2024-04-27_8b8896713f72fda966eaeaa6955f2a18_icedid_sliver

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-27_8b8896713f72fda966eaeaa6955f2a18_icedid_sliver
Size

4.8MB
MD5

8b8896713f72fda966eaeaa6955f2a18
SHA1

ede6206be271f5965a82d76fa7826638c0054c0a
SHA256

57c78c09fdd50548c9cfa3e632057f51472b7d8667894061bb16810f126131b7
SHA512

aff644b75d4957c018ac0cd393849bad89a897a77b826ff01652c45cadacbccf84b58db88d155f9f491bbc214d5abd9a71f5e24b39fbc613bb5f017b75f94da3
SSDEEP

98304:GZfXwthMlLJOKYylQYcxbHvbtycL9mnpIrslSQc/gi9cmTsmiXgQ:+AefOrDdyUrGc/gi9zap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_8b8896713f72fda966eaeaa6955f2a18_icedid_sliver

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

2024-04-27_8b8896713f72fda966eaeaa6955f2a18_icedid_sliver
.exe windows:5 windows x86 arch:x86

ee80b74c318195f84d443f2a45ba4830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\SRUnPackFile.pdb

Imports

kernel32

HeapAlloc
HeapFree
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetTickCount
VirtualAlloc
GetCPInfo
GetStartupInfoW
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
SetErrorMode
lstrlenA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CompareStringW
InterlockedDecrement
InterlockedIncrement
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GlobalLock
GlobalUnlock
FormatMessageW
DeleteFileW
DeviceIoControl
FindClose
QueryPerformanceCounter
GlobalFree
GlobalAlloc
FindNextFileW
GetFileAttributesW
FindFirstFileW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
TerminateProcess
GetCurrentProcess
LocalFree
SetLastError
GetCurrentThreadId
ReadFile
CreateFileW
GetModuleFileNameW
GetModuleHandleW
OpenProcess
GetExitCodeProcess
GetProcessId
GetSystemWindowsDirectoryW
GetCommandLineW
GetSystemDirectoryW
SetDllDirectoryW
GetLastError
CreateMutexW
MultiByteToWideChar
GetDiskFreeSpaceExW
RemoveDirectoryW
SetCurrentDirectoryW
Sleep
GetTempPathW
CreateThread
WaitForSingleObject
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
lstrlenW
OutputDebugStringW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetACP
CloseHandle

user32

DestroyMenu
UnregisterClassW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetDlgCtrlID
SetWindowTextW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetCapture
ClientToScreen
UnhookWindowsHookEx
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
MessageBoxW
GetWindowThreadProcessId
GetWindowTextW
IsWindowVisible
GetClassNameW
ShowWindow
GetForegroundWindow
SetCursor
LoadCursorW
GetWindow
GetWindowPlacement
GetWindowRect
PtInRect
PostMessageW
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
SetForegroundWindow
CreateWindowExW

gdi32

TextOutW
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutW

comdlg32

GetFileTitleW

advapi32

RegQueryValueW
RegOpenKeyW
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegCloseKey
RegOpenCurrentUser
RevertToSelf
ImpersonateLoggedOnUser

shell32

ShellExecuteExW
SHCreateDirectoryExW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee80b74c318195f84d443f2a45ba4830

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 182KB - Virtual size: 181KB

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 182KB - Virtual size: 181KB