2024-04-29_95c53196c77ded8d63588b8437260d35_icedid_vidar

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-29_95c53196c77ded8d63588b8437260d35_icedid_vidar
Size

3.1MB
MD5

95c53196c77ded8d63588b8437260d35
SHA1

9441d5d7259917d8c69c1875558d43183f52018e
SHA256

9495021ab5e3603a042cd5d2e9df018836f665a2fcc850a1848f80420d0b607e
SHA512

6d475d91069b13dfd3874773cd071b32b71085c504022736423dd817c788563482d1be7b831865bf87d9e58e7e1b9c7f59f76ac334203a9a2d96325be8300952
SSDEEP

49152:s/m8Xs393VLjzY393VLjzvHHHTLzzys2wIxezCxaxGIt1kSt09fXpRJqwlboTESu:s/m8zUxezrxGItKSsfXHJqzEShcL0JE

Score

10^/10

Malware Config

Signatures

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-29_95c53196c77ded8d63588b8437260d35_icedid_vidar

Files

2024-04-29_95c53196c77ded8d63588b8437260d35_icedid_vidar
.exe windows:5 windows x86 arch:x86

6e003f4c5d4a61eba0e38a249fb5f1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Program Files\Microsoft Visual Studio\passcape\Opera\Release\opr.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

query

LoadIFilter

kernel32

CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
WaitForMultipleObjects
GetStringTypeExA
GetThreadLocale
DuplicateHandle
GetShortPathNameA
GetFileAttributesExA
LocalFileTimeToFileTime
GetFileSizeEx
GetModuleHandleW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetAtomNameA
GlobalFlags
GetCPInfo
GetOEMCP
GetSystemDirectoryW
RtlUnwind
UnhandledExceptionFilter
ExitProcess
SuspendThread
ExitThread
CreateThread
IsDebuggerPresent
RaiseException
VirtualProtect
VirtualAlloc
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetStartupInfoA
SetEnvironmentVariableA
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FatalAppExitA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStringTypeA
GetStringTypeW
VirtualFree
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
ResumeThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedExchange
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleFileNameW
GlobalSize
SetVolumeLabelA
GetDiskFreeSpaceExA
SetErrorMode
InterlockedCompareExchange
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileW
FlushFileBuffers
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetTempPathW
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
LoadLibraryW
LockFile
LockFileEx
QueryPerformanceCounter
SystemTimeToFileTime
UnlockFile
UnlockFileEx
OutputDebugStringW
GetUserDefaultLCID
ReadFile
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingA
MapViewOfFile
GetTempFileNameA
VirtualQueryEx
HeapAlloc
HeapFree
GetEnvironmentVariableW
CompareStringW
lstrcatW
SetFilePointer
GetLongPathNameA
GetPrivateProfileSectionA
GetProcessHeap
VirtualQuery
GlobalMemoryStatus
GetSystemInfo
GetLocaleInfoA
IsBadReadPtr
SetUnhandledExceptionFilter
TerminateProcess
WriteFile
GetTimeZoneInformation
ResetEvent
GetFileTime
GetSystemTime
GetDateFormatA
GetTimeFormatA
SetFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
FreeResource
DeviceIoControl
GetTempPathA
GetDriveTypeA
SetCurrentDirectoryA
RemoveDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
lstrcmpA
GetCurrentProcessId
GetComputerNameA
GetCurrentThread
lstrcpyW
ReadProcessMemory
WriteProcessMemory
MulDiv
GetVolumeInformationA
ExpandEnvironmentStringsA
CreateFileA
GetFileSize
OutputDebugStringA
GetVersionExA
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileStringA
GetLocalTime
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CompareFileTime
GetCommandLineA
FileTimeToSystemTime
WritePrivateProfileStringA
GetPrivateProfileIntA
FindResourceA
LoadResource
LockResource
SizeofResource
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
GetTickCount
SetEvent
Sleep
SetThreadPriority
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CompareStringA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
DebugBreak
SetLastError
LoadLibraryExA
lstrcatA
OpenProcess
CloseHandle
GetCurrentProcess
lstrlenW
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LoadLibraryA
FormatMessageA
FreeLibrary
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
SetConsoleCtrlHandler

user32

IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
SetWindowPos
EndPaint
BeginPaint
GetLastActivePopup
IsWindowEnabled
GetWindowTextLengthA
GetScrollPos
SetScrollPos
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
InsertMenuA
RemoveMenu
CharLowerW
wsprintfW
GetActiveWindow
DialogBoxParamA
SetDlgItemTextA
SetWindowTextA
EndDialog
SetFocus
GetDlgCtrlID
LoadStringA
MoveWindow
IsChild
ChildWindowFromPointEx
MsgWaitForMultipleObjects
GetIconInfo
CreateIconIndirect
ReleaseCapture
CreateIconFromResource
SetCapture
GetCapture
FrameRect
EqualRect
UnionRect
SetRectEmpty
IsRectEmpty
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowLongA
SetWindowLongA
LockWindowUpdate
ScreenToClient
GetClipboardData
OemToCharBuffA
GetFocus
PostQuitMessage
SetRect
PtInRect
GetWindowDC
GetDC
ReleaseDC
CharLowerA
PeekMessageA
TranslateMessage
DispatchMessageA
DrawFocusRect
DrawFrameControl
DrawStateA
DrawIconEx
SystemParametersInfoA
GetSubMenu
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
DrawEdge
InflateRect
CopyRect
IsWindow
SetCursor
GetParent
KillTimer
SetTimer
FillRect
OffsetRect
IsCharLowerA
MapVirtualKeyA
GetKeyNameTextA
GetKeyboardLayoutList
MapVirtualKeyExW
ToUnicodeEx
MapVirtualKeyExA
ToAsciiEx
VkKeyScanExW
GetKeyboardLayout
VkKeyScanExA
LoadAcceleratorsA
TranslateAcceleratorA
GetClassNameA
GetWindowTextA
GetKeyState
CharLowerBuffA
CharUpperBuffA
RegisterWindowMessageA
GetQueueStatus
GetSysColor
GetCursorPos
DestroyIcon
ShowWindow
ScrollWindowEx
DestroyMenu
ValidateRect
GetMessageA
ShowOwnedPopups
GetSysColorBrush
UnregisterClassA
GetDialogBaseUnits
DeleteMenu
BringWindowToTop
InsertMenuItemA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetParent
GetDCEx
WindowFromPoint
LoadImageA
CreatePopupMenu
IsWindowVisible
OemToCharA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetSystemMetrics
SetForegroundWindow
GetWindow
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
MessageBeep
MessageBoxA
GetWindowThreadProcessId
IsCharAlphaNumericA
CharUpperA
wsprintfA
InvalidateRgn
InvalidateRect
UpdateWindow
PostMessageA
GetDlgItem
LoadBitmapA
LoadCursorA
EnableWindow
LoadIconA
SendMessageA
RedrawWindow
ClientToScreen

gdi32

SetRectRgn
GetCharWidthA
Escape
RectVisible
PtVisible
ExtTextOutA
CreateRectRgnIndirect
GetDCOrgEx
CreateHatchBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetPixel
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
Polygon
SetGraphicsMode
GetNearestColor
GetCurrentObject
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetObjectA
CombineRgn
CreateFontIndirectA
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateRectRgn
SelectPalette
RealizePalette
StretchDIBits
GetTextMetricsA
SetAbortProc
StartDocA
StartPage
TextOutA
EndPage
EndDoc
DeleteDC
CreateDIBSection
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
GetTextExtentPoint32A
SelectObject
PatBlt
GetTextColor
CreateBitmap
CreateFontA
CreateDIBitmap
GetViewportOrgEx
SetViewportOrgEx
GetStockObject
CreateSolidBrush
BitBlt
Ellipse

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegSetValueA
GetUserNameW
CryptExportKey
CryptDecrypt
CryptDeriveKey
CryptSetHashParam
CryptDestroyKey
CryptEnumProvidersA
CryptAcquireContextA
CryptReleaseContext
CryptGetKeyParam
CryptSetKeyParam
CryptGetProvParam
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegDeleteKeyA
RegEnumValueA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegFlushKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegConnectRegistryA
GetFileSecurityA
SetFileSecurityA
RegCreateKeyExA
RegSaveKeyA
GetSecurityDescriptorDacl
DeleteAce
GetSecurityDescriptorOwner
RegSetKeySecurity
RegOpenKeyExA
RegGetKeySecurity
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
LookupAccountNameA
GetLengthSid
CopySid
LookupAccountSidW
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
RegQueryValueA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHFileOperationA
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
ShellExecuteA

shlwapi

PathMatchSpecA
StrRetToStrA
PathRemoveFileSpecW
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA

ole32

CLSIDFromString
CoDisconnectObject
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoInitializeEx
PropVariantClear
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
OleDuplicateData
StringFromGUID2

oleaut32

SysAllocStringLen
VarBstrFromDec
VarBstrFromCy
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysFreeString
VarDateFromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantChangeType
VariantInit
VarDecFromStr
VarCyFromStr
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

socket
getservbyname
htons
connect
gethostbyname
recv
WSAStartup
WSAGetLastError
WSACleanup
inet_ntoa
gethostname
send

wininet

HttpOpenRequestA
InternetOpenUrlA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetCloseHandle
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetErrorDlg
HttpEndRequestA
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetAutodial
InternetCrackUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e003f4c5d4a61eba0e38a249fb5f1f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

query

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 434KB - Virtual size: 434KB

.data Size: 28KB - Virtual size: 131KB

.rsrc Size: 675KB - Virtual size: 674KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 434KB - Virtual size: 434KB

.data
Size: 28KB - Virtual size: 131KB

.rsrc
Size: 675KB - Virtual size: 674KB