2024-04-18_eb2f5b8691fb82f43bdbc6295c1c6352_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-18_eb2f5b8691fb82f43bdbc6295c1c6352_icedid
Size

1.5MB
MD5

eb2f5b8691fb82f43bdbc6295c1c6352
SHA1

10674005b9574f96c60ec47e715f32afe83e51f3
SHA256

de6a8a0cf65d3ec78dcc0c77b4514782266619065e856bf99acf77b82fd16eee
SHA512

dd971ab6a8d0b9f165f7e64569617075135a7f4a033b62dd7c37305fe7325fe917bdb2b8b2de0f676569072edb504f31d27de919745460a7ca6095ac69b35749
SSDEEP

24576:umpA/xnn2X/4hbsBecmVK2MtENvLuqnFo04RJ:uwAhn2X/4hbsBTmVK2MtENDn+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_eb2f5b8691fb82f43bdbc6295c1c6352_icedid

Files

2024-04-18_eb2f5b8691fb82f43bdbc6295c1c6352_icedid
.exe windows:5 windows x86 arch:x86

5b02d930e340e0ac871ec494d50401a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CB\ARM_Main\BuildResults\bin\Win32\Release\AdobeARM.pdb

Imports

msi

ord119
ord118
ord16
ord171
ord70
ord205
ord123
ord120
ord114
ord160
ord159
ord141
ord8
ord116
ord32
ord92
ord115
ord131
ord150
ord78
ord181
ord195
ord281
ord240
ord88

psapi

GetModuleFileNameExW
GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetErrorDlg
InternetSetOptionW
InternetCloseHandle
DeleteUrlCacheEntryW
InternetCrackUrlW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW

sensapi

IsNetworkAlive

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

kernel32

FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameW
GetModuleFileNameW
InterlockedExchange
CompareStringA
LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GlobalDeleteAtom
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetThreadPriority
ResumeThread
SuspendThread
GlobalAddAtomW
GetModuleHandleA
GetVersionExA
LoadLibraryA
CompareStringW
FreeResource
GetFileAttributesExW
GetFileSizeEx
GetFileTime
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalFlags
GetStartupInfoW
GetSystemTimeAsFileTime
SetEnvironmentVariableW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentDirectoryA
GetDriveTypeA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
InterlockedDecrement
GetCurrentProcessId
ProcessIdToSessionId
GlobalMemoryStatusEx
GetEnvironmentVariableW
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
GetVolumeInformationW
HeapFree
GetProcessHeap
HeapAlloc
OpenEventW
Module32NextW
Module32FirstW
Process32NextW
GetLongPathNameW
Process32FirstW
CreateToolhelp32Snapshot
FindResourceExW
lstrcmpA
lstrcmpW
LocalAlloc
GetExitCodeProcess
CreateProcessW
OpenMutexW
CreateMutexW
SystemTimeToFileTime
SetEndOfFile
RemoveDirectoryW
GetVersionExW
lstrlenA
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeLibrary
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
GetCurrentThread
GetCurrentProcess
GetLocalTime
MoveFileW
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
LocalFree
FormatMessageW
GetThreadLocale
GetModuleHandleW
VirtualAlloc
VirtualFree
GetTempPathW
WaitForSingleObject
OpenProcess
CopyFileW
GetProcAddress
GetACP
LoadLibraryW
lstrlenW
GetTickCount
CreateEventW
SetLastError
Sleep
SetEvent
GetThreadPriority
MultiByteToWideChar
CloseHandle
CreateFileW
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindClose
FindFirstFileW
DeleteFileW
SetFileAttributesW
SetFileTime
WriteFile
GetLastError
CreateDirectoryW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalFindAtomW

user32

GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextLengthW
SetFocus
ShowWindow
SetWindowLongW
GetDlgCtrlID
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperW
GetMenuState
GetMenuStringW
GetWindow
FindWindowW
ExitWindowsEx
RegisterWindowMessageW
EnumWindows
GetWindowTextW
IsWindowVisible
GetWindowThreadProcessId
FindWindowExW
SystemParametersInfoW
SetActiveWindow
DrawAnimatedRects
SetForegroundWindow
SetMenuDefaultItem
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
ClientToScreen
GetCursorPos
LoadMenuW
SetCursor
DrawFocusRect
InflateRect
SetRectEmpty
GetParent
SetWindowTextW
LoadCursorW
GetActiveWindow
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PeekMessageW
UpdateWindow
GetFocus
IsWindow
SetTimer
GetWindowRect
SendMessageW
LoadIconW
EnableWindow
UnregisterClassW
PostMessageW
SetWindowPos
GetForegroundWindow
GetSysColorBrush
DestroyMenu
MessageBoxW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageA
EndDialog
WinHelpW

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
Escape

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegFlushKey
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateWellKnownSid
RegCreateKeyW
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetUserNameW
OpenThreadToken
OpenProcessToken
DuplicateToken
CheckTokenMembership
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
SHAppBarMessage
Shell_NotifyIconW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW
SHDeleteKeyW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize
OleRun

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
GetErrorInfo

urlmon

URLDownloadToFileW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

crypt32

CryptProtectData
CryptDecodeObject
CryptMsgClose
CertCloseStore
CryptUnprotectData
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

wintrust

WinVerifyTrust

Sections

.text
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 344KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b02d930e340e0ac871ec494d50401a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

wininet

sensapi

secur32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

userenv

crypt32

wintrust

Sections

.text Size: 486KB - Virtual size: 486KB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 10KB - Virtual size: 35KB

.rsrc Size: 384KB - Virtual size: 384KB

.reloc Size: 344KB - Virtual size: 348KB

.text
Size: 486KB - Virtual size: 486KB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 10KB - Virtual size: 35KB

.rsrc
Size: 384KB - Virtual size: 384KB

.reloc
Size: 344KB - Virtual size: 348KB