2024-05-21_b4caf14afe9ff7655305960b22a2331f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_b4caf14afe9ff7655305960b22a2331f_icedid
Size

612KB
MD5

b4caf14afe9ff7655305960b22a2331f
SHA1

e5bf1264731b5de7d46ae5790fb287d62e4d72d1
SHA256

941d2eefa71f5b032ca9e4caa7e6a5e7704bd941070a8da45922b8b516589682
SHA512

8bf80509aedce0142f5a616bf75f3e88fb653520421606ec8f4b376ef29ad4d02bd4a65c2eb75ffdc97b70bd48a1b976acd06491454543872602e654e081025f
SSDEEP

6144:BZU9Bke6LUVceGQ9D5IPBeEmtTbwQo/dmNvG3FO+K:BZ4ce9D5IPwEmtTMQo1lU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-21_b4caf14afe9ff7655305960b22a2331f_icedid

Files

2024-05-21_b4caf14afe9ff7655305960b22a2331f_icedid
.exe windows:4 windows x86 arch:x86

ebf899cc7a2b52be4e237d75aa8f86f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDrawImageRectI
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateCachedBitmap
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDrawCachedBitmap
GdipCloneBrush
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteCachedBitmap
GdipFree
GdipDeleteGraphics
GdipAlloc
GdipDisposeImage

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

hookdllps2

?KbdHkSetUnhook@@YAHXZ
?KbdHkSetHookOwner@@YAHPAUHWND__@@I@Z

kernel32

UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
lstrlenA
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
LockFile
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ReadFile
GetThreadLocale
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
FormatMessageW
LocalFree
lstrlenW
MulDiv
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
lstrcmpW
GlobalDeleteAtom
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
GetCurrentThreadId
GetVersionExW
Sleep
LoadLibraryW
OpenProcess
CloseHandle
GetLastError
GetProcAddress
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FlushFileBuffers
GetConsoleOutputCP
SetFilePointer
GetStartupInfoW

user32

MoveWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
DestroyMenu
UnregisterClassW
SetCapture
ReleaseCapture
GetSysColorBrush
CharUpperW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
UnregisterClassA
GetMenuItemID
GetMenuItemCount
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
SetWindowTextW
SendDlgItemMessageW
PtInRect
GetDlgCtrlID
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetLastActivePopup
MessageBoxW
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageW
GetWindowThreadProcessId
AttachThreadInput
GetDesktopWindow
GetClientRect
SetWindowPos
WaitForInputIdle
GetForegroundWindow
UpdateWindow
GetWindowLongW
SetWindowLongW
KillTimer
SetTimer
GetWindowRect
GetSystemMenu
AppendMenuW
LoadBitmapW
SetForegroundWindow
ReleaseDC
PeekMessageW
IsWindowVisible
SendMessageTimeoutW
wvsprintfW
SendMessageW
FindWindowW
GetClassInfoW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
IsDialogMessageW
DefWindowProcW
PostMessageW
EqualRect
BeginPaint
EndPaint
GetDC
EnableWindow
InvalidateRect
ShowWindow
DestroyWindow
SendDlgItemMessageA
WinHelpW
CopyRect
IsChild
IsWindowEnabled
GetSubMenu

gdi32

GetDeviceCaps
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
ExtSelectClipRgn
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetTextColor
GetClipBox
CreateBitmap
GetObjectW
DeleteObject
GetStockObject
DeleteDC
SetMapMode

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromProgID
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CLSIDFromString

oleaut32

SysAllocStringLen
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
VariantCopy
SysFreeString

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf899cc7a2b52be4e237d75aa8f86f0

Headers

File Characteristics

Imports

gdiplus

psapi

hookdllps2

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 320KB - Virtual size: 319KB

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 320KB - Virtual size: 319KB