2024-04-24_3070c2988fb0e6dcf6cf7d1834b5707c_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-24_3070c2988fb0e6dcf6cf7d1834b5707c_icedid
Size

13.4MB
MD5

3070c2988fb0e6dcf6cf7d1834b5707c
SHA1

de57e2fc8ec7415ec189e680393b4d4400c2f7a5
SHA256

8f5434cf1e5125718f5c10fbd00d09a755bb0eb52eabd54d9d3cf2fced46048c
SHA512

171afd0768053aef41dd0f10d768a25b982635dd6cc5464458b1132e4c66ec4d28f6b1a6398c9cc37045df5910610e63829d9b72f990af2b9c3f6556586ec0a7
SSDEEP

393216:SnOfEaq+zJyHanmhqjfzf3i1a2GnHriUKfEI8uJLnmo1:wOsHoKanVfi82GLnBSjB1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_3070c2988fb0e6dcf6cf7d1834b5707c_icedid

Files

2024-04-24_3070c2988fb0e6dcf6cf7d1834b5707c_icedid
.exe windows:5 windows x86 arch:x86

3cbc5933625f8fa7782cc426a7ba8039

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\当前工作\SVN_ROOT\jiguang\v202\Athena\Server\Bin\AutoPatchJgsj\AutoPatchJgsj.pdb

Imports

kernel32

SetErrorMode
ExitThread
CreateThread
TerminateThread
GetExitCodeThread
SetConsoleTextAttribute
GetStdHandle
LoadLibraryExA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetTempFileNameA
GetTempPathA
GetDriveTypeA
SetVolumeLabelA
OpenFileMappingA
SetCurrentDirectoryA
IsDBCSLeadByteEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetModuleHandleW
GetOEMCP
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
GetProcessHeap
SetHandleCount
HeapCreate
IsValidCodePage
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetFullPathNameA
CreateFileW
GetSystemTimeAsFileTime
GetCPInfo
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
MoveFileA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentDirectoryA
GetThreadLocale
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GetVersionExA
MulDiv
GlobalUnlock
CreateEventA
WaitForSingleObject
SetThreadPriority
FreeResource
GlobalFree
lstrlenA
WritePrivateProfileStringA
GlobalAddAtomA
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
Sleep
GetTickCount
GetACP
DeleteFileA
LocalFree
CloseHandle
FindNextFileA
GetModuleFileNameA
FindClose
SetFileAttributesA
CopyFileA
RemoveDirectoryA
GetLastError
FindFirstFileA
FormatMessageA
SetEndOfFile
SetFilePointer
CreateFileA
WinExec
GetDiskFreeSpaceExA
LockResource
CreateDirectoryA
VirtualUnlock
SizeofResource
WideCharToMultiByte
VirtualFree
LoadResource
FindResourceA
HeapSize
ExitProcess

user32

DestroyMenu
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
IntersectRect
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
SetFocus
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
EnableWindow
GetSystemMetrics
SendMessageA
GetClientRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostThreadMessageA
RegisterClipboardFormatA
ReleaseDC
GetDC
DrawIcon
LoadIconA
IsIconic
MessageBoxA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
PostMessageA
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
GetMessageTime

gdi32

GetStockObject
CreateFontIndirectA
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
SetViewportOrgEx
CreateSolidBrush
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateRectRgnIndirect
CreateBitmap
SelectObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
OleIsCurrentClipboard
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoRegisterMessageFilter
OleFlushClipboard
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cbc5933625f8fa7782cc426a7ba8039

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

dbghelp

iphlpapi

Sections

.text Size: 796KB - Virtual size: 795KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 272KB - Virtual size: 290KB

.rsrc Size: 12.2MB - Virtual size: 12.2MB

.text
Size: 796KB - Virtual size: 795KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 272KB - Virtual size: 290KB

.rsrc
Size: 12.2MB - Virtual size: 12.2MB