2024-05-17_40912196b120e82a592070c7afa19e09_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-17_40912196b120e82a592070c7afa19e09_icedid
Size

1.8MB
MD5

40912196b120e82a592070c7afa19e09
SHA1

92aeea8402117b781b7d86197adff938151a4335
SHA256

24501016ff1a1c710c79bdcbca37d69a660a24789140cb53e5707656d54bb86d
SHA512

ee81a36fa3515964017f314ad5c5ef9d5008281488d3779e43b923f1fa883dda8ec46c1141e0c578d46fa7afacbb7429e4c012163227b417599382d8ce8d09e1
SSDEEP

49152:zdHnHfclc/8Hy/dXImV1BLpTxmiClQO1yLhydRaBYnMDyLiC49UQ:5/dXImBLQ1ShydMDymCE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-17_40912196b120e82a592070c7afa19e09_icedid

Files

2024-05-17_40912196b120e82a592070c7afa19e09_icedid
.exe windows:4 windows x86 arch:x86

1baaef936a23116e8d247fb7d0d13349

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ogg

ogg_stream_clear
ogg_stream_packetin
ogg_stream_pageout
ogg_stream_init
ogg_stream_flush

sqlapid

?asShort@SAValueRead@@QBEFXZ
?asString@SAValueRead@@QBE?AVSAString@@XZ
?asBool@SAValueRead@@QBE_NXZ
??4SAString@@QAEABV0@ABV0@@Z
??0SACommand@@QAE@PAVSAConnection@@ABVSAString@@W4SACommandType_t@@@Z
?Execute@SACommand@@UAEXXZ
??1SACommand@@UAE@XZ
?asLong@SAValueRead@@QBEJXZ
??0SAConnection@@QAE@XZ
??0SAString@@QAE@PBD@Z
?Connect@SAConnection@@QAEXABVSAString@@00W4SAClient_t@@@Z
??1SAString@@QAE@XZ
?ErrText@SAException@@QBE?AVSAString@@XZ
??BSAString@@QBEPBDXZ
?FetchNext@SACommand@@QAE_NXZ
?Disconnect@SAConnection@@QAEXXZ
?Field@SACommand@@QAEAAVSAField@@ABVSAString@@@Z

vorbis

vorbis_comment_init
vorbis_info_init
vorbis_info_clear
vorbis_comment_clear
vorbis_dsp_clear
vorbis_block_clear
vorbis_synthesis_read
vorbis_synthesis_pcmout
vorbis_synthesis_blockin
vorbis_synthesis
vorbis_synthesis_headerin
vorbis_synthesis_init
vorbis_block_init

ws2_32

__WSAFDIsSet
select
ntohs
gethostname
gethostbyname
shutdown
accept
ioctlsocket
connect
send
recv
socket
WSAGetLastError
inet_addr
htons
closesocket

kernel32

GlobalFree
SetLastError
GetProcAddress
GetModuleHandleA
lstrcmpW
lstrcatA
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
InterlockedDecrement
VirtualProtect
GetProfileIntA
lstrcmpA
InterlockedIncrement
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetModuleFileNameA
GetCurrentThread
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
CopyFileA
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
FileTimeToLocalFileTime
WritePrivateProfileStringA
GetFileAttributesA
GetFileTime
SetErrorMode
RtlUnwind
HeapFree
ExitThread
CreateThread
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
lstrcpynA
CreateProcessA
GetExitCodeProcess
GetCurrentProcess
CreateSemaphoreA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
lstrcmpiA
lstrlenW
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
SuspendThread
GetSystemTime
SearchPathA
GetDriveTypeA
OpenEventA
WaitForSingleObject
ReleaseMutex
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OpenMutexA
CreateMutexA
GetCurrentProcessId
UnmapViewOfFile
GetLocalTime
ReadFile
GetFileSize
SetFilePointer
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
WaitForMultipleObjects
GetTickCount
SetEvent
Sleep
CreateEventA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
FormatMessageA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
GetLastError
WriteFile
CloseHandle
GlobalHandle

user32

GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetActiveWindow
GetWindowDC
GetAsyncKeyState
MapDialogRect
InflateRect
PostQuitMessage
SetCursor
ValidateRect
TranslateMessage
GetMessageA
SetWindowContextHelpId
WindowFromPoint
DestroyMenu
GetSysColorBrush
LoadCursorA
CharNextA
InvalidateRect
ReleaseCapture
SetCapture
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MoveWindow
TrackPopupMenu
IsWindowVisible
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetScrollInfo
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetFocus
IsWindowEnabled
SetFocus
PtInRect
GetDlgCtrlID
LoadMenuA
ModifyMenuA
GetSubMenu
SetTimer
CreatePopupMenu
ClientToScreen
CloseWindow
GetScrollRange
GetScrollPos
SetScrollRange
SetScrollPos
RedrawWindow
IsRectEmpty
WaitForInputIdle
KillTimer
GetKeyState
EndPaint
BeginPaint
DrawIcon
GetWindowRect
GetSystemMenu
AppendMenuA
LoadBitmapA
SetPropA
LoadIconA
GetDesktopWindow
GetWindow
IsWindow
GetPropA
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
UnregisterClassA
CharUpperA
RegisterClipboardFormatA
PostMessageA
ReleaseDC
GetDC
GetClientRect
FillRect
CopyRect
GetCursorPos
ScreenToClient
OffsetRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetParent
SendMessageA
EnableWindow
wsprintfA
MessageBoxA
SetWindowTextA
IsDialogMessageA
GetSystemMetrics

gdi32

SetMapMode
LineTo
MoveToEx
DeleteObject
GetObjectA
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
SetBkColor
ExtSelectClipRgn
GetStockObject
CreateRectRgnIndirect
GetMapMode
GetTextColor
EnumFontFamiliesExA
GetRgnBox
SetTextColor
GetClipBox
CopyMetaFileA
GetDeviceCaps
Ellipse
CreatePen
GetTextExtentPoint32A
DeleteDC
GetWindowExtEx
GetViewportExtEx
BitBlt
Rectangle
GetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
CreateFontA

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ord17
DestroyPropertySheetPage
CreatePropertySheetPageA
PropertySheetA

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CLSIDFromString
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CoDisconnectObject
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoGetMalloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
OleIsCurrentClipboard
ReleaseStgMedium
OleDuplicateData

oleaut32

GetErrorInfo
LoadTypeLi
OleCreateFontIndirect
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime

wsock32

WSAStartup
WSACleanup

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 892KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1baaef936a23116e8d247fb7d0d13349

Headers

File Characteristics

Imports

ogg

sqlapid

vorbis

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 124KB - Virtual size: 149KB

.rsrc Size: 892KB - Virtual size: 889KB

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 124KB - Virtual size: 149KB

.rsrc
Size: 892KB - Virtual size: 889KB