2024-05-07_62b2f0e893869d3751addbaec62532cb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_62b2f0e893869d3751addbaec62532cb_icedid
Size

280KB
MD5

62b2f0e893869d3751addbaec62532cb
SHA1

cf95c7eea240badca22dcb7ea37917800f3a162a
SHA256

eda98c23a428d05f9940a07a86ebf7da45a958fe445f578f302871a8808c4266
SHA512

57a17a3baa01800ea9b4cef69f4a963ca80b72c8c466278cf3f499eee8098d3b2d65c73115af4bd36422b51cc5d8d9d34c22924c8399cc0b7a2fce98536b5127
SSDEEP

6144:ma8ROMF+zcNKbDKwqxxrRq8Sy/i9Hq2uQYshsnY:ma8ROMcmSDKLxJo8SysHmsh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-07_62b2f0e893869d3751addbaec62532cb_icedid

Files

2024-05-07_62b2f0e893869d3751addbaec62532cb_icedid
.exe windows:4 windows x86 arch:x86

46af82af152271483b408bcc6e4b771e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Project\2004\SportsToToOnline\Betman\Sources\Release 프로젝트\Pin조회 Demon\Release\WebServer.pdb

Imports

ws2_32

WSASend
WSARecv
WSAAccept
WSAEnumNetworkEvents
WSACloseEvent
WSAEventSelect
WSACreateEvent
listen
bind
WSAGetLastError
WSASocketA
WSAStartup
htons
WSACleanup
closesocket
WSAWaitForMultipleEvents

kernel32

CreateFileA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
SetErrorMode
GetTickCount
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetFullPathNameA
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
RtlUnwind
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
RaiseException
FileTimeToSystemTime
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
InterlockedDecrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
FreeResource
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
GetVersion
CompareStringA
lstrcmpiA
MultiByteToWideChar
CompareStringW
lstrlenA
LocalFree
FormatMessageA
GetCurrentDirectoryA
GetCurrentThreadId
DeleteCriticalSection
Sleep
GetLastError
TerminateThread
WaitForMultipleObjects
SetEvent
CloseHandle
WaitForSingleObject
ResetEvent
CreateEventA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualProtect

user32

CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
WaitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextA
TabbedTextOutA
DestroyMenu
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
ReleaseCapture
SetCapture
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
EnableWindow
SendMessageA
KillTimer
LoadCursorA
GetSysColorBrush
SetCursor
IsChild
GetMessageA
SetTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
LoadIconA
DrawTextExA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetViewportExtEx
SetViewportExtEx
GetBkColor
GetTextColor
GetRgnBox
DeleteObject
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SaveDC
ExtTextOutA
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
GetMapMode
GetDeviceCaps
SetMapMode
RestoreDC
GetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString

wsock32

socket
select
gethostbyname
htonl
ioctlsocket
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
accept

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46af82af152271483b408bcc6e4b771e

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 214KB - Virtual size: 213KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 214KB - Virtual size: 213KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 7KB - Virtual size: 7KB