2024-04-23_63bc3eeab3ab9ab63959d689d1982935_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_63bc3eeab3ab9ab63959d689d1982935_icedid
Size

711KB
MD5

63bc3eeab3ab9ab63959d689d1982935
SHA1

fc7fc61464f33a9fee81be5d35ea7cf72ad4637a
SHA256

b020797972186945ffb851d435049f7139512d900e42e7f27892afbf2dfba1fb
SHA512

ae95b2aa0ef19465a43d6510e80c9a395702e2c69545ed157643f27dca59eaab84e209f163917c7739dec29f3bcb45cce404675740590aa48adb524d7e98180c
SSDEEP

12288:sh3fY3bAGK70Rh/6PuO5iAY/5W3fcg8ny2Z3B2qpE2hw+f:u3fybDK4v/xf5W36pB2q1z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_63bc3eeab3ab9ab63959d689d1982935_icedid

Files

2024-04-23_63bc3eeab3ab9ab63959d689d1982935_icedid
.exe windows:5 windows x86 arch:x86

370d56bd874ccd80ba3bbb082510403c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\codes\niweichen\V1.5_20221201_RS\NetSdkWebPlugin\build\Win32\Release_Light\WebPlugin.pdb

Imports

ndplayer

_NDPlayer_SetLogLevel@4
_NDPlayer_SetPacketCacheFrameNum@8
ord31
ord27
ord50
ord55
ord42
ord14
ord20
ord2
ord6
ord62
ord67
ord49
ord58
ord70
ord41
ord87
ord28
ord97
ord16
ord95
ord18
ord52
ord74
ord53
ord8
ord101
ord120
ord4
ord84
ord12
ord117
ord116
ord135
_NDPlayer_StopDecode@4
ord13
ord96
ord115
ord57
ord132
ord103
ord30
ord56
ord73
ord94
ord66
ord54
ord15
ord102
ord21
ord123
ord124
ord29
ord69
ord93
ord127
ord98
ord60
ord68
_NDPlayer_EnableDisplayDelayTime@8
ord76
ord11
ord78
ord86
ord5
ord59
ord134
ord17
ord19
ord24
ord72
ord23
ord7
ord99
ord126
ord91
ord92
ord26
ord106
ord89
ord51
ord107
ord1
ord61
ord63
ord75
ord90
ord125
ord71

ndrm_module

IMCP_RM_Cleanup
IMCP_RM_GetAudioInfo
IMCP_RM_PlayStream
IMCP_RM_PauseStream
_IMCP_RM_StartStreamV2@60
IMCP_RM_GetPayloadType
IMCP_RM_StopStream
IMCP_RM_Init

winmm

waveInGetNumDevs
timeSetEvent
timeKillEvent

kernel32

GetLastError
EnterCriticalSection
FindClose
GetLocalTime
LockResource
GetModuleFileNameA
GetModuleHandleA
FindNextFileW
QueryPerformanceFrequency
DeleteCriticalSection
WaitForSingleObject
Sleep
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcessId
CreateThread
GetFileSize
CompareFileTime
GlobalLock
GetTickCount
GlobalAlloc
MulDiv
ReadFile
CreateFileW
GlobalUnlock
FindFirstFileA
GlobalFree
FindNextFileA
DeleteFileW
FormatMessageW
CreateDirectoryA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
CreateMutexW
lstrlenW
SetLastError
GetModuleFileNameW
GetProfileIntW
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventW
GetVersionExA
GetModuleHandleW
lstrcmpW
FreeLibrary
CompareStringW
LoadLibraryW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedDecrement
InterlockedExchange
CompareStringA
LoadLibraryExW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
LocalFree
lstrlenA
GetThreadLocale
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
CreateDirectoryW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
DeleteFileA
MoveFileA
ExitProcess
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetProcessHeap
RaiseException
MultiByteToWideChar
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
InitializeCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadResource
FindResourceW
FindFirstFileW
GetACP
InterlockedCompareExchange

user32

CharNextW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetMenu
SetForegroundWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
InflateRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
CharUpperW
IsWindowEnabled
MessageBoxW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UpdateWindow
GetClassNameA
GetParent
EnumWindows
GetWindowTextA
EnumChildWindows
CopyRect
ClientToScreen
SetCursor
SetTimer
FillRect
SetCapture
PostMessageW
KillTimer
LoadCursorW
SetRectEmpty
GetDC
GetWindowLongW
ReleaseDC
SetWindowLongW
FrameRect
LoadBitmapW
ClipCursor
ReleaseCapture
IsWindowVisible
SetWindowRgn
GetWindowRect
SetParent
GetClientRect
PtInRect
SetRect
InvalidateRect
MonitorFromWindow
GetCursorPos
SwitchToThisWindow
SendMessageW
EnableWindow
GetMonitorInfoW
GetSysColorBrush
wsprintfW
RegisterClipboardFormatW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
UnregisterClassW
SetWindowTextW
IsDialogMessageW
GetLastActivePopup
DestroyMenu
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetSubMenu
OffsetRect

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutW
Escape
CreatePolygonRgn
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetMapMode
DPtoLP
GetBkColor
GetTextColor
CreateFontIndirectW
CreatePenIndirect
CreateBrushIndirect
CreateRectRgn
PtInRegion
BitBlt
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleBitmap
GetObjectW
CreatePen
TextOutW
GetStockObject
CreateCompatibleDC
CreateRectRgnIndirect
CombineRgn
Rectangle
CreateRoundRectRgn
SetViewportOrgEx
CreateSolidBrush
GetRgnBox

comdlg32

GetFileTitleW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
DragAcceptFiles
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

RegisterDragDrop
OleIsCurrentClipboard
CoLockObjectExternal
RevokeDragDrop
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CreateStreamOnHGlobal

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
OleLoadPicture
OleCreateFontIndirect
SysAllocString
SysStringLen

wsock32

inet_ntoa
ioctlsocket
sendto
bind
socket
__WSAFDIsSet
inet_addr
connect
ntohl
gethostbyname
select
WSAGetLastError
htons
ntohs
setsockopt
recv
closesocket
send
getsockopt
getsockname
WSACleanup
accept
WSAStartup
listen
WSASetLastError
htonl

Sections

.text
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

370d56bd874ccd80ba3bbb082510403c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ndplayer

ndrm_module

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 474KB - Virtual size: 474KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 17KB - Virtual size: 32KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 474KB - Virtual size: 474KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 17KB - Virtual size: 32KB

.rsrc
Size: 72KB - Virtual size: 72KB