2024-05-20_c80d96e83f0ef530465e4a01c757f40d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-20_c80d96e83f0ef530465e4a01c757f40d_icedid
Size

622KB
MD5

c80d96e83f0ef530465e4a01c757f40d
SHA1

5a457e14f39e2150cddea36586b25c0e1215f9bf
SHA256

a6355dad1f54541092f6082a1d5bbebc555926a6f9793b98f668e62954392e06
SHA512

f377002c4a55a634ec627a824a0769bd443c1293337cf70d9083f7f6574983af6f7fa4ecac7ad47c9e25eedea772e26f950244c461c41cb57f6334c51afce923
SSDEEP

12288:BbtwwuOVimwN2uLJU21LMPZF8mzPnEZupICbgLLH:BbnuFFJU21LoN4ZupICbgn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-20_c80d96e83f0ef530465e4a01c757f40d_icedid

Files

2024-05-20_c80d96e83f0ef530465e4a01c757f40d_icedid
.exe windows:5 windows x86 arch:x86

296f82994d3f8598eb7c68f43af6520f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\fd\90TI112_06_05_1\aucomn\binrel\WorkstationIdCfg.pdb

Imports

kernel32

RtlUnwind
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
Sleep
ExitProcess
ExitThread
CreateThread
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetACP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetSystemDirectoryW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
LoadLibraryW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
GetModuleHandleW
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameA
GetOEMCP
GetCPInfo
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
InterlockedDecrement
GetModuleFileNameW
lstrlenA
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryA
MultiByteToWideChar
lstrcmpW
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceA
GetFileType
WideCharToMultiByte

user32

LoadAcceleratorsA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
SetTimer
KillTimer
GetKeyNameTextA
MapVirtualKeyA
SetParent
UnionRect
PostThreadMessageA
GetDCEx
LockWindowUpdate
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
CharUpperA
DestroyIcon
GetSysColorBrush
WaitMessage
ReleaseCapture
LoadCursorA
WindowFromPoint
SetCapture
DeleteMenu
InsertMenuA
RemoveMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
DestroyMenu
GetMenuItemInfoA
InflateRect
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
InsertMenuItemA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
SetRectEmpty
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
SetPropA
IsRectEmpty
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
ShowOwnedPopups
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
CheckDlgButton

gdi32

ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
PolyBezierTo
CreateDCA
GetTextMetricsA
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetCharWidthA
CreateFontA
StretchDIBits
CreateCompatibleBitmap
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
PolyDraw
PolylineTo
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CopyMetaFileA
CreateBitmap
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyA

shell32

ExtractIconA
DragFinish
DragQueryFileA
SHGetFileInfoA

shlwapi

PathRemoveExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoGetClassObject

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysFreeString

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

296f82994d3f8598eb7c68f43af6520f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 476KB - Virtual size: 475KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 476KB - Virtual size: 475KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 18KB - Virtual size: 17KB