2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi
Size

1.8MB
MD5

22c3b92d4a7b00c09b9a01dc41c5484f
SHA1

a68380980141c691745c3079b84269a7fc571a79
SHA256

13c4cb31e54f93e0a642d03cfec51b59c1f99a735b82771e60d0c309d4fda40a
SHA512

bf7fd781ca0d30849989e633a1d94ac3899b9e07014affde0140002ea001f0817230ccd61803c93620879d8eb764b1d3e723bbac6e37bbf4ae73295edac0ee51
SSDEEP

49152:2BHTZQBIGoA5nN9615Z9VTNIeUOPI5E33uLkv4:2JZgoiN9615YeUfauYv4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi

Files

2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi
.exe windows:4 windows x86 arch:x86

490327600b5dc6856cf58705bdba480c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\苏州\登陆器\8\LoginTool\Release\LoginTool.pdb

Imports

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgClose

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetConnectW
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpOpenRequestW
GopherOpenFileW
InternetOpenW
InternetOpenUrlA
InternetSetOptionA
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetQueryDataAvailable

kernel32

LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetModuleHandleA
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
SetThreadPriority
SuspendThread
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GlobalGetAtomNameW
GetAtomNameW
GlobalFlags
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetShortPathNameW
LocalFileTimeToFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
lstrcmpW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FatalAppExitA
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
InterlockedCompareExchange
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
lstrcpyW
WinExec
lstrcatW
GetModuleFileNameW
GetCommandLineW
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
GetVersionExA
GlobalSize
MulDiv
SetLastError
InterlockedDecrement
InterlockedIncrement
CreateSemaphoreW
ReleaseSemaphore
ReleaseMutex
CreateThread
GetExitCodeThread
TerminateThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
GetModuleHandleW
LoadLibraryExW
SetCurrentDirectoryW
MoveFileW
GetLongPathNameW
FindResourceW
DeleteFileW
CloseHandle
CreateProcessW
GetPrivateProfileIntW
WaitForSingleObject
MoveFileExW
SearchPathW
GetFullPathNameW
GetFileTime
ReadFile
WriteFile
SetFileTime
SetEndOfFile
SetFilePointer
GetProcAddress
GetSystemDirectoryW
SetErrorMode
OpenEventW
OpenProcess
CreateEventW
ResetEvent
SetEvent
GetTickCount
LocalFree
LocalAlloc
GlobalFree
ResumeThread
GetCurrentThreadId
Sleep
ExpandEnvironmentStringsW
GetSystemInfo
SetEnvironmentVariableW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
CopyFileW
CreateDirectoryW
GetDriveTypeW
FindNextFileW
FindClose
FindFirstFileW
GetVersionExW
WaitForMultipleObjects
ExitThread
GetCurrentDirectoryW
CreateMutexW
GetLastError
FormatMessageW
GetACP
LockResource
GetTempPathW
GetTempFileNameW
GetLocalTime
CreateFileW
GetFileSize
GetCurrentProcessId
GetModuleFileNameA

user32

UnregisterClassW
GetSysColorBrush
DeleteMenu
WaitMessage
DestroyIcon
CharUpperW
GetDialogBaseUnits
PostThreadMessageW
TranslateAcceleratorW
SetMenu
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetKeyNameTextW
MapVirtualKeyW
SetParent
UnionRect
GetDCEx
LockWindowUpdate
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ScrollWindowEx
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
RegisterClipboardFormatW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetKeyState
WindowFromPoint
ScreenToClient
GetMenuState
GetMenuStringW
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
UnhookWindowsHookEx
GetDesktopWindow
GetFocus
InvalidateRgn
EqualRect
IntersectRect
OffsetRect
SetRect
IsRectEmpty
CopyRect
IsWindowEnabled
CopyAcceleratorTableW
GetWindowTextLengthW
AttachThreadInput
GetForegroundWindow
GetWindowLongW
GetWindowTextW
SetWindowPos
IsWindowVisible
MapWindowPoints
SetWindowTextW
GetWindowThreadProcessId
GetWindow
GetDlgItem
SendMessageTimeoutW
GetActiveWindow
SystemParametersInfoW
SetForegroundWindow
KillTimer
SetTimer
SetWindowRgn
IsIconic
GetSystemMenu
PostMessageW
InsertMenuW
AppendMenuW
CreatePopupMenu
DrawIcon
GetCursorPos
DestroyMenu
GetMenuItemInfoW
CharNextW
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
GetMessageW
LoadIconW
ShowWindow
GetSystemMetrics
TranslateMessage
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GetMenu
ClientToScreen
LoadImageW
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
SendMessageW
InflateRect
PtInRect
LoadCursorW
CopyIcon
IsWindow
SetWindowLongW
SetCursor
ReleaseCapture
MessageBeep
GetSysColor
SetFocus
UnregisterClassA

gdi32

RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
SaveDC
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetBkColor
GetTextColor
SetRectRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
GetCharWidthW
CreateFontW
StretchDIBits
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetRgnBox
CreateRectRgnIndirect
CombineRgn
CreateRoundRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
TextOutW
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueW
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegRestoreKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegEnumKeyExW
RegEnumValueW
RegSaveKeyW

shell32

DragFinish
ShellExecuteW
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW
ExtractIconW
DragQueryFileW
SHGetFolderPathW
SHGetFileInfoW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleRegGetUserType
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
CreateBindCtx
ReadFmtUserTypeStg
ReadClassStg
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CLSIDFromString
OleDuplicateData
CoTreatAsClass
StringFromCLSID

oleaut32

SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayDestroy
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantClear
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
LoadTypeLi
SysStringLen
SysAllocStringLen

gdiplus

GdipDrawString
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreatePath
GdipDeletePath
GdipReleaseDC
GdipClosePathFigure
GdipAddPathArcI
GdipSetTextRenderingHint
GdipSetPageUnit
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageI
GdipDrawImageRectI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipMeasureString
GdipDrawImagePointsI
GdipDrawImageRectRect
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipCloneBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipResetPath
GdipDeleteGraphics
GdipDeleteBrush

ws2_32

inet_ntoa
connect
htons
inet_addr
setsockopt
WSACleanup
recv
WSAStartup
socket
closesocket
gethostbyname
send

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��u
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

490327600b5dc6856cf58705bdba480c

Headers

File Characteristics

PDB Paths

Imports

crypt32

version

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 245KB - Virtual size: 245KB

����u Size: 88KB - Virtual size: 88KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 245KB - Virtual size: 245KB

��u
Size: 88KB - Virtual size: 88KB