2024-04-30_4706c9274556d53b740be74d5e38b5c5_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-30_4706c9274556d53b740be74d5e38b5c5_icedid
Size

960KB
MD5

4706c9274556d53b740be74d5e38b5c5
SHA1

2eee42be18310228f2c7ede7e4a7a49be578bf18
SHA256

a24defe3849a4bb9826ea9bb3b67400dca8b0097c8cb4487c3b9848c932302ca
SHA512

7a658134c7ee0c599dc8836a8c9e8a6fc6e8804a1874d86429e5f09656f34b76d3b1a46a87fd336e396b3bc2a2ceb5fedeca7a05696f0dfbe38d59ddceb9b283
SSDEEP

24576:jnJeV6LGVjYUyPSDeUAwJQDjI6pyKMNa:jJeFkUyPSKULqTcKMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-30_4706c9274556d53b740be74d5e38b5c5_icedid

Files

2024-04-30_4706c9274556d53b740be74d5e38b5c5_icedid
.exe windows:4 windows x86 arch:x86

c70dfdaa5124ea9ea9a2764eb9f51fa9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\JSW2.1.0.18\sw\src\vista\apps\JSW2\jswscapi\ReleaseSvc\jswpsapi.pdb

Imports

jswscimd

CreateImdMain

jswscsup

CreateSupplicantMain

kernel32

HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
CreateThread
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapFree
HeapCreate
VirtualFree
QueryPerformanceCounter
DebugBreak
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FatalAppExitA
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CreateFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExW
DeleteFileW
MoveFileW
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
SetErrorMode
GetModuleHandleA
GetAtomNameW
GlobalGetAtomNameW
GetVersion
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
CompareStringW
GlobalFlags
lstrcmpW
lstrcmpA
SetThreadPriority
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
SetLastError
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GlobalLock
GlobalUnlock
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetTickCount
ResumeThread
SuspendThread
DuplicateHandle
RaiseException
GetCurrentThread
GetCurrentProcess
CloseHandle
LoadLibraryExW
FreeLibrary
GetLastError
GetModuleHandleW
GetCommandLineW
lstrcmpiW
GetVersionExW
GetComputerNameW
WaitForMultipleObjects
lstrlenA
Sleep
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
SetEvent
InitializeCriticalSection
GetCurrentThreadId
WaitForSingleObject
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
InterlockedIncrement
WideCharToMultiByte
InterlockedDecrement
lstrlenW
InterlockedCompareExchange
HeapDestroy

user32

SetCursor
PostQuitMessage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
DefWindowProcW
UnregisterClassA
ShowOwnedPopups
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnregisterClassW
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongW
IsWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetScrollPos
SetScrollPos
SetFocus
GetFocus
DeleteMenu
CharUpperW
DestroyIcon
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetDialogBaseUnits
OffsetRect
GetParent
GetDesktopWindow
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
CallNextHookEx
TranslateMessage
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowTextLengthW
GetWindowTextW
LoadStringW
GetMessageW
DispatchMessageW
MessageBoxW
PostThreadMessageW
CharNextW
DrawTextW
CallWindowProcW

gdi32

DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
PatBlt
GetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CombineRgn
SetRectRgn
ExtTextOutW
CreateRectRgnIndirect
CreateFontIndirectW
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
SetWorldTransform
ModifyWorldTransform
ScaleViewportExtEx
SetMapMode
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
GetDeviceCaps
CopyMetaFileW
CreateDCW
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
StartServiceCtrlDispatcherW
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenSCManagerW
OpenServiceW
CloseServiceHandle

shell32

ExtractIconW
SHGetFileInfoW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW

ole32

SetConvertStg
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
OleRegGetUserType
CoInitializeSecurity
WriteFmtUserTypeStg
CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance
CoTaskMemFree
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoCreateGuid
WriteClassStg
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
CoInitialize

oleaut32

VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
VariantCopy
SysAllocStringByteLen
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SysStringByteLen
VariantChangeType
SafeArrayRedim
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SysFreeString
SysAllocString
VarCmp
VariantCopyInd
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
VarBstrFromDate
VarUI4FromStr

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 720KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cstfxyu
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c70dfdaa5124ea9ea9a2764eb9f51fa9

Headers

File Characteristics

PDB Paths

Imports

jswscimd

jswscsup

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

version

Sections

.text Size: 720KB - Virtual size: 717KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 76KB - Virtual size: 76KB

cstfxyu Size: - Virtual size: 4KB

.text
Size: 720KB - Virtual size: 717KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 76KB - Virtual size: 76KB

cstfxyu
Size: - Virtual size: 4KB