2024-04-28_b6bd3510fe1ea53a485125851fe24689_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-28_b6bd3510fe1ea53a485125851fe24689_icedid
Size

1.2MB
MD5

b6bd3510fe1ea53a485125851fe24689
SHA1

d922de471e1977714828b6a70258c449df945184
SHA256

a4ae317aaa5b27ca89de427fed5ce7b477d693690b1087ef4ad2f6733cc7bcb1
SHA512

3d3f8a3a10842a6197da9a77e17ef675293c413bbd87150f03d79a4c1edc50beb438621dc6b07e5a4ed283fae938c5b34069bb83e5583274438740219a0d560e
SSDEEP

24576:nNQqxk/LBaIt34ya0eKbQUMTAJPl++AJuoyUlztA8hxi:naqxkVaItIVUM2Pl+LVyynbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-28_b6bd3510fe1ea53a485125851fe24689_icedid

Files

2024-04-28_b6bd3510fe1ea53a485125851fe24689_icedid
.exe windows:4 windows x86 arch:x86

e12a2cfa43de349435cc1fbb8b4efc85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASendTo
WSAAccept
WSARecvFrom
gethostbyname
WSASocketA
recv
__WSAFDIsSet
select
closesocket
sendto
htons
socket
ntohs
send
recvfrom
WSAGetLastError
getsockname
accept
listen
WSAConnect
connect
setsockopt
ntohl
inet_addr
htonl
inet_ntoa
WSAAddressToStringA
WSAStartup
bind

kernel32

TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FindResourceExA
GetCurrentDirectoryA
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileTime
LocalReAlloc
SetErrorMode
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
RaiseException
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
FileTimeToLocalFileTime
VirtualProtect
SetLastError
MulDiv
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalGetAtomNameA
GlobalDeleteAtom
lstrcmpW
lstrcpynA
GetModuleHandleA
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetComputerNameA
GlobalFree
CreateNamedPipeA
ConnectNamedPipe
FlushFileBuffers
DisconnectNamedPipe
CreateFileA
ResetEvent
FileTimeToSystemTime
MapViewOfFile
GetCurrentProcessId
DuplicateHandle
DeviceIoControl
UnmapViewOfFile
GetProcessHeap
HeapFree
OpenProcess
TerminateProcess
lstrcmpiA
GetPrivateProfileIntA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
SetEvent
CreateEventA
WaitForSingleObject
GetProcAddress
FindFirstFileA
FindNextFileA
FindClose
lstrlenA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
TerminateThread
CreateThread
WinExec
GetCurrentProcess
GetTickCount
GlobalFindAtomA
GlobalAddAtomA
WriteFile
ReadFile
lstrcpyA
lstrcatA
CreateMutexA
GetLastError
CloseHandle
Sleep
GetSystemTime
DeleteFileA
InterlockedDecrement
CopyFileA
WritePrivateProfileStringA
EnterCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetLocalTime
GetModuleFileNameA
GetPrivateProfileStringA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
WindowFromPoint
DestroyMenu
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
MapDialogRect
GetAsyncKeyState
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuStringA
SetMenuItemBitmaps
GetMenuState
EnableMenuItem
GetMenuCheckMarkDimensions
ShowWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
IsWindowVisible
GetMenu
AdjustWindowRectEx
EqualRect
UnregisterClassA
GetDlgCtrlID
CallWindowProcA
SetWindowPos
OffsetRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharUpperA
LoadBitmapA
UpdateWindow
MsgWaitForMultipleObjects
KillTimer
MessageBoxA
FillRect
DefWindowProcA
RegisterClassA
SetCapture
RedrawWindow
ReleaseDC
GetDC
InflateRect
LoadCursorA
CopyIcon
GetSysColor
SetWindowLongA
SetCursor
ReleaseCapture
MessageBeep
LoadIconA
SetForegroundWindow
IsIconic
GetSystemMenu
LoadMenuA
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CheckMenuItem
AppendMenuA
DrawIcon
ExitWindowsEx
SetWindowTextA
GetCursorPos
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
LoadImageA
wsprintfA
GetClassInfoA
FindWindowA
PostMessageA
SetTimer
InvalidateRect
PtInRect
LoadStringA
GetKeyState
MoveWindow
GetWindowRect
ScreenToClient
GetDlgItem
IsWindow
GetClientRect
EnableWindow
GetParent
GetWindow
SendMessageA
IntersectRect

gdi32

EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateHatchBrush
CreatePen
DeleteDC
ExtSelectClipRgn
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
QueryServiceStatus
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
CreateServiceA
DeleteService
ControlService
RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EnumServicesStatusA
QueryServiceConfigA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Duplicate

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CLSIDFromString
CoUninitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocString
VariantCopy
SafeArrayDestroy

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
HttpSendRequestA
InternetOpenUrlA
InternetGetLastResponseInfoA
GetUrlCacheEntryInfoA

wsock32

WSACleanup

iphlpapi

GetIfTable
SendARP

Sections

.text
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e12a2cfa43de349435cc1fbb8b4efc85

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

wsock32

iphlpapi

Sections

.text Size: 576KB - Virtual size: 574KB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 12KB - Virtual size: 234KB

.rsrc Size: 504KB - Virtual size: 504KB

.text
Size: 576KB - Virtual size: 574KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 12KB - Virtual size: 234KB

.rsrc
Size: 504KB - Virtual size: 504KB