2024-05-14_86dd75b36d0bfd95a2211907e8374908_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_86dd75b36d0bfd95a2211907e8374908_icedid
Size

3.9MB
MD5

86dd75b36d0bfd95a2211907e8374908
SHA1

794c7af172e50548f682a045a77577cb1ba03ac5
SHA256

5f21cfe6743a2b6d608ae5848ca9645da68a64a8582deceda6ea14e65e377ef9
SHA512

86827fb41105e527c89aff97e63147f64677f5c098f7014120ac261694e455bb9e2fbf4d634c98685f69f0803dc6a923db33d7bfcfceb9a4846611e7e7654047
SSDEEP

49152:uqbtQHP0wQevYC3cFc0QoqdLOg7IWM+ZUL5Xxy6c8mSaV1RTWeW+XOcOmcJHI7zb:uqebRcatyWMkUL5XdY/hOmcJwr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-14_86dd75b36d0bfd95a2211907e8374908_icedid

Files

2024-05-14_86dd75b36d0bfd95a2211907e8374908_icedid
.exe windows:5 windows x86 arch:x86

91be58fc16d22ad11520916ecdd46e2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

officepassworddecrypt

?GetEncryptData@@YAXAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_NPAE22@Z
?Decrypt@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAE_N@Z
?IsEncryption@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?IsInit@@YA_NAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z

libpff

libpff_file_get_message_store
libpff_file_free
libpff_error_free
libpff_file_open_wide
libpff_file_initialize
libpff_item_get_entry_value_32bit
libpff_file_set_ascii_codepage
libpff_file_close

officepasswordcrack

?SetMinPasswordLen@COfficePasswordCrack@@UAE_NH@Z
?SetMaxPasswordLen@COfficePasswordCrack@@UAE_NH@Z
?StopCrack@COfficePasswordCrack@@UAEXXZ
?SetPrefix@COfficePasswordCrack@@UAEXPA_W@Z
?SetSuffix@COfficePasswordCrack@@UAEXPA_W@Z
?SetDictionaryFileName@COfficePasswordCrack@@UAEXPA_W@Z
?GetDictionaryFileName@COfficePasswordCrack@@UAEXQA_W@Z
?SetCustomCharacter@COfficePasswordCrack@@UAEXPA_W@Z
?GetCurPW@COfficePasswordCrack@@UAEXQA_W@Z
?SetRunSaveFile@COfficePasswordCrack@@UAEX_N@Z
?IsSaveCrackPro@COfficePasswordCrack@@UAE_NXZ
?GetSaveCrackProFileName@COfficePasswordCrack@@UAEXQA_W@Z
?GetFileInSave@COfficePasswordCrack@@UAEXQA_W@Z
?ContinueCrack@COfficePasswordCrack@@UAEXXZ
?PauseCrack@COfficePasswordCrack@@UAEXXZ
?StartCrack@COfficePasswordCrack@@UAEXXZ
?SetUserGPU@COfficePasswordCrack@@UAEX_N@Z
?GetGpuSpeed@COfficePasswordCrack@@UAEJXZ
?GetSpeed@COfficePasswordCrack@@UAEJXZ
?SetCallback@COfficePasswordCrack@@UAEXPAVIResultCallback@@@Z
?GetCrackState@COfficePasswordCrack@@UAE?AW4tagOfficeCrackState@@XZ
?SetFileName@COfficePasswordCrack@@UAE_NPA_W@Z
??1COfficePasswordCrack@@UAE@XZ
??0COfficePasswordCrack@@QAE@XZ
?SetChar@COfficePasswordCrack@@UAEXPA_W@Z

office07passwordcrack

?SetMinPasswordLen@COffice07PasswordCrack@@UAE_NH@Z
?SetMaxPasswordLen@COffice07PasswordCrack@@UAE_NH@Z
?SetChar@COffice07PasswordCrack@@UAEXPA_W@Z
?StopCrack@COffice07PasswordCrack@@UAEXXZ
?SetSuffix@COffice07PasswordCrack@@UAEXPA_W@Z
?SetCustomCharacter@COffice07PasswordCrack@@UAEXPA_W@Z
?SetDictionaryFileName@COffice07PasswordCrack@@UAEXPA_W@Z
?GetDictionaryFileName@COffice07PasswordCrack@@UAEXQA_W@Z
?SetRunSaveFile@COffice07PasswordCrack@@UAEX_N@Z
?GetCurPW@COffice07PasswordCrack@@UAEXQA_W@Z
?IsSaveCrackPro@COffice07PasswordCrack@@UAE_NXZ
?GetSaveCrackProFileName@COffice07PasswordCrack@@UAEXQA_W@Z
?GetFileInSave@COffice07PasswordCrack@@UAEXQA_W@Z
??0COffice07PasswordCrack@@QAE@XZ
??1COffice07PasswordCrack@@UAE@XZ
?SetFileName@COffice07PasswordCrack@@UAE_NPA_W@Z
?GetCrackState@COffice07PasswordCrack@@UAE?AW4tagOfficeCrackState@@XZ
?SetCallback@COffice07PasswordCrack@@UAEXPAVIResultCallback@@@Z
?GetSpeed@COffice07PasswordCrack@@UAEJXZ
?GetGpuSpeed@COffice07PasswordCrack@@UAEJXZ
?SetUserGPU@COffice07PasswordCrack@@UAEX_N@Z
?StartCrack@COffice07PasswordCrack@@UAEXXZ
?PauseCrack@COffice07PasswordCrack@@UAEXXZ
?ContinueCrack@COffice07PasswordCrack@@UAEXXZ
?SetPrefix@COffice07PasswordCrack@@UAEXPA_W@Z

rardecryption

??1CRarDecryption@@UAE@XZ
?SetFileName@CRarDecryption@@UAE_NPA_W@Z
?GetCrackState@CRarDecryption@@UAE?AW4tagOfficeCrackState@@XZ
?SetCallback@CRarDecryption@@UAEXPAVIResultCallback@@@Z
?GetSpeed@CRarDecryption@@UAEJXZ
?GetGpuSpeed@CRarDecryption@@UAEJXZ
?SetUserGPU@CRarDecryption@@UAEX_N@Z
?StartCrack@CRarDecryption@@UAEXXZ
?PauseCrack@CRarDecryption@@UAEXXZ
?ContinueCrack@CRarDecryption@@UAEXXZ
?StopCrack@CRarDecryption@@UAEXXZ
?SetMinPasswordLen@CRarDecryption@@UAE_NH@Z
?SetMaxPasswordLen@CRarDecryption@@UAE_NH@Z
?SetChar@CRarDecryption@@UAEXPA_W@Z
?SetPrefix@CRarDecryption@@UAEXPA_W@Z
?SetSuffix@CRarDecryption@@UAEXPA_W@Z
?SetDictionaryFileName@CRarDecryption@@UAEXPA_W@Z
?GetDictionaryFileName@CRarDecryption@@UAEXQA_W@Z
?SetCustomCharacter@CRarDecryption@@UAEXPA_W@Z
?GetCurPW@CRarDecryption@@UAEXQA_W@Z
?SetRunSaveFile@CRarDecryption@@UAEX_N@Z
?IsSaveCrackPro@CRarDecryption@@UAE_NXZ
?GetSaveCrackProFileName@CRarDecryption@@UAEXQA_W@Z
?GetFileInSave@CRarDecryption@@UAEXQA_W@Z
??0CRarDecryption@@QAE@XZ

kernel32

TerminateThread
Sleep
SetThreadPriority
SuspendThread
ResumeThread
DeleteFileA
CreateThread
HeapFree
GetProcessHeap
GetExitCodeProcess
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
DeviceIoControl
FormatMessageW
LocalAlloc
GetDriveTypeW
GetLogicalDriveStringsW
lstrcmpW
OutputDebugStringW
OutputDebugStringA
GetTempPathW
GetLocaleInfoW
AreFileApisANSI
ExitProcess
HeapReAlloc
GetFileSize
HeapAlloc
GetStartupInfoW
CreatePipe
GetVersionExW
GetTickCount
GetCurrentThread
SetFileAttributesW
GetDiskFreeSpaceW
SetVolumeLabelW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetFilePointer
GetSystemTimeAsFileTime
GetFileAttributesExW
FileTimeToSystemTime
GetTempFileNameW
CreateMutexW
CreateEventW
ReleaseMutex
SetEvent
ResetEvent
PeekNamedPipe
WaitForMultipleObjects
DuplicateHandle
TerminateProcess
MoveFileW
GetFileTime
FileTimeToLocalFileTime
GetTimeZoneInformation
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetEndOfFile
UnlockFile
LockFile
FormatMessageA
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceA
GetCurrentProcessId
GetTempPathA
GetSystemTime
InterlockedCompareExchange
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleA
GlobalFree
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
VirtualProtect
GetThreadLocale
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileSizeEx
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableW
RtlUnwind
RaiseException
GetFileType
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
ExitThread
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateDirectoryW
InterlockedDecrement
GlobalUnlock
GlobalLock
FreeResource
CreateProcessW
GlobalAlloc
GetVolumeInformationW
CopyFileW
WaitForSingleObject
DeleteFileW
GetFileAttributesW
FindNextFileW
FindClose
FindFirstFileW
MulDiv
SetLastError
GetCurrentThreadId
lstrcpynA
lstrlenA
lstrcmpA
lstrcpyW
GetWindowsDirectoryW
WinExec
lstrcatW
lstrlenW
LoadLibraryW
SetCurrentDirectoryW
lstrcpyA
LocalFree
CloseHandle
lstrcatA
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
GetFileAttributesA
GetCurrentProcess
FreeLibrary
GetModuleFileNameA
GetCurrentDirectoryW
MultiByteToWideChar
GetLastError
GetModuleFileNameW
WideCharToMultiByte
GetModuleHandleW
LockResource
SizeofResource
LoadResource
FindResourceW
QueryPerformanceCounter

user32

GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
GetScrollRange
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetWindowTextLengthW
GetScrollPos
SetScrollPos
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
CharToOemBuffA
OemToCharBuffA
SetFocus
PeekMessageW
SetWindowTextW
GetDlgItem
wsprintfW
MessageBoxW
DrawFocusRect
ExitWindowsEx
CheckMenuItem
SetRect
ShowScrollBar
GetSystemMenu
IsIconic
EnableMenuItem
CharUpperW
IsCharAlphaNumericA
AppendMenuW
GetMenuItemID
ModifyMenuW
DrawStateW
CallNextHookEx
GetMenuStringW
GetMenuItemInfoW
SetRectEmpty
GetClassInfoW
TrackPopupMenuEx
IntersectRect
GetDesktopWindow
GetMenuItemCount
SetWindowsHookExW
UnhookWindowsHookEx
DefWindowProcW
InvalidateRgn
wsprintfA
IsCharAlphaNumericW
SetCursor
SetCapture
LoadCursorW
MessageBeep
InflateRect
CopyIcon
ReleaseCapture
ShowWindow
GetSysColor
TrackPopupMenu
RegisterClipboardFormatW
GetMessageW
ValidateRect
GetSubMenu
SetForegroundWindow
LoadMenuW
RedrawWindow
GetCursorPos
GetFocus
TranslateMessage
GetWindowLongW
DispatchMessageW
PostQuitMessage
OffsetRect
SetTimer
KillTimer
LoadBitmapW
SetWindowLongW
DrawTextW
TabbedTextOutW
DrawTextExW
InvalidateRect
GetWindowTextW
GrayStringW
IsWindowVisible
CopyRect
SetWindowRgn
FillRect
LoadImageW
PostMessageW
GetParent
GetClientRect
PtInRect
LoadIconW
PostThreadMessageW
GetNextDlgGroupItem
CopyAcceleratorTableW
IsRectEmpty
CharNextW
SetWindowPos
IsWindow
EnableWindow
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
WindowFromPoint
DestroyMenu
MoveWindow
IsDialogMessageW
SetDlgItemTextW
CheckRadioButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SendMessageW
GetSystemMetrics
ReleaseDC
GetDC
GetWindowRect
ScreenToClient
UpdateWindow

gdi32

GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateDIBSection
CreateRectRgnIndirect
GetDeviceCaps
SaveDC
RestoreDC
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
SetBkMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetRgnBox
StretchDIBits
GetCharWidthW
MoveToEx
RoundRect
GetTextColor
CreateFontW
LPtoDP
SetTextColor
DeleteDC
SetBkColor
CreateBitmap
DPtoLP
GetMapMode
GetBkColor
Rectangle
GetCurrentObject
CreateCompatibleBitmap
ExtTextOutW
PtVisible
Escape
RectVisible
TextOutW
DeleteObject
BitBlt
CreateFontIndirectW
StretchBlt
CreateCompatibleDC
SetWindowOrgEx
LineTo
GetObjectW
CreateRoundRectRgn
CreatePen
GetStockObject
CreateSolidBrush
GetTextExtentPoint32W
SelectObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
CryptGenRandom
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExW
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
OpenProcessToken
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegOpenKeyExW
RegQueryValueW
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathAppendA
PathAppendW
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoCreateInstance
OleInitialize
OleUninitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
OleRun
StgOpenStorage
CoTaskMemFree
StgOpenStorageOnILockBytes
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
CoGetClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
GetErrorInfo
SysAllocString
OleCreateFontIndirect

wsock32

WSAStartup
WSACleanup
gethostbyname
closesocket
htonl
htons
ioctlsocket
shutdown
socket
select
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
accept

userenv

GetUserProfileDirectoryA

crypt32

CryptUnprotectData

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91be58fc16d22ad11520916ecdd46e2b

Headers

DLL Characteristics

File Characteristics

Imports

officepassworddecrypt

libpff

officepasswordcrack

office07passwordcrack

rardecryption

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

userenv

crypt32

version

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 60KB - Virtual size: 746KB

.rsrc Size: 157KB - Virtual size: 157KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 60KB - Virtual size: 746KB

.rsrc
Size: 157KB - Virtual size: 157KB