2024-05-11_62c805cfe408b8d824403a64a2165c29_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-11_62c805cfe408b8d824403a64a2165c29_icedid
Size

296KB
MD5

62c805cfe408b8d824403a64a2165c29
SHA1

aaefa99998cf56eaa21da711676a1d2c93dd5ae9
SHA256

00f391b91d7c10fd42c3e4c4a15fd0e1907a7384be4376fe23e870e4c586c407
SHA512

9efe46456aa3ef1830a84245f3718ce307c18d24c16ddeabbbc6af8788da3a5012b9a58b5bab667c1d8b56436b9ef41355202430b5ba45352a2c0a7570929465
SSDEEP

3072:+sjD5OFdZFGuHA+T6Zbnwaxb12M0/58aM9i1f3ZBgBll/dl2BUWo4ZUiRv5D:/jsFGqTwnT9kLmah1fQV2BUEFR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-11_62c805cfe408b8d824403a64a2165c29_icedid

Files

2024-05-11_62c805cfe408b8d824403a64a2165c29_icedid
.exe windows:4 windows x86 arch:x86

691fa862858db2b475e1d5fd41d6f972

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avdtool

?BuildTmp@CTools@@QAE_NPAD0@Z
?Exec@CTools@@QAE_NPAD00@Z
?Link@CHtml@@QAEXPAD0@Z
?Menu@CHtml@@QAEXXZ
?FileExist@CTools@@QAE_NPAD_N@Z
?GetAppPath@CTools@@QAE_NPAD@Z
?GetModulVersion@CTools@@QAE_NPAD0@Z
?Out@CHtml@@QAEXPADH@Z
?Add@CArc@@QAE_NPAD0@Z
?UnloadResult@CTools@@QAEXPAD@Z
?LoadResult@CTools@@QAEPADPADPAJ@Z
?CheckDns@CTools@@QAE_NPAD00@Z
?CheckPing@CTools@@QAE_NPAD@Z
??0CTools@@QAE@XZ
?DirExist@CTools@@QAE_NPAD@Z
?WriteEvent@CTools@@QAEXPADH0@Z
?IsAdmin@CTools@@QAE_NXZ
?DisableSec@CTools@@QAEXXZ
?Spawn@CTools@@QAE_NPAD@Z
?FindProduct@CTools@@QAE_NPAD@Z
?GetReg@CTools@@QAE_NPAD00_N@Z
?StrTrunc@CTools@@QAEXPAD@Z
?StrLast@CTools@@QAEPADPADH@Z
??1CHtml@@QAE@XZ
?EndClip@CHtml@@QAEXXZ
?File@CHtml@@QAE_NPAD_N@Z
?Filter@CHtml@@QAEX_N@Z
?GetFileInfo@CTools@@QAE_NPAD0@Z
?StartClip@CHtml@@QAEXXZ
?Sec@CHtml@@QAEXPAD@Z
?SetToggle@CHtml@@QAEXPAD@Z
??1CArc@@QAE@XZ
?Close@CArc@@QAE_NXZ
?FileTime@CTools@@QAEJPADH@Z
?Copy@CArc@@QAE_NPAD00@Z
?Open@CArc@@QAE_NPAD_N@Z
??0CArc@@QAE@XZ
??0CHtml@@QAE@XZ
?LinkTop@CHtml@@QAEXXZ
?Open@CHtml@@QAE_NPAD00H@Z
?Close@CHtml@@QAEXXZ
?Line@CHtml@@QAEXXZ
?Title@CHtml@@QAEXPAD@Z
?SetStyle@CHtml@@QAEXH@Z
?SetLimit@CHtml@@QAEXH@Z
?SetFeature@CHtml@@QAEXH@Z
?StartBox@CHtml@@QAEXXZ
?Col@CHtml@@QAEXHPAD@Z
?SetError@CHtml@@QAEXXZ
?EndBox@CHtml@@QAEXXZ
?Raw@CHtml@@QAEXPADH@Z

avdapp

?GetName@CAvidDev@@QAE_NHPAD@Z
?GetNext@CAvidApp@@QAEHH@Z
?GetInfo@CAvidApp@@QAE_NHPAD0@Z
?IsInstalled@CAvidApp@@QAE_NH@Z
?GetMax@CAvidDev@@QAEHXZ
?GetCfgNext@CAvidApp@@QAEHHHPAD@Z
?GetCfgFirst@CAvidApp@@QAEHHPAD@Z
?GetNum@CAvidApp@@QAEHXZ
?GetCmdFile@CAvidApp@@QAE_NHJPAD@Z
?GetCmdFlag@CAvidApp@@QAEHHJ@Z
?Check@CAvidDev@@QAE_NH@Z
?Set@CAvidDev@@QAE_NPAD000@Z
?GetCmdNum@CAvidApp@@QAEHH@Z
?GetFirst@CAvidApp@@QAEHXZ
??1CAvidDev@@QAE@XZ
??1CAvidApp@@QAE@XZ
??0CAvidDev@@QAE@XZ
??0CAvidApp@@QAE@XZ
?LoadDisabled@CAvidApp@@QAEXXZ
?SetInfo@CAvidDev@@QAEXPAUdefDEVINFO@@@Z
?Get@CAvidDev@@QAE_NHPAD@Z
?GetStatus@CAvidDev@@QAEHHPAH@Z
?GetCmd@CAvidDev@@QAE_NHHPAD0@Z
?Init@CAvidApp@@QAE_NHH@Z
?FindCmdFirst@CAvidApp@@QAEJH@Z
?FindCmdNext@CAvidApp@@QAEJHJ@Z
?GetTag@CAvidApp@@QAE_NPADPAJ@Z
?GetTagEntry@CAvidApp@@QAE_NHPAUdefTAG@@@Z
?IsSpecialTag@CAvidApp@@QAE_NPAUdefTAG@@@Z
?SpecialTagFirst@CAvidApp@@QAE_NPAUdefTAG@@PAUdefRESTAG@@@Z
?SpecialTagNext@CAvidApp@@QAE_NPAUdefRESTAG@@@Z
?SpecialTagClose@CAvidApp@@QAEXXZ
?Exec@CAvidApp@@QAE_NHJPAHPAD1@Z
?AddToTag@CAvidApp@@QAE_NPAD_N@Z

kernel32

LoadResource
FindResourceA
LocalFree
lstrcpynA
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GlobalFree
SetLastError
LoadLibraryA
EnumResourceLanguagesA
ConvertDefaultLocale
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GlobalDeleteAtom
FreeLibrary
GetCurrentThreadId
GetCurrentThread
CloseHandle
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
GlobalAddAtomA
FreeResource
FileTimeToSystemTime
InterlockedDecrement
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
LockResource
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
WritePrivateProfileStringA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
FindClose
FindFirstFileA
CreateFileA
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
FindNextFileA
GetStartupInfoA
HeapReAlloc
TerminateProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
SizeofResource
GetShortPathNameA
GetCommandLineA
InterlockedExchange
lstrcmpA
GetEnvironmentVariableA
GetTempPathA
CompareStringW
CompareStringA
GetLongPathNameA
lstrcatA
Sleep
DeleteFileA
CopyFileA
lstrcpyA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GlobalHandle

user32

GetClassInfoA
AdjustWindowRectEx
GetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
wsprintfA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
GetSysColorBrush
DestroyMenu
RegisterClassA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
PostMessageA
SetMenuItemBitmaps
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadCursorA
SystemParametersInfoA
GetFocus
PeekMessageA
PostQuitMessage
IsWindow
SetForegroundWindow
IsWindowVisible
ReleaseDC
GetDC
SetRect
GetSysColor
SetCursor
RedrawWindow
InvalidateRect
UpdateWindow
MessageBeep
LoadImageA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
GetWindowRect
IsIconic
SendMessageA
DrawIcon
MessageBoxA
CloseWindow
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
GetWindowPlacement
CopyRect
PtInRect
GetWindow
UnhookWindowsHookEx

gdi32

SetBkColor
SaveDC
SetMapMode
SetBkMode
RestoreDC
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
GetTextExtentPoint32A
PatBlt
GetStockObject
GetObjectA
DeleteObject
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateFontIndirectA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

691fa862858db2b475e1d5fd41d6f972

Headers

File Characteristics

Imports

avdtool

avdapp

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 26KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 26KB

.rsrc
Size: 96KB - Virtual size: 95KB