2024-05-17_b7afa36aacdbeb4cc55ebbc13d704a4c_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-17_b7afa36aacdbeb4cc55ebbc13d704a4c_icedid
Size

1.7MB
MD5

b7afa36aacdbeb4cc55ebbc13d704a4c
SHA1

83714fa021417939ce47e3d14eb3f498127e1470
SHA256

51a58efe09fffa2dc896ce32281568500569e34a2fdb9d49c50cd0edf163061d
SHA512

ee30243403b0fa347b478c8413bf0472adbc10d28df00eb69e72e938c3128bb44a33410411e8f67e437b0576f3ab77e496e5c5d08a5c308f73f0d80137f0d96b
SSDEEP

49152:4FHo3g9/pPm2FkVUl7pEQ9VPzE6A5rdYtp/66qHxh:4QgXPIUhyKbE6AkUh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-17_b7afa36aacdbeb4cc55ebbc13d704a4c_icedid

Files

2024-05-17_b7afa36aacdbeb4cc55ebbc13d704a4c_icedid
.exe windows:4 windows x86 arch:x86

4e2326b55d509a3b8b812a0057e429b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins\workspace\srf_develop\ShuRuFa\程序\Trunk\Bin\pdbmap\WanNengWB\Cloud.pdb

Imports

kernel32

DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameW
lstrlenA
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
ExitThread
HeapSize
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
LocalReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentDirectoryA
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
GetDriveTypeA
FlushConsoleInputBuffer
GlobalMemoryStatus
FindFirstFileA
ExpandEnvironmentStringsW
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
SleepEx
InterlockedCompareExchange
LocalAlloc
GlobalFlags
GetModuleHandleA
GlobalFindAtomW
CompareStringW
GetVersionExA
GlobalGetAtomNameW
FreeResource
SetLastError
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
lstrcmpW
IsBadReadPtr
LoadLibraryA
VirtualFree
VirtualAlloc
MoveFileW
CreateThread
GetSystemDirectoryW
GetVolumeInformationW
Sleep
MulDiv
ReleaseMutex
CreateMutexW
SetPriorityClass
OutputDebugStringA
DeviceIoControl
FormatMessageW
lstrlenW
InterlockedDecrement
LocalFree
FindFirstFileW
FindNextFileW
FindClose
GlobalLock
GlobalUnlock
GetSystemInfo
MoveFileExW
DeleteFileW
GlobalAlloc
GlobalFree
GetCommandLineW
WaitForSingleObject
GetTickCount
MultiByteToWideChar
QueryPerformanceFrequency
ReadFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetEnvironmentVariableW
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetLocalTime
CreateDirectoryW
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
VirtualProtect
GetCurrentProcess
HeapAlloc
GetModuleHandleW
GetLastError
GetProcessHeap
HeapFree
WideCharToMultiByte
GetStdHandle
WriteFile
GetTempPathW
GetModuleFileNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
GetFileSize
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
HeapCreate
CloseHandle

user32

SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
UnregisterClassW
CharUpperW
GetSysColorBrush
SetCapture
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
MoveWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
InvalidateRgn
GetClientRect
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
CallWindowProcW
GetWindowPlacement
PostMessageW
SetTimer
KillTimer
RegisterClassExW
DefWindowProcW
LoadCursorW
RegisterWindowMessageW
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
WinHelpW
SetFocus
EqualRect
GetDlgItem
SetWindowLongW
GetDlgCtrlID
GetMenu
LoadIconW
GetCapture
ReleaseCapture
LoadAcceleratorsW
SetActiveWindow
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
GetClassInfoW
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
SetMenu
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
PostThreadMessageW
InflateRect
GetMenuItemInfoW
ShowWindow
TranslateAcceleratorW
EndDialog
CreateDialogIndirectParamW
GetParent
BringWindowToTop
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextW
GetSystemMetrics
GetDesktopWindow
GetWindowRect
GetClassNameW
GetFocus
IsWindow
FindWindowW
SystemParametersInfoA
wsprintfW
GetMonitorInfoW
SystemParametersInfoW
EnumDisplayMonitors
PtInRect
ReleaseDC
RegisterClipboardFormatW
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
UnhookWindowsHookEx
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
SendMessageW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetDC

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateSolidBrush
GetTextExtentPoint32W
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
Escape
SetViewportExtEx
CreateFontIndirectW
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
OffsetViewportOrgEx
SetViewportOrgEx
CreateBitmap
CreateCompatibleBitmap
GetDeviceCaps
SelectObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

ReportEventA
DeregisterEventSource
RegQueryValueW
RegDeleteKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
RegOpenKeyW
RegEnumKeyW
RegisterEventSourceA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
LookupAccountNameW
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeSecurityDescriptor

shell32

DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRevokeClassObject
OleFlushClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

ws2_32

ioctlsocket
shutdown
gethostname
select
__WSAFDIsSet
listen
accept
sendto
getservbyport
WSACleanup
WSAStartup
WSAGetLastError
closesocket
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
recvfrom

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e2326b55d509a3b8b812a0057e429b3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 340KB - Virtual size: 337KB

.data Size: 52KB - Virtual size: 84KB

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 340KB - Virtual size: 337KB

.data
Size: 52KB - Virtual size: 84KB

.rsrc
Size: 104KB - Virtual size: 104KB