsWindow
IntersectRect
GetWindowLongA
GetDesktopWindow
GetSystemMenu
LoadMenuA
GetSubMenu
IsWindowVisible
TranslateMessage
GetWindow
UpdateWindow
GetDlgCtrlID
GetActiveWindow
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
PostQuitMessage
GetCursorPos
ValidateRect
InvalidateRect
ScreenToClient
PostMessageA
DrawIconEx
EnumWindows
FindWindowA
GetClassNameA
GetWindowTextA
MessageBoxA
DrawTextA
GetClientRect
UnionRect
InflateRect
SetRectEmpty
GetMenuStringA
GetMenuItemInfoA
GetSysColor
SystemParametersInfoA
LoadImageA
ReleaseDC
GetDC
GetMenuItemCount
AppendMenuA
GetSysColorBrush
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetMenu
TranslateAcceleratorA
ShowOwnedPopups
SetWindowContextHelpId
DeleteMenu
CreateMenu
OffsetRect
CopyRect
DrawStateA
IsCharAlphaNumericA
IsCharAlphaA
GetClassInfoA
RegisterClassA
CallWindowProcA
PostThreadMessageA
DestroyIcon
MessageBeep
SetWindowLongA
LoadIconA
SetForegroundWindow
GetParent
UnregisterClassA
GetNextDlgGroupItem
SetCapture
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharUpperA
WindowFromPoint
SetCursor
LoadCursorA
EnableWindow
GetWindowRect
SendMessageA
MapDialogRect
PtInRect
WinHelpA

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetRgnBox
EnumFontFamiliesExA
SetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreatePatternBrush
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetTextAlign
MoveToEx
LineTo
SetBrushOrgEx
CreateFontA
GetStockObject
GetPixel
DeleteObject
BitBlt
ExtTextOutA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
Rectangle
GetTextColor
GetBkMode
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush
CreatePen
SelectObject
DeleteDC
GetTextAlign
SetPixel
StretchBlt

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
GetUserNameA
RegSetValueExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegQueryValueA
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupAccountSidA

shell32

DragFinish
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA
SHGetSpecialFolderPathA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon
ord17
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_GetImageInfo

shlwapi

PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoInitialize
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
VariantInit
SysAllocStringByteLen
DispCallFunc
VariantChangeType
SystemTimeToVariantTime
SafeArrayDestroy

Sections

.text
Size: 580KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b4d9f07f916f78a0c272841698d3cd6

Headers

File Characteristics

Imports

ws2_32

wininet

rpcrt4

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 580KB - Virtual size: 576KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 16KB - Virtual size: 101KB

.rsrc Size: 1008KB - Virtual size: 1007KB

.text
Size: 580KB - Virtual size: 576KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 16KB - Virtual size: 101KB

.rsrc
Size: 1008KB - Virtual size: 1007KB