2024-04-22_9d9f1695c9e2a2c217070f8f752be12c_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-22_9d9f1695c9e2a2c217070f8f752be12c_icedid
Size

2.0MB
MD5

9d9f1695c9e2a2c217070f8f752be12c
SHA1

bfae8c318590bad716ab200d3376af78c10b9eb1
SHA256

acc7d2ff60c6700537084097a43d77ddba5c1b4785c4dcfb9f40e401d3879f9a
SHA512

e18bd2e51d2199c1c6d7e01e539dd675d69ec4ed83335305fd55e203a493e014dd5b8a6d1cf32b7d2c45313666ac2c3432dea44718a9b02c7359739e80ba669c
SSDEEP

49152:LHiyooUhp0DECHDpOqBLMZkix3qnWLOz9Kv2pn9Qg:LCDZp0DlpObZkQ3P2pn9Qg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_9d9f1695c9e2a2c217070f8f752be12c_icedid

Files

2024-04-22_9d9f1695c9e2a2c217070f8f752be12c_icedid
.exe windows:5 windows x86 arch:x86

b23cfc72f2ef35bfa509fab146407eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\zheng.xie\My Documents\projects\Hosted eBookPro\ClientTools\res\Viewer.pdb

Imports

advapi32

CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegSetValueA

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetQueryOptionA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetCrackUrlA
InternetSetOptionA
InternetOpenA
InternetGetConnectedState
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetAutodial

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetModuleHandleW
SetErrorMode
GetCurrentDirectoryA
GetTickCount
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
RaiseException
HeapReAlloc
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GlobalFlags
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetLastError
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
SetLastError
LoadLibraryA
ResetEvent
GetTempPathA
WaitForSingleObject
SetEvent
LocalFree
CloseHandle
WriteFile
CreateFileA
LocalAlloc
GetCurrentThreadId
GetModuleFileNameA
FreeLibrary
Sleep
GetVersionExA
lstrlenA
GetDriveTypeA
GetVolumeInformationA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
CreateDirectoryA
GetTempFileNameA
RemoveDirectoryA
GetLongPathNameA
FindFirstFileA
GetProfileStringA
WriteProfileStringA
MultiByteToWideChar
FreeResource
lstrcmpW
GetDiskFreeSpaceA
GetCurrentThread
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
MulDiv
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
FindNextFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SuspendThread
ResumeThread
SetThreadPriority
CreateEventA
ReleaseMutex
CreateMutexA
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetFullPathNameA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
lstrcmpA
FormatMessageA

user32

DrawIcon
SetWindowRgn
SetCapture
GetSysColorBrush
UnregisterClassA
DeleteMenu
InvalidateRgn
CharNextA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
GetNextDlgGroupItem
PostThreadMessageA
CreatePopupMenu
TranslateAcceleratorA
CharUpperA
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
InsertMenuA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
IsRectEmpty
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
SetWindowPos
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetActiveWindow
KillTimer
SetTimer
IsIconic
GetTopWindow
GetWindowTextA
IsWindowVisible
FlashWindow
OpenClipboard
SetClipboardData
EmptyClipboard
CloseClipboard
CallWindowProcA
CopyImage
RedrawWindow
MessageBoxA
BringWindowToTop
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
ScreenToClient
GetKeyState
MessageBeep
GetDesktopWindow
SetWindowsHookExA
TrackPopupMenuEx
UnhookWindowsHookEx
CallNextHookEx
SetMenu
GetMenu
ShowOwnedPopups
PostQuitMessage
IsZoomed
GetMessageA
ValidateRect
GetCursorPos
WindowFromPoint
GetMenuStringA
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
GetForegroundWindow
InsertMenuItemA
GetClassInfoA
LoadCursorA
GetClientRect
SetRect
PtInRect
IsWindow
SetCursor
LoadMenuA
GetSubMenu
IntersectRect
GetClassNameA
SetWindowLongA
GetDC
ReleaseDC
LoadImageA
GetMenuItemCount
AppendMenuA
CreateMenu
DrawEdge
DrawStateA
LoadBitmapA
OffsetRect
InflateRect
CopyRect
MapVirtualKeyA
GetKeyNameTextA
SetMenuItemInfoA
CopyAcceleratorTableA
DestroyIcon
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
GetParent
GetWindowRect
PostMessageA
SetRectEmpty
GetWindow
InvalidateRect
SendMessageA
EnableWindow
DestroyWindow

gdi32

CreateCompatibleDC
Ellipse
PatBlt
BitBlt
DeleteObject
GdiFlush
CreateDIBSection
SetDIBColorTable
GetDIBColorTable
GetDIBits
CreatePalette
GetPaletteEntries
GetDeviceCaps
RealizePalette
StretchBlt
DeleteDC
GetPixel
Rectangle
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
CreateFontIndirectA
MoveToEx
SelectClipRgn
CreateCompatibleBitmap
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SelectPalette
CreatePen
CreateSolidBrush
GetBkColor
CreateRectRgnIndirect
GetTextExtentPoint32A
GetCharWidthA
CreateFontA
StretchDIBits
GetMapMode
GetTextMetricsA
CreateEllipticRgn
LPtoDP
GetRgnBox
GetTextColor
GetViewportExtEx
CreateBitmap
SelectObject
LineTo
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
ord201
ord202

shell32

SHGetSpecialFolderPathA
DragAcceptFiles
SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
ShellExecuteA

comctl32

ord17

shlwapi

PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VarDateFromStr
OleLoadPicture
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SafeArrayCreate
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose
DrawDibSetPalette
DrawDibRealize

Sections

.text
Size: 971KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b23cfc72f2ef35bfa509fab146407eed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

msvfw32

Sections

.text Size: 971KB - Virtual size: 971KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 535KB - Virtual size: 534KB

.text
Size: 971KB - Virtual size: 971KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 535KB - Virtual size: 534KB