2024-04-22_898195b5a3ca48c29fdfc1faabab7171_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-22_898195b5a3ca48c29fdfc1faabab7171_icedid
Size

716KB
MD5

898195b5a3ca48c29fdfc1faabab7171
SHA1

a56dedd379620f2d782353908669682d6f0cfbcb
SHA256

4b0ba1836b3fe75878c8851a0f450df4f7fb9fc0c45ba694c1928f609c2687c9
SHA512

24dba05f2d5aa93564cc6fcf9fe3fe1a5822a826684bfd955e3592bdcdeb3beca36846c0e41efc5534b0a8fa960a9550088f02b853dfdf38f41391b00ee436b0
SSDEEP

12288:8iLthZnTfZ7NWC3CrL5TJfh8zuiyzyJOnRVLZfCyGnixorF8vEhwgSCtRy:8iLvZn5f3CrBtWJQRLfC0xeF8vEhwgXy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_898195b5a3ca48c29fdfc1faabab7171_icedid

Files

2024-04-22_898195b5a3ca48c29fdfc1faabab7171_icedid
.exe windows:4 windows x86 arch:x86

3c21626089042ad5f97614851ddbd780

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

c:\Eng\SafeAudio\CDS-New\8.0\Protection Processor\Mmt\CopyMusic2\Release\CopyMusic2.pdb

Imports

wmdssup7

ord3
ord1

kernel32

GetFileTime
WritePrivateProfileStringA
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
ExitProcess
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitThread
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FileTimeToLocalFileTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetModuleFileNameA
lstrlenW
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
Sleep
CopyFileA
DeleteFileA
CreateDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
ResumeThread
SetEvent
TerminateThread
WaitForSingleObject
GetTempPathA
GetVersion
lstrcpyA
lstrcatA
CreateProcessA
GetCurrentProcessId
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
WaitForMultipleObjects
ReleaseMutex
CreateEventA
SuspendThread
SetThreadPriority
SetLastError
GlobalFree
GetSystemInfo
GetModuleHandleW
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
GetExitCodeThread
CreateThread
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
OpenEventA
GetCurrentProcess
FormatMessageA
CreateMutexW
CreateFileW
GetVersionExW
CreateEventW
GetOverlappedResult
FindClose
WaitForSingleObjectEx
GetDiskFreeSpaceExW
GetModuleFileNameW
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetSystemTimeAsFileTime
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
SetFileAttributesA
GetCurrentThreadId
lstrcmpA
FlushInstructionCache
HeapAlloc
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcessHeap
HeapFree
FindNextFileA
GetProfileIntA
GetExitCodeProcess
CompareStringW
CompareStringA
GetModuleHandleA
LoadLibraryExA
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
RemoveDirectoryA
ExpandEnvironmentStringsA
GetTempFileNameA
GetFileAttributesA
GetCurrentThread
LocalAlloc
LocalFree
FindFirstFileA

user32

MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
IsDialogMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
SetWindowContextHelpId
SetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetLastActivePopup
IsWindowEnabled
SetCursor
UnhookWindowsHookEx
RegisterClipboardFormatA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetSubMenu
CreateAcceleratorTableA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
GetDlgItem
IsWindow
DestroyAcceleratorTable
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
ReleaseDC
GetDC
FillRect
GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
CreateWindowExA
CharUpperA
CharNextA
wsprintfA
MessageBoxA
ExitWindowsEx
ReleaseCapture
TranslateAcceleratorA
EnumChildWindows
GetWindowLongA
SetWindowLongA
GetSystemMetrics
LoadAcceleratorsA
LoadIconA
EnableWindow
SetCapture
KillTimer
SetTimer
ScreenToClient
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
SendMessageA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
DrawIcon
InvalidateRect
MessageBoxW
PostQuitMessage
PostMessageA
PostThreadMessageA
UnregisterClassA
MapDialogRect

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
OffsetViewportOrgEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

InitializeAcl
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
GetUserNameA
RegEnumKeyExA
ImpersonateSelf
OpenThreadToken
InitializeSecurityDescriptor
GetLengthSid
RegCloseKey
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
AllocateAndInitializeSid
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
OpenProcessToken

comctl32

ord17

shlwapi

PathStripToRootA
PathFindFileNameA
PathRemoveBackslashA
PathAddBackslashA
PathFindExtensionA
PathRemoveFileSpecA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoGetClassObject
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoRevokeClassObject
OleRun
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoFreeUnusedLibraries
CoDisconnectObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterClassObject

oleaut32

SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
DispCallFunc
VarUI4FromStr
VariantChangeType
VariantCopy
VariantInit
RegisterTypeLi
UnRegisterTypeLi
VarBstrCmp
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 512KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c21626089042ad5f97614851ddbd780

Headers

File Characteristics

PDB Paths

Imports

wmdssup7

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 512KB - Virtual size: 508KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 512KB - Virtual size: 508KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 52KB - Virtual size: 52KB