2024-04-25_3a1610bf5692a4864f1749011a108083_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-25_3a1610bf5692a4864f1749011a108083_icedid
Size

2.1MB
MD5

3a1610bf5692a4864f1749011a108083
SHA1

5f7819fffe1968cd2bf842b5947131663755ff2c
SHA256

3b496ce60be36d4c0b64b3e10615ff5efdc7514419e5a8633792fb779ad88b3a
SHA512

288edf6ec32fe9c11f4c2b83abd24650bffde497b5c92d5037a23cc90d3366b99eb0f7247db6104712af0c5edc866386920598c23a964bfe9dc27452558a8a2f
SSDEEP

24576:8i5WyAHIlqh2hvhuQZlNVHhZ4H9w0Z2CCwnoeJh:8i5QwuQZlNVB0w0HCwnJX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-25_3a1610bf5692a4864f1749011a108083_icedid

Files

2024-04-25_3a1610bf5692a4864f1749011a108083_icedid
.exe windows:4 windows x86 arch:x86

a966500069daa338db1646516748a467

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

shlwapi

PathIsUNCA
PathFindExtensionA
PathGetDriveNumberA
PathIsDirectoryA
PathRemoveExtensionA
PathStripToRootA
PathSkipRootA
PathFindFileNameA
PathRemoveFileSpecA
SHDeleteKeyA
UrlUnescapeA

rpcrt4

UuidToStringA
RpcStringFreeA

comctl32

InitCommonControlsEx
CreateToolbarEx
ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetThreadLocale
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
MoveFileA
LockFile
UnlockFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
VirtualProtect
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetFileTime
SetErrorMode
FindResourceExA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThread
RaiseException
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
ExitThread
CreateThread
SetStdHandle
HeapSize
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
SuspendThread
GetCurrentThreadId
SetThreadPriority
GetModuleFileNameW
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
MulDiv
GetFileType
InterlockedIncrement
SetLastError
GetModuleHandleA
GetExitCodeThread
ResumeThread
GetLogicalDrives
GetExitCodeProcess
SetEndOfFile
LoadLibraryExA
SetFilePointer
FlushFileBuffers
WriteFile
lstrcmpA
CreateProcessA
SetFileTime
LocalFileTimeToFileTime
SetFileAttributesA
GetDriveTypeA
ResetEvent
WaitForSingleObject
SetEvent
CreateEventA
LocalFree
GlobalMemoryStatus
OpenFile
FormatMessageA
GetTickCount
GetVersionExA
GlobalHandle
InterlockedDecrement
CreateFileA
GetFileSize
CloseHandle
ReadFile
_llseek
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalReAlloc
GetProcAddress
GlobalSize
GlobalAlloc
GlobalUnlock
RemoveDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CopyFileA
DeleteFileA
CompareStringW
CompareStringA
GetVersion
GetLastError
InterlockedExchange
GetShortPathNameA
LoadLibraryA
GetWindowsDirectoryA
_lopen
_lwrite
_lread
GetModuleFileNameA
FreeLibrary
_lcreat
_hwrite
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesA
_lclose
lstrcpyA
lstrcatA
lstrcmpiA
lstrlenA
GetTempPathA
GetTempFileNameA
WinExec
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
IsDebuggerPresent

user32

WindowFromPoint
TabbedTextOutA
GrayStringA
GetWindowDC
GetAsyncKeyState
CharNextA
GetSysColorBrush
DestroyIcon
SetParent
UnregisterClassA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageA
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
TrackPopupMenu
SetForegroundWindow
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
SystemParametersInfoA
SetWindowsHookExA
GetMessageA
ValidateRect
UnhookWindowsHookEx
IsDialogMessageA
RegisterWindowMessageA
GetClassNameA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
GetWindowThreadProcessId
GetActiveWindow
EqualRect
GetKeyState
GetDlgCtrlID
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
GetLastActivePopup
BringWindowToTop
GetMenuItemID
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
WaitForInputIdle
OemToCharBuffA
CharToOemBuffA
SetMenu
DrawMenuBar
GetScrollRange
EnableScrollBar
GetScrollInfo
PtInRect
InvertRect
CharUpperBuffA
CreateDialogParamA
PeekMessageA
DispatchMessageA
TranslateMessage
ClientToScreen
SetActiveWindow
InflateRect
GetScrollPos
ScrollWindow
SetScrollPos
DrawTextExA
DestroyCursor
SetScrollRange
CopyImage
SetCapture
SetTimer
GetCapture
KillTimer
ReleaseCapture
GetWindowTextA
IsWindowEnabled
IsWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsCharAlphaA
CharToOemA
IsCharAlphaNumericA
IsCharLowerA
IsCharUpperA
wvsprintfA
SetMenuDefaultItem
GetSubMenu
LoadMenuA
GetClientRect
ScreenToClient
IsWindowVisible
EnableWindow
SendMessageA
GetSysColor
MessageBoxA
DialogBoxParamA
GetMenu
SetWindowPlacement
GetWindowPlacement
GetDesktopWindow
ReleaseDC
GetDC
CopyRect
CharUpperA
CallWindowProcA
GetWindowTextLengthA
wsprintfA
GetCursorPos
GetCursor
IsRectEmpty
FillRect
DestroyWindow
LoadIconA
RegisterClassA
SetWindowsHookA
OffsetRect
SetRectEmpty
IsIconic
CheckMenuItem
GetFocus
UnhookWindowsHook
TranslateAcceleratorA
DefWindowProcA
PostMessageA
CallNextHookEx
GetMenuItemCount
EnableMenuItem
UpdateWindow
WinHelpA
GetDlgItem
IsDlgButtonChecked
CheckRadioButton
SetDlgItemInt
CheckDlgButton
SetWindowLongA
GetParent
SetFocus
MessageBeep
EndDialog
SetCursor
LoadCursorA
GetDlgItemInt
SetDlgItemTextA
CharLowerA
GetDlgItemTextA
GetWindowLongA
SendDlgItemMessageA
SetWindowPos
GetWindowRect
ShowWindow
GetWindow
LoadStringA
EndPaint
BeginPaint
DrawTextA
SetRect
CreateWindowExA
LoadBitmapA
SetWindowTextA
MoveWindow
MapWindowPoints
GetSystemMetrics
InvalidateRect
GetMenuItemInfoA

gdi32

GetViewportExtEx
GetPixel
PtVisible
RectVisible
Escape
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
CreateSolidBrush
ExtSelectClipRgn
GetTextColor
GetRgnBox
EnumFontFamiliesExA
CreatePen
SetTextColor
SetROP2
Rectangle
MoveToEx
LineTo
GetObjectA
DeleteObject
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
SetBkMode
ScaleWindowExtEx
DeleteDC
GetBkColor
GetMapMode
CombineRgn
GetClipBox
CreateRectRgnIndirect
SaveDC
RestoreDC
CreateDCA
AbortDoc
EndDoc
StartDocA
StartPage
EndPage
CreateICA
CreateDIBSection
FillRgn
GetTextAlign
GetBkMode
StretchDIBits
CreateDIBitmap
CreateFontA
GetCharWidthA
GetTextExtentPoint32A
SetMapMode
GetWindowExtEx
SetViewportExtEx
LPtoDP
GetWindowOrgEx
SetViewportOrgEx
ExtTextOutA
SetRectRgn
CreatePatternBrush
PatBlt
EnumFontFamiliesA
SetStretchBltMode
StretchBlt
CreateRectRgn
SelectClipRgn
SetWindowOrgEx
CreatePalette
GetTextMetricsA
CreateFontIndirectA
ExcludeClipRect
GetTextExtentPointA
SelectPalette
RealizePalette
GetDIBits
CreateBitmap
GetDeviceCaps
CreateCompatibleBitmap
SetTextAlign
SetBkColor
TextOutA
IntersectClipRect

comdlg32

PrintDlgA
GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA
GetFileTitleA

winspool.drv

GetPrinterA
ord201
OpenPrinterA
DeviceCapabilitiesA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegSetValueA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
GetUserNameA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

DragQueryFileA
DragFinish
ExtractIconA
SHGetFolderPathA
SHGetSpecialFolderPathA
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteA

oledlg

ord8

ole32

CoTaskMemAlloc
StringFromCLSID
CoRegisterClassObject
CoTaskMemFree
CLSIDFromProgID
StgCreateDocfile
OleSetMenuDescriptor
CoCreateGuid
CoGetClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject
StringFromGUID2
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleRun
CoDisconnectObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

GetErrorInfo
OleCreateFontIndirect
SafeArrayDestroy
SysAllocStringLen
SysFreeString
VarBstrCat
SysStringLen
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantCopy
VariantInit
VarDateFromStr
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi

Exports

Exports

?PnxWinHelp@@YAXPAUHWND__@@PBD1@Z
?PnxWinHelp@@YAXPAUHWND__@@PBDIK@Z
?StaticWndProc@CTranscriptUI@@KGJPAUHWND__@@IIJ@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a966500069daa338db1646516748a467

Headers

File Characteristics

Imports

shlwapi

rpcrt4

comctl32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 372KB - Virtual size: 369KB

.data Size: 64KB - Virtual size: 84KB

.rsrc Size: 460KB - Virtual size: 459KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 372KB - Virtual size: 369KB

.data
Size: 64KB - Virtual size: 84KB

.rsrc
Size: 460KB - Virtual size: 459KB