2024-05-07_d602817da43214ed73616fb98d4509db_hello_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-07_d602817da43214ed73616fb98d4509db_hello_icedid
Size

948KB
MD5

d602817da43214ed73616fb98d4509db
SHA1

d44bd8dbec38b4061e28ee7eb50a674d4def06ae
SHA256

b29b9da16e51fcc48ad7879562e874d08677d885f4a37f85d6fa08e96cabd4de
SHA512

26ae5279095fd88956c18cfbad2c299381e71876cc782407ee31116cc27b08e7ce8916e2fdbb30ecd8beaa98c06584b196430760d8c366c54cded4d8d87761ff
SSDEEP

24576:MrGMv184Kx+Kg6AGUeuq1CfRtdf8TlhVZb1:M8Ueu9J8jVv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-07_d602817da43214ed73616fb98d4509db_hello_icedid

Files

2024-05-07_d602817da43214ed73616fb98d4509db_hello_icedid
.exe windows:4 windows x86 arch:x86

e2a2bac770ef6e1e507499cda129a542

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
getservbyname
htons
gethostbyaddr
WSAGetLastError
htonl
inet_addr
WSASetLastError
ntohs
getservbyport
socket
bind
closesocket
WSACleanup
WSAStartup
gethostname
gethostbyname
recv
send
accept
getsockopt
setsockopt
WSAAsyncSelect
shutdown
connect
listen

ucbiobsp

UCBioAPI_Terminate
UCBioAPI_TerminateFastSearchEngine
UCBioAPI_ClearFastSearchDB
UCBioAPI_AddFIRToFastSearchDB
UCBioAPI_RemoveUserFromFastSearchDB
UCBioAPI_FIRToTemplate
UCBioAPI_SetTemplateFormat
UCBioAPI_Init
UCBioAPI_FreeTextFIR
UCBioAPI_GetTextFIRFromHandle
UCBioAPI_ImportDataToFIR
UCBioAPI_FreeExportData
UCBioAPI_GetFpCountFromFastSearchDB
UCBioAPI_IdentifyFIRFromFastSearchDB
UCBioAPI_TemplateToFIR
UCBioAPI_VerifyMatch
UCBioAPI_InitFastSearchEngine
UCBioAPI_FreeFIRHandle

wsengine

WSEAPI_ServerStop
WSEAPI_SendData
WSEAPI_CloseSocket
WSEAPI_ServerStart

kernel32

ResumeThread
SuspendThread
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
SetLastError
MulDiv
GlobalUnlock
LocalFree
WritePrivateProfileStringA
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrlenW
lstrcpynA
GlobalReAlloc
DuplicateHandle
GetCurrentProcess
SetFilePointer
FlushFileBuffers
GlobalLock
UnlockFile
SetEndOfFile
MoveFileA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetCurrentDirectoryA
GetProcessVersion
GetCPInfo
GetOEMCP
GlobalSize
CopyFileA
GetFileAttributesA
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetErrorMode
SizeofResource
RtlUnwind
HeapReAlloc
CreateThread
ExitThread
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetACP
SetStdHandle
GetFileType
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetLocaleInfoW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
_lcreat
_lwrite
_lopen
_lread
_lclose
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
WriteFile
ReadFile
CreateFileA
GetFileSize
GetProcessHeap
HeapAlloc
HeapFree
SetFileAttributesA
GetThreadPriority
SetThreadPriority
TerminateThread
DeleteFileA
OpenFile
FormatMessageA
GetModuleFileNameA
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringA
GetVersionExA
FreeLibrary
CloseHandle
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetLocalTime
GetTickCount
WaitForSingleObject
ResetEvent
SetEvent
CreateMutexA
GetLastError
ReleaseMutex
CreateDirectoryA
GetPrivateProfileIntA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalUnlock
LocalLock
MoveFileExA
InterlockedExchange
LockFile

user32

CreateDialogIndirectParamA
EndDialog
GetDialogBaseUnits
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
BringWindowToTop
InvalidateRect
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
DestroyMenu
ShowWindow
GetDesktopWindow
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
UnregisterClassA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
DestroyIcon
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
PostThreadMessageA
RegisterClipboardFormatA
InflateRect
wvsprintfA
RemoveMenu
AppendMenuA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
ShowOwnedPopups
PostQuitMessage
GetActiveWindow
MessageBoxA
EnableWindow
wsprintfA
TranslateMessage
PeekMessageA
DispatchMessageA
KillTimer
SetTimer
PostMessageA
SendMessageA
DefWindowProcA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
LoadStringA
GetSysColorBrush
GetMenuStringA
DeleteMenu
InsertMenuA
PtInRect
GetClassNameA
WindowFromPoint
GetWindowThreadProcessId
SetCapture
LoadCursorA
WaitMessage
CharUpperA
MoveWindow
GetMenu
SetWindowTextA
UnhookWindowsHookEx
BeginPaint

gdi32

SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
ScaleViewportExtEx
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
CreateFontIndirectA
GetTextExtentPoint32A
GetTextMetricsA
CreateDCA
CopyMetaFileA
LPtoDP
DPtoLP
GetBkColor
GetTextColor
Escape
ExtTextOutA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetMapMode
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PolylineTo
CreateBitmap
TextOutA
RectVisible
PtVisible
CreateDIBPatternBrushPt
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
PatBlt

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegEnumKeyA
RegQueryValueA
RegSetValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegSetValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ChangeServiceConfigA
CreateServiceA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegCreateKeyA

shell32

DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA
DragAcceptFiles

comctl32

ord17

oledlg

ord8

ole32

CreateStreamOnHGlobal
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard

olepro32

ord253

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysStringByteLen
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SysStringLen
SysReAllocStringLen
LoadTypeLi
VarCyFromStr
SysFreeString
SysAllocStringLen

odbc32

ord16
ord1
ord7
ord2
ord57
ord9
ord14
ord15
ord72
ord4
ord49
ord20
ord17
ord59
ord8
ord44
ord46
ord68
ord41
ord50
ord45
ord51
ord18
ord61
ord5
ord13
ord11
ord3
ord12
ord19
ord10
ord43
ord29
ord39
ord48
ord23

wininet

InternetConnectA
InternetCloseHandle
InternetAttemptConnect
InternetOpenA
HttpSendRequestA
InternetSetCookieA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetSetStatusCallback
FtpOpenFileA
InternetReadFile
HttpQueryInfoA

ws2_32

recvfrom
ioctlsocket
getpeername
getsockname
sendto

Sections

.text
Size: 748KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2a2bac770ef6e1e507499cda129a542

Headers

File Characteristics

Imports

wsock32

ucbiobsp

wsengine

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

odbc32

wininet

ws2_32

Sections

.text Size: 748KB - Virtual size: 744KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 84KB - Virtual size: 155KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 748KB - Virtual size: 744KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 84KB - Virtual size: 155KB

.rsrc
Size: 12KB - Virtual size: 9KB