2024-04-26_3c08ab55908a8fdf7d07a6edb6c87755_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_3c08ab55908a8fdf7d07a6edb6c87755_icedid
Size

4.1MB
MD5

3c08ab55908a8fdf7d07a6edb6c87755
SHA1

b207a7c9b24a6f7ab4ed8846cb51d287699043c5
SHA256

c1d2db64772fbee8ab377754af4e458acbee417dc7f204a32fb16d0d30adfaf0
SHA512

a75a282ede4c36065cbdb4ac6e79fc871126078e04418b5621a4fc320fb01354242b714a2c4cc981cae101d07713e92162618728b86b34d573b0255cb2fcd96b
SSDEEP

98304:mHqg+0N8fTZG//QTnc0SemAGb7IrByHV:NE8ftbYem/bOy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-26_3c08ab55908a8fdf7d07a6edb6c87755_icedid

Files

2024-04-26_3c08ab55908a8fdf7d07a6edb6c87755_icedid
.exe windows:4 windows x86 arch:x86

83744f43d60ac8833b9f3f8f838dd29c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\PrismMain\CommonChannel\1033\release\PTClient.pdb

Imports

kernel32

GetLocalTime
GetDiskFreeSpaceA
FindNextFileA
SetCurrentDirectoryA
GetTempFileNameA
FlushFileBuffers
GetFileSize
VirtualUnlock
FreeResource
VirtualFree
VirtualLock
VirtualAlloc
GetFullPathNameA
MoveFileExA
SetEndOfFile
UnlockFile
LockFile
InitializeCriticalSection
GetEnvironmentVariableA
CompareStringW
RaiseException
GetShortPathNameA
SetLastError
CopyFileA
SearchPathA
GetPrivateProfileStringA
ResetEvent
GetFileType
WritePrivateProfileStringA
OpenEventA
SetCurrentDirectoryW
SetEnvironmentVariableA
GetModuleFileNameA
CompareStringA
GetVersion
OpenFileMappingA
GlobalAddAtomA
GetTempPathA
GetSystemDirectoryA
SystemTimeToFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetComputerNameA
DeviceIoControl
FileTimeToSystemTime
GetLocaleInfoW
WaitForMultipleObjects
MulDiv
FindResourceExA
SetErrorMode
GetNumberFormatA
ResumeThread
GetCurrencyFormatA
GetDateFormatA
GetTimeFormatA
TerminateThread
GetExitCodeThread
EnumResourceLanguagesA
ConvertDefaultLocale
SuspendThread
LocalReAlloc
lstrcmpW
GlobalFindAtomA
VirtualProtect
GlobalFlags
GetCPInfo
GetOEMCP
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
VirtualQuery
ExitThread
CreateThread
ExitProcess
RtlUnwind
TerminateProcess
SetStdHandle
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
IsBadWritePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetVolumeLabelA
RemoveDirectoryA
CompareFileTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SetFileTime
MoveFileA
LocalAlloc
FindFirstFileA
FindClose
GetFileAttributesA
CreateDirectoryA
lstrcmpiA
SetFileAttributesA
IsDBCSLeadByte
GlobalSize
GlobalReAlloc
GlobalLock
ReadFile
GetDriveTypeA
IsBadStringPtrA
GetWindowsDirectoryA
SetFilePointer
WriteFile
lstrcmpA
GetCurrentDirectoryA
lstrcpynA
lstrcatA
GetVolumeInformationA
CreateFileA
DeleteFileA
CloseHandle
GetFileTime
FileTimeToLocalFileTime
TlsGetValue
IsBadReadPtr
TlsFree
GlobalAlloc
TlsSetValue
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
lstrcpyA
DosDateTimeToFileTime
FileTimeToDosDateTime
GetLogicalDriveStringsA
GetExitCodeProcess
GetTickCount
GetTimeZoneInformation
GetCurrentThread
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalMemoryStatus
GetSystemInfo
lstrlenW
SetPriorityClass
GetPriorityClass
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
SetThreadPriority
CreateProcessA
DuplicateHandle
OpenProcess
GetCurrentProcessId
SetEvent
CreateEventA
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageA
GetCurrentProcess
GlobalDeleteAtom
GlobalGetAtomNameA
UnmapViewOfFile
Sleep
CreateSemaphoreA
MapViewOfFile
CreateFileMappingA
GetLastError
CreateMutexA
ReleaseMutex
WaitForSingleObject
MultiByteToWideChar
GetModuleHandleA
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTime
InterlockedExchange

user32

DrawMenuBar
CreateWindowExA
TranslateMDISysAccel
TranslateAcceleratorA
SetWindowPos
AdjustWindowRectEx
CopyRect
GetWindowPlacement
SystemParametersInfoA
OffsetRect
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
RegisterClassA
GetClassInfoA
DeferWindowPos
EqualRect
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
ShowWindow
SetMenu
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
ReuseDDElParam
UnpackDDElParam
DestroyMenu
CheckRadioButton
GetDlgItemInt
IsDlgButtonChecked
IsDialogMessageA
MoveWindow
GetNextDlgTabItem
CreateDialogIndirectParamA
SetCapture
WindowFromPoint
WaitMessage
InflateRect
GetMenuItemInfoA
GetAsyncKeyState
MapDialogRect
GetSysColorBrush
SetRect
ShowOwnedPopups
GetMessageA
ValidateRect
SetMenuItemBitmaps
GetFocus
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetMenuItemCount
CopyIcon
TabbedTextOutA
GetParent
EnumChildWindows
DestroyCursor
IsWindowVisible
GetSubMenu
LoadMenuA
CopyImage
KillTimer
SetTimer
DestroyIcon
FillRect
IntersectRect
UnregisterClassA
SetFocus
GetKeyState
SetCursorPos
GetCursorPos
PtInRect
GetClientRect
GetWindowContextHelpId
SetWindowContextHelpId
OemToCharBuffA
CharToOemA
EnableMenuItem
GetSystemMenu
GetDesktopWindow
GetWindowRect
CharLowerA
GetDC
ReleaseDC
SetDlgItemTextA
SetWindowTextA
GetSysColor
DialogBoxParamA
GetActiveWindow
SetCursor
OemToCharA
CharNextA
CharPrevA
CharUpperBuffA
WaitForInputIdle
EnumWindows
GetWindowThreadProcessId
GetClassNameA
CharUpperA
UpdateWindow
wsprintfA
SetWindowLongA
GetWindowLongA
GetSystemMetrics
LoadImageA
LoadCursorA
OpenDesktopA
OpenWindowStationA
SetUserObjectSecurity
GetUserObjectSecurity
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetUserObjectInformationW
GetWindow
BringWindowToTop
IsIconic
EnableWindow
InvalidateRect
IsWindow
ExitWindowsEx
LoadIconA
MessageBeep
DispatchMessageA
TranslateMessage
PeekMessageA
FindWindowA
MessageBoxA
LoadStringA
CloseWindowStation
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
DrawIcon
OpenWindowStationW
SetForegroundWindow
SendMessageA
RegisterWindowMessageA
PostMessageA
GetMenu
DefFrameProcA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
GetLastActivePopup
PostQuitMessage
IsWindowEnabled
EndDialog

gdi32

GetStockObject
SetBkColor
GetBkColor
GetTextMetricsA
CreateCompatibleDC
CreateRectRgnIndirect
GetDeviceCaps
GetBitmapBits
RealizePalette
CreatePalette
SetMapMode
GetTextExtentPoint32A
SelectObject
StartDocA
StartPage
EndPage
EndDoc
DeleteDC
TextOutA
CreateBitmap
SaveDC
RestoreDC
SetStretchBltMode
SetTextColor
GetClipBox
ExcludeClipRect
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
BitBlt
GetPixel
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
SelectPalette
CreateCompatibleBitmap
GetMapMode
StretchDIBits
EnumFontFamiliesExA
GetPaletteEntries
SetDIBitsToDevice
UnrealizeObject
CreateHalftonePalette
CreateDIBSection
DeleteObject
GetTextExtentExPointA
CreateFontIndirectA
GetObjectA
SetBkMode

comdlg32

PrintDlgA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shell32

DragQueryFileA
SHBrowseForFolderA
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragFinish

ole32

CoCreateInstance
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoInitialize
OleUninitialize
OleInitialize
OleRun
CoUninitialize
CoInitializeEx
CoTaskMemFree
CLSIDFromProgID
StringFromGUID2

wsock32

recvfrom
sendto
send
select
recv
shutdown
listen
htonl
bind
closesocket
setsockopt
getsockopt
inet_ntoa
inet_addr
WSAGetLastError
WSAStartup
gethostname
gethostbyname
WSACleanup
ioctlsocket
ntohl
socket
getsockname
ntohs
accept
htons
connect

winmm

PlaySoundA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidFromStringA
UuidCreate

Exports

Exports

XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetSpecifiedAttributeCount
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_UseParserAsHandlerArg

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SEFCMD
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PTData
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83744f43d60ac8833b9f3f8f838dd29c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

ole32

wsock32

winmm

version

rpcrt4

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 336KB - Virtual size: 333KB

.data Size: 68KB - Virtual size: 91KB

.rsrc Size: 432KB - Virtual size: 431KB

.SEFCMD Size: 16KB - Virtual size: 16KB

.PTData Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 336KB - Virtual size: 333KB

.data
Size: 68KB - Virtual size: 91KB

.rsrc
Size: 432KB - Virtual size: 431KB

.SEFCMD
Size: 16KB - Virtual size: 16KB

.PTData
Size: 2.1MB - Virtual size: 2.1MB