2024-04-18_6b33e5963a0e530f4965bf0d25c697d2_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_6b33e5963a0e530f4965bf0d25c697d2_icedid
Size

728KB
MD5

6b33e5963a0e530f4965bf0d25c697d2
SHA1

c99ea3df2ff8d49d3da21b9efb911ee8f0b5c8bd
SHA256

c58491256274b5267059c42ee631b495ef587514c78a9d66eddd9e965c07bc55
SHA512

7773b006fb69d79a7140a22f9c7e39fb4e05e5e7cf37c1780c725e964353204a5e6c710bd4a74fb8f6e2a02e57a896ff63bb11457b201126896832d71bb1bbd8
SSDEEP

12288:2dXABIq4vv7/Ezwo4c3rLy7rpBXj9wDbQqvkDJhkMTZp7Q9JUtEPH:2Eac7Lyjz9wgqk6MTQ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_6b33e5963a0e530f4965bf0d25c697d2_icedid

Files

2024-04-18_6b33e5963a0e530f4965bf0d25c697d2_icedid
.exe windows:4 windows x86 arch:x86

85ec6540f626b1b624580a66aa0b9eea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\2\Gunz 1.5 (Clean)\Clean source\MatchAgent\Runtime\MatchAgent.pdb

Imports

kernel32

LocalFileTimeToFileTime
lstrcpynW
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
FileTimeToLocalFileTime
QueryPerformanceCounter
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetShortPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
InterlockedExchange
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
GlobalFlags
GlobalReAlloc
InterlockedIncrement
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
WritePrivateProfileStringA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcmpA
SetErrorMode
lstrcpyA
RaiseException
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
GlobalFree
CopyFileA
MulDiv
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrcpynA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesA
SetFileTime
ReadFile
OpenProcess
InterlockedDecrement
GetCurrentDirectoryA
GlobalMemoryStatusEx
lstrcatA
CreateFileA
GetCurrentProcessId
GetCurrentProcess
GlobalLock
GlobalUnlock
WaitForSingleObject
SystemTimeToFileTime
FileTimeToSystemTime
ExitThread
GetCurrentThreadId
GetPrivateProfileStringA
GetPrivateProfileIntA
SetUnhandledExceptionFilter
GetLocalTime
GetSystemInfo
ResetEvent
CreateThread
GetQueuedCompletionStatus
SetEvent
GetModuleFileNameA
TerminateProcess
CreateIoCompletionPort
PostQueuedCompletionStatus
WaitForMultipleObjects
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
ReleaseMutex
CreateMutexA
CloseHandle
Sleep
CreateDirectoryA
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadWritePtr

user32

BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CountClipboardFormats
IsClipboardFormatAvailable
SetCapture
ClientToScreen
MessageBeep
FillRect
LoadCursorA
DestroyCursor
SetRect
GetMenuItemInfoA
InflateRect
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetParent
DeleteMenu
IsRectEmpty
IsZoomed
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
EndPaint
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetWindowTextA
CharUpperA
SendMessageA
EnableWindow
GetSysColorBrush
KillTimer
WindowFromPoint
GetDCEx
LockWindowUpdate
GetWindowRect
SetTimer
PeekMessageA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
DestroyIcon
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageA
FindWindowA
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
UnregisterClassA
DefWindowProcA
DrawIcon
SetWindowRgn
GetTabbedTextExtentA
SendNotifyMessageA
GetKeyState
UpdateWindow
EnableMenuItem
GetSystemMenu
wsprintfA
MessageBoxA
DefFrameProcA
GetMenu
DefMDIChildProcA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetParent
DrawMenuBar
GetActiveWindow
BringWindowToTop
CreateWindowExA
TranslateMDISysAccel
TranslateAcceleratorA
IsWindow
SetWindowLongA
GetWindowLongA
GetClientRect
SetWindowPos
RedrawWindow
AdjustWindowRectEx
RemoveMenu
CreateMenu
InsertMenuA
AppendMenuA
GetMenuStringA
GetMenuState
IsWindowEnabled
GetWindow
GetDesktopWindow
ShowWindow
SetMenu
PostMessageA
GetLastActivePopup
CopyRect
SetRectEmpty
OffsetRect
IntersectRect
CreatePopupMenu
InsertMenuItemA
IsIconic
InvalidateRect
IsWindowVisible
SetActiveWindow
LoadAcceleratorsA
ReleaseCapture
GetCapture
SetCursor
GetClassInfoA
LoadIconA
ReuseDDElParam
UnpackDDElParam
GetDlgCtrlID
GetDlgItem
EqualRect
GetFocus
SetFocus
WinHelpA
GetSysColor
GetClassNameA
DestroyMenu
LoadMenuA
RegisterWindowMessageA
PtInRect
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
CallWindowProcA

gdi32

GetWindowOrgEx
GetTextFaceA
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
Ellipse
LPtoDP
CreateEllipticRgn
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CombineRgn
SetRectRgn
CreateSolidBrush
CreateFontA
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
ScaleWindowExtEx
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
GetStockObject
Rectangle
DPtoLP
GetViewportOrgEx
CreatePen
ExtTextOutA
BitBlt
CreateFontIndirectA
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateCompatibleBitmap
CreateCompatibleDC
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
CreateRectRgnIndirect
PatBlt
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
StretchDIBits
DeleteObject
GetCharWidthA

comdlg32

FindTextA
ReplaceTextA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
PrintDlgA
CommDlgExtendedError

winspool.drv

GetJobA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegQueryValueExA

shell32

DragFinish
SHGetFileInfoA
ExtractIconA
DragAcceptFiles
DragQueryFileA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy
ord17

shlwapi

PathFileExistsA
PathIsDirectoryA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord4
ord11
ord8
ord3

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateFileMoniker
OleSave
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleSetMenuDescriptor
OleCreateLinkToFile
OleCreate
OleLoad
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
GetHGlobalFromILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoUninitialize
CoCreateInstance
OleRun
CoInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleGetClipboard
OleDestroyMenuDescriptor
CLSIDFromString

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
SysStringLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SystemTimeToVariantTime
SysFreeString
GetErrorInfo

winmm

timeGetTime

ws2_32

WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent
recvfrom
sendto
socket
WSAStartup
connect
closesocket
WSARecv
WSASend
gethostbyname
htons
htonl
bind
listen
WSASocketA
WSAGetLastError
setsockopt
inet_ntoa
ntohs
inet_addr
WSACleanup
shutdown

dbghelp

MiniDumpWriteDump

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

mswsock

GetAcceptExSockaddrs
AcceptEx
TransmitFile

Sections

.text
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85ec6540f626b1b624580a66aa0b9eea

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

ws2_32

dbghelp

psapi

mswsock

Sections

.text Size: 520KB - Virtual size: 516KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 20KB - Virtual size: 2.6MB

.rsrc Size: 48KB - Virtual size: 46KB

.text
Size: 520KB - Virtual size: 516KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 20KB - Virtual size: 2.6MB

.rsrc
Size: 48KB - Virtual size: 46KB