2024-05-10_98b0d6b373a28e0a60d031298d364126_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_98b0d6b373a28e0a60d031298d364126_icedid
Size

8.4MB
MD5

98b0d6b373a28e0a60d031298d364126
SHA1

ac8f5c1b328ca2c28ddeed10c5405d49fd2d6c5c
SHA256

9fc0948e76db5bf974d0e7c761f17d49640d6bc95e55163ffb337b3d4e8d54da
SHA512

f08282a5b98dadcaca652913ea6d63d6add30ccb4c4fa586558b3339da8882b754b9341ad3c309ed5ec53c35ecace876e057fce49eb1543f0878d0c33091da1e
SSDEEP

98304:4FTyCCaoxDVEhWBFLfQg6RjvfD527BWG:CuCCaoxM2fwfVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-10_98b0d6b373a28e0a60d031298d364126_icedid

Files

2024-05-10_98b0d6b373a28e0a60d031298d364126_icedid
.exe windows:4 windows x86 arch:x86

8f9108ceed336f60b864cf58e2860013

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\chunyung.RTDOMAIN\Documents\Visual Studio 2005\Projects\RtkNGui\release\RtkNGUI.pdb

Imports

winmm

timeGetTime
mmioRead
mmioClose
mmioWrite
mmioSetInfo
mmioAdvance
mmioGetInfo
mmioCreateChunk
mciSendStringW
mmioSeek
mmioAscend
mmioDescend
mmioOpenW

imm32

ImmDisableIME

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dsound

ord1
ord3
ord6

rpcrt4

UuidToStringW
RpcStringFreeW

bcrypt

BCryptEncrypt
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptOpenAlgorithmProvider

kernel32

GetPrivateProfileIntW
DeviceIoControl
DuplicateHandle
ResumeThread
HeapFree
GetProcessHeap
GetSystemDirectoryA
ResetEvent
DeleteFileW
GetTempPathW
GetSystemPowerStatus
HeapAlloc
ReleaseMutex
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
OpenMutexW
IsBadReadPtr
GetSystemInfo
RaiseException
lstrcmpA
GetVersionExA
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
SetThreadPriority
SuspendThread
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
GetCurrentProcessId
CompareFileTime
GetThreadLocale
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetFileTime
GetStartupInfoW
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
RtlUnwind
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
GetFileSize
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
SystemTimeToFileTime
WriteConsoleW
GetStdHandle
AllocConsole
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetThreadExecutionState
GetFileAttributesW
GetSystemTime
GetTimeZoneInformation
GetWindowsDirectoryW
WaitForMultipleObjects
GetExitCodeThread
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
WriteFile
CreateFileW
Sleep
LoadLibraryA
GetSystemDirectoryW
SearchPathW
FindResourceExW
GetUserDefaultUILanguage
MulDiv
FreeLibrary
TerminateThread
CreateThread
CreateEventW
GetVersion
FreeResource
GetCPInfo
lstrlenA
lstrcmpiW
GetVersionExW
GetTickCount
FormatMessageW
SetEvent
GetModuleHandleW
SetLastError
WideCharToMultiByte
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateProcessW
GetCurrentProcess
IsWow64Process
SetThreadUILanguage
GetCurrentThreadId
InterlockedExchange
MultiByteToWideChar
lstrcpynW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryW
LocalFree
LocalAlloc
CloseHandle
GetLastError
CreateMutexW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
LCMapStringA
GetPrivateProfileStringW

user32

BeginPaint
EndPaint
IsDialogMessageW
MoveWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetActiveWindow
GetMessageW
CharUpperW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
WindowFromPoint
DestroyMenu
UnregisterClassW
AdjustWindowRectEx
SetScrollInfo
DefWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuStringW
FindWindowW
UnregisterDeviceNotification
RegisterDeviceNotificationW
UnhookWindowsHookEx
GetMonitorInfoW
MonitorFromWindow
GetShellWindow
ExitWindowsEx
RegisterWindowMessageW
GetClassInfoW
SetMenuDefaultItem
SetWindowTextW
LoadIconW
IsWindow
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuItemCount
DeleteMenu
DrawEdge
GrayStringW
CreatePopupMenu
DrawTextExW
DestroyIcon
CreateMenu
DrawTextW
DrawIconEx
TabbedTextOutW
GetMenuItemID
LoadBitmapW
GetMenuState
GetMenuItemInfoW
MapWindowPoints
ClientToScreen
LoadImageW
GetClassLongW
TranslateAcceleratorW
GetSysColorBrush
GetScrollInfo
CallWindowProcW
GetCursorPos
KillTimer
SetTimer
SetWindowLongW
ValidateRect
GetDlgCtrlID
GetClassNameW
ScreenToClient
FillRect
AppendMenuW
SystemParametersInfoW
EqualRect
GetComboBoxInfo
SetCursor
LoadCursorW
IntersectRect
PtInRect
InflateRect
GetMessagePos
IsRectEmpty
ReleaseDC
GetDC
FrameRect
ReleaseCapture
SetCapture
SetRect
ShowWindow
GetWindowLongW
SetClassLongW
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
SetForegroundWindow
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
SetWindowRgn
GetWindowRgn
LockWindowUpdate
SetParent
GetAncestor
IsWindowVisible
CallNextHookEx
MessageBoxW
SetWindowsHookExW
GetDesktopWindow
GetForegroundWindow
UnionRect
ChildWindowFromPointEx
ShowScrollBar
SetScrollPos
SetScrollRange
OffsetRect
WindowFromDC
SetActiveWindow
CopyRect
GetSystemMetrics
GetWindow
RedrawWindow
GetParent
GetWindowRect
SetProcessDPIAware
PostMessageW
FindWindowExW
GetCaretPos
UpdateWindow
InvalidateRect
GetFocus
EnableWindow
GetSysColor
GetClientRect
SendMessageW
SetCaretPos
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
UnregisterClassA
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
GetScrollRange
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
DestroyCursor
GetMessageTime
GetScrollPos
GetMenu
CreateWindowExW
GetClassInfoExW
UpdateLayeredWindow
RegisterClassW
SetRectEmpty

gdi32

GetPixel
GetBkMode
GetDeviceCaps
PtVisible
SetPixel
RectVisible
TextOutW
PatBlt
Escape
Ellipse
SetBkMode
SetMapMode
LineTo
MoveToEx
SetTextAlign
CreatePen
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
CreateBitmap
DPtoLP
GetClipBox
GetCurrentObject
CreateFontW
EnumFontFamiliesExW
ExtTextOutW
CreateFontIndirectW
CreateSolidBrush
GetMapMode
RestoreDC
SaveDC
CreateCompatibleBitmap
SetDIBColorTable
CombineRgn
ExtCreateRegion
CreateDIBSection
GetObjectW
DeleteObject
CreateRectRgn
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt
GetTextExtentPoint32W
GetStockObject
SetBkColor

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetSpecialFolderPathW

comctl32

ord380
_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
SHStrDupW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
PropVariantClear
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
PropVariantCopy
FreePropVariantArray
CoInitializeSecurity
CoFreeUnusedLibrariesEx
CoInitialize
CLSIDFromString
StringFromGUID2

oleaut32

SysAllocString
VariantChangeType
SafeArrayCreate
VariantClear
VariantInit
SysFreeString

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageI
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipCreateBitmapFromHICON
GdipSetSmoothingMode
GdipDrawImageRect
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipFree
GdipBitmapLockBits
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFont
GdipGetFontUnit
GdipGetFontStyle
GdipGetFontSize
GdipGetLogFontW
GdipDeleteBrush
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipDrawImage
GdipMeasureString
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipDeleteFont
GdipDrawImageRectI

dwmapi

DwmExtendFrameIntoClientArea

wininet

InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
HttpOpenRequestW
InternetCloseHandle

Exports

Exports

?AsSysSvr_RegisterNotify@@3P6GHPAUHWND__@@PB_W@ZA
?AsSysSvr_UnregisterNotify@@3P6GHPAUHWND__@@PB_W@ZA

Sections

.text
Size: 1000KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f9108ceed336f60b864cf58e2860013

Headers

File Characteristics

PDB Paths

Imports

winmm

imm32

setupapi

version

dsound

rpcrt4

bcrypt

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

dwmapi

wininet

Exports

Exports

Sections

.text Size: 1000KB - Virtual size: 996KB

.rdata Size: 236KB - Virtual size: 233KB

.data Size: 76KB - Virtual size: 91KB

.rsrc Size: 7.1MB - Virtual size: 7.1MB

.text
Size: 1000KB - Virtual size: 996KB

.rdata
Size: 236KB - Virtual size: 233KB

.data
Size: 76KB - Virtual size: 91KB

.rsrc
Size: 7.1MB - Virtual size: 7.1MB