2024-04-21_cfc5e0e1c89e154fc7daa5c50d89e84c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-21_cfc5e0e1c89e154fc7daa5c50d89e84c_icedid
Size

420KB
MD5

cfc5e0e1c89e154fc7daa5c50d89e84c
SHA1

a8c6749d5a02cf022cc6f86b0793a42047266ad3
SHA256

c0d83741a64b54185f0f00fca6f2f26b977ea8e26a08a5255c27e60d011b8de3
SHA512

9d3d4b5b88f54f57c6947d99e1644809cb090ad030bcc359f3c453a59617d3a315f0307bfd3ef5fbb8eb71e9268b49dc7d37bc038d4adeb2c1e81cdb02d83092
SSDEEP

12288:WplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:yxRQ+Fucuvm0a/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-21_cfc5e0e1c89e154fc7daa5c50d89e84c_icedid

Files

2024-04-21_cfc5e0e1c89e154fc7daa5c50d89e84c_icedid
.exe windows:4 windows x86 arch:x86

4348535f9074b4376c05f82a699ec652

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\JinZQ\Hook开机启动\CallWebDllLib\Release\CallDll.pdb

Imports

kernel32

FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
GetOEMCP
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
SetLastError
FormatMessageA
GlobalFree
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GlobalAddAtomA
GetCurrentThread
GlobalDeleteAtom
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LocalFree
OutputDebugStringW
TerminateProcess
FindResourceExA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetWindowsDirectoryA
GetProcessId
Thread32First
Thread32Next
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
Process32Next
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapFree
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
CreateThread
CloseHandle
GetPrivateProfileStringA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
CopyFileA
DeleteFileA
MoveFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
Sleep
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
MoveWindow
IsDialogMessageA
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetClassInfoA
SetWindowPlacement
GetDlgCtrlID
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageA
SetTimer
PeekMessageA
GetWindowThreadProcessId
MessageBoxA
RegisterClassA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
PostThreadMessageA
RegisterClipboardFormatA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
UnregisterClassA
CreateWindowExA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsWindow
GetWindowLongA
CharUpperA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon

gdi32

CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoInitialize
OleUninitialize
OleInitialize
CoTaskMemRealloc
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoRevokeClassObject

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SysAllocStringByteLen
VariantChangeType
VariantCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
OleCreateFontIndirect
SysStringByteLen
VariantClear
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

psapi

GetModuleFileNameExA

ws2_32

bind
socket
closesocket
htons
WSAStartup
htonl

Exports

Exports

?EngineProc@@YGJHIJ@Z
?process1@@YAHHHHPAD@Z
?process2@@YAHXZ
?process3@@YAHH@Z
?process5@@YAHH@Z

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4348535f9074b4376c05f82a699ec652

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

ws2_32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 24KB - Virtual size: 1.1MB

.rsrc Size: 16KB - Virtual size: 15KB

.htext Size: 20KB - Virtual size: 20KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 24KB - Virtual size: 1.1MB

.rsrc
Size: 16KB - Virtual size: 15KB

.htext
Size: 20KB - Virtual size: 20KB