2024-05-10_8109ba20cae1c2329c028e1f0658d21f_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-10_8109ba20cae1c2329c028e1f0658d21f_icedid
Size

3.2MB
MD5

8109ba20cae1c2329c028e1f0658d21f
SHA1

913b52e34dc42095f79cdd4f015635cd9d64532c
SHA256

7229deca77a018d0c46c4a5e233cedbd39bf8a2d5794b48468ab0e0d3b03dbc8
SHA512

f0824ce5455e0cc9faf2e5613680f4965eca2554aafc4565a700a9996013c0a5fa746f49191a0d530ead245daae44334fc4995490403c3a35719b6082f71e5e5
SSDEEP

49152:PYcMiEp6iEp6G8xmN3Aek03noj45wlDTBmUi6AjW/MUSdGRf3/B3:P5Op+pZeUJF3noxDmjxAZB3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-10_8109ba20cae1c2329c028e1f0658d21f_icedid

Files

2024-05-10_8109ba20cae1c2329c028e1f0658d21f_icedid
.exe windows:4 windows x86 arch:x86

f0da0faf15dcfa0e3c263855412fc86c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetNamedSecurityInfoW
RegSetValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
GetUserNameA

kernel32

GetShortPathNameA
GetDiskFreeSpaceA
GetWindowsDirectoryW
SetFileAttributesW
SetFileAttributesA
IsBadReadPtr
SetLastError
lstrcpyW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
GetComputerNameA
GetTempPathW
GetTempPathA
GetDriveTypeA
GetDriveTypeW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetStartupInfoA
lstrcpynW
GetModuleHandleW
GetModuleHandleA
GetFileAttributesW
LocalAlloc
LocalFree
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
CreateEventW
lstrlenW
GetVersionExA
CreateEventA
CreateThread
GlobalSize
WideCharToMultiByte
GetWindowsDirectoryA
GetFileAttributesA
LoadLibraryA
GetACP
MultiByteToWideChar
ResetEvent
DeviceIoControl
SetEvent
GetSystemInfo
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentProcessId
FreeLibrary
SetErrorMode
FindClose
GetLastError
GetSystemTime
CloseHandle
CopyFileExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
LeaveCriticalSection
SetThreadPriority
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
GetProcAddress
GetCurrentThreadId

wmvcore

WMCreateEditor
WMCreateReaderPriv

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
OleLoadFromStream
GetHGlobalFromStream
OleSaveToStream
StringFromGUID2

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantClear
SafeArrayUnaccessData
SysAllocStringByteLen
GetErrorInfo
VariantCopy
SysAllocStringLen
SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantInit
SafeArrayAccessData

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetFileInfoA

winmm

mmioOpenW
mmioOpenA
mmioRead
mmioAscend
mmioSeek
mmioDescend
mmioClose

wininet

RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryFileA

avifil32

AVIStreamLength
AVIStreamInfoW
AVIStreamInfoA
AVIFileInfoW
AVIFileInfoA
AVIFileExit
AVIFileRelease
AVIFileInit
AVIStreamRelease
AVIStreamSampleToTime
AVIStreamReadFormat
AVIFileGetStream
AVIFileOpenA
AVIFileOpenW

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
vswprintf
wcsspn
wcscspn
memcpy
strcpy
strcat
strlen
memset
memcmp
wcsncat
_wtol
iswalpha
_beginthreadex
memmove
towlower
_wcslwr
towupper
_wcsupr
_ui64tow
wcsncmp
_wcsnicmp
wcscmp
wcsrchr
_wcsicmp
strstr
wcscat
wcschr
wcsncpy
wcsstr
_wsplitpath
_wmakepath
wcslen
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
wcspbrk
_vsnwprintf
wcscoll
_wcsicoll
wcstol
_ltow

user32

wvsprintfW
SetWindowLongW
SetWindowLongA
FindWindowExW
SendMessageA
RegisterWindowMessageW
UnregisterClassW
UnregisterClassA
RegisterClassW
RegisterClassA
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
FindWindowExA
PostQuitMessage
GetCursor
SetCursor
RegisterWindowMessageA
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
LoadStringA
LoadStringW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0da0faf15dcfa0e3c263855412fc86c

Headers

File Characteristics

Imports

advapi32

kernel32

wmvcore

ole32

oleaut32

shell32

winmm

wininet

avifil32

msvcrt

user32

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 1KB