2024-04-22_5bfe03a9e087c708eb8eeb66526f0d02_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_5bfe03a9e087c708eb8eeb66526f0d02_icedid
Size

1.4MB
MD5

5bfe03a9e087c708eb8eeb66526f0d02
SHA1

29bfdf42f34376f84c960ed3ef5778e782de2abb
SHA256

8c719e77e9e2e25a99922f4e4a6aee6d3abd2b0c9478e007c0e72ece5337bc89
SHA512

92f7585ebfbfdc40efc03a14d84edd560edc3516abd2051e4b0ac1622b6af25e50693d32d39133a67e9bac9d77e09d9bafd751544921020980c2b21e7cd5cd96
SSDEEP

24576:zIMw5tqw6vV8zYwCcNGD6i/japyPizDQclCGZh:zIMwUvV8zYwCcIDT/jaAIcc4GZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_5bfe03a9e087c708eb8eeb66526f0d02_icedid

Files

2024-04-22_5bfe03a9e087c708eb8eeb66526f0d02_icedid
.exe windows:5 windows x86 arch:x86

7d7193cef4704b4bf1f9a52987c49dd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CB\ARM_Main\BuildResults\bin\Win32\Release\AdobeARM.pdb

Imports

msi

ord119
ord118
ord16
ord171
ord70
ord205
ord114
ord160
ord159
ord141
ord8
ord116
ord32
ord92
ord115
ord131
ord150
ord78
ord181
ord195
ord281
ord240
ord88

psapi

GetModuleFileNameExW
GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetErrorDlg
InternetSetOptionW
InternetCloseHandle
DeleteUrlCacheEntryW

sensapi

IsNetworkAlive

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

kernel32

FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameW
GetModuleFileNameW
InterlockedExchange
CompareStringA
LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GlobalDeleteAtom
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetThreadPriority
ResumeThread
SuspendThread
GlobalAddAtomW
GetModuleHandleA
GetVersionExA
LoadLibraryA
CompareStringW
FreeResource
GetFileAttributesExW
GetFileSizeEx
GetFileTime
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalFlags
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentDirectoryA
GetDriveTypeA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
InterlockedDecrement
GetCurrentProcessId
ProcessIdToSessionId
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetCurrentThread
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
GetVolumeInformationW
HeapFree
GetProcessHeap
HeapAlloc
OpenEventW
Module32NextW
Module32FirstW
Process32NextW
GetLongPathNameW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
FindResourceExW
lstrcmpA
lstrcmpW
LocalAlloc
GetExitCodeProcess
CreateProcessW
OpenMutexW
CreateMutexW
SystemTimeToFileTime
SetEndOfFile
RemoveDirectoryW
GetVersionExW
lstrlenA
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeLibrary
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
GetLocalTime
MoveFileW
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
LocalFree
FormatMessageW
GetThreadLocale
GetModuleHandleW
VirtualAlloc
VirtualFree
GetTempPathW
WaitForSingleObject
OpenProcess
CopyFileW
GetProcAddress
GetACP
LoadLibraryW
lstrlenW
GetTickCount
CreateEventW
SetLastError
Sleep
SetEvent
GetThreadPriority
MultiByteToWideChar
CloseHandle
CreateFileW
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindClose
FindFirstFileW
DeleteFileW
SetFileAttributesW
SetFileTime
WriteFile
GetLastError
CreateDirectoryW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalFindAtomW

user32

GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextLengthW
SetFocus
ShowWindow
SetWindowLongW
GetDlgCtrlID
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperW
GetMenuState
GetMenuStringW
GetWindow
FindWindowW
ExitWindowsEx
RegisterWindowMessageW
EnumWindows
GetWindowTextW
IsWindowVisible
GetWindowThreadProcessId
FindWindowExW
SystemParametersInfoW
SetActiveWindow
DrawAnimatedRects
SetForegroundWindow
SetMenuDefaultItem
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
ClientToScreen
GetCursorPos
LoadMenuW
SetCursor
DrawFocusRect
InflateRect
SetRectEmpty
GetParent
SetWindowTextW
LoadCursorW
GetActiveWindow
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PeekMessageW
UpdateWindow
GetFocus
IsWindow
SetTimer
GetWindowRect
SendMessageW
LoadIconW
EnableWindow
UnregisterClassW
PostMessageW
SetWindowPos
GetForegroundWindow
GetSysColorBrush
DestroyMenu
MessageBoxW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageA
EndDialog
WinHelpW

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
Escape

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

LookupAccountNameW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegFlushKey
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateWellKnownSid
RegCreateKeyW
OpenThreadToken
DuplicateToken
CheckTokenMembership
IsValidSid
GetLengthSid
ConvertSidToStringSidW
RegCreateKeyExW
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetUserNameW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
SHAppBarMessage
Shell_NotifyIconW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW
SHDeleteKeyW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize
OleRun

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
GetErrorInfo

urlmon

URLDownloadToFileW

crypt32

CryptProtectData
CryptDecodeObject
CryptMsgClose
CertCloseStore
CryptUnprotectData
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext

wintrust

WinVerifyTrust

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

Sections

.text
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 346KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d7193cef4704b4bf1f9a52987c49dd5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

wininet

sensapi

secur32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

crypt32

wintrust

userenv

Sections

.text Size: 446KB - Virtual size: 445KB

.rdata Size: 259KB - Virtual size: 258KB

.data Size: 10KB - Virtual size: 27KB

.rsrc Size: 384KB - Virtual size: 384KB

.reloc Size: 346KB - Virtual size: 348KB

.text
Size: 446KB - Virtual size: 445KB

.rdata
Size: 259KB - Virtual size: 258KB

.data
Size: 10KB - Virtual size: 27KB

.rsrc
Size: 384KB - Virtual size: 384KB

.reloc
Size: 346KB - Virtual size: 348KB