2024-05-23_846474de05e874476d7295f98b3bbacc_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_846474de05e874476d7295f98b3bbacc_icedid
Size

1.1MB
MD5

846474de05e874476d7295f98b3bbacc
SHA1

74e09ac4244d76fbaa491ef800a99b2b1131a356
SHA256

ebe4900f33e4e6d0aefa94b0647b86195bd91aa0b1c3fd73dc09cc398eeffd6d
SHA512

286d00b566a09b15400f1e45f1e8729f34940114a1f88e776545d541335e8a77aea2650ac4c707fd6fbbd2c88da16569e00551fcae68c01d6b1457f5676c3f5a
SSDEEP

12288:rsD2rEjyAsnuu0mdzbrN6cpfIHR+4pGJWx15O/U2o/wNW2i8qnfmTV+MDDyusWcA:r62t4cfIxIW8QjR8dTVFsh/3UUh/s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_846474de05e874476d7295f98b3bbacc_icedid

Files

2024-05-23_846474de05e874476d7295f98b3bbacc_icedid
.exe windows:4 windows x86 arch:x86

1150ffc001770138c92f71f546e06a2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Projects\VD200806\旧版本代码保存\2011.12.29\TFG3.2_TSP\Installation\bin\AgentFiles\IgAgent.pdb

Imports

kernel32

CreateMutexW
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
MoveFileW
GetThreadLocale
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetStartupInfoW
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
FileTimeToLocalFileTime
IsDebuggerPresent
ExitThread
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
ExitProcess
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
FreeResource
GetModuleHandleA
MulDiv
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetPrivateProfileStringA
GetTempFileNameW
GetTempPathA
SetFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
FindFirstFileA
FindNextFileW
lstrcpyA
CreateFileMappingA
DuplicateHandle
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
GetFileInformationByHandle
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileIntW
SetFilePointer
lstrcpynW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
GetEnvironmentVariableA
GetExitCodeThread
GetExitCodeProcess
CreateProcessA
LoadLibraryA
CreateEventW
FreeLibrary
DeviceIoControl
GetCurrentProcessId
GetCurrentProcess
GetFileTime
GetSystemInfo
WideCharToMultiByte
CreateFileA
CreateDirectoryA
MoveFileExA
CreateMutexA
OpenMutexA
GetComputerNameA
WritePrivateProfileStringA
ReleaseMutex
LocalAlloc
FlushFileBuffers
GlobalUnlock
WriteFile
GlobalLock
InterlockedDecrement
GetTempPathW
DeleteFileA
CopyFileA
SetLocalTime
ResumeThread
SetThreadPriority
TerminateThread
ResetEvent
SetEvent
LocalFree
FormatMessageW
GetVersionExW
GetModuleFileNameW
CreateDirectoryW
GetFileSize
CreateFileW
OutputDebugStringW
GetModuleFileNameA
CreateThread
CompareFileTime
SystemTimeToFileTime
OutputDebugStringA
GetCommandLineA
lstrcpyW
GetTickCount
Sleep
GetEnvironmentVariableW
GetLocalTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
CloseHandle
WaitForSingleObject
SetLastError
GetLastError
MoveFileExW
DeleteFileW
CopyFileW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
LockResource
InterlockedExchange
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
lstrlenW
LeaveCriticalSection
SetUnhandledExceptionFilter
EnterCriticalSection

user32

MessageBeep
UnregisterClassW
GetSysColorBrush
CharUpperW
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
WindowFromPoint
DestroyMenu
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
GetMessageW
TranslateMessage
ValidateRect
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
GetMessageTime
PeekMessageW
TrackPopupMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
SetRect
ClientToScreen
ScreenToClient
GetWindowTextLengthW
GetFocus
SetWindowPos
SetFocus
ShowWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
GetMenuItemID
RegisterWindowMessageW
LoadIconW
UnregisterClassA
GetSysColor
SendMessageW
wsprintfW
GetClientRect
MessageBoxA
SetWindowRgn
IsMenu
AdjustWindowRectEx
GetScrollInfo
GetClassLongW
GetWindowRgn
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
OffsetRect
MapWindowPoints
GetClassNameW
FindWindowW
GetSystemMetrics
ModifyMenuW
GetMenu
HideCaret
MessageBoxW
SetRectEmpty
EqualRect
InflateRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CopyRect
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
IsRectEmpty
GetParent
InsertMenuW
GetDC
EnableWindow
SetWindowLongW
LoadBitmapW
PostMessageW
GetActiveWindow
SetActiveWindow
IsWindow
GetDlgItem
GetWindowLongW
SetTimer
KillTimer
GetMessagePos
LoadMenuW
GetSubMenu
EnableMenuItem
InvalidateRect
UpdateWindow
GetKeyState
GetWindowRect
MoveWindow
GetDesktopWindow
IsWindowEnabled
LoadCursorW
RedrawWindow
SetCursor
UnregisterDeviceNotification
SystemParametersInfoW
IsWindowVisible
RegisterHotKey
RegisterDeviceNotificationW
DeleteMenu
CheckMenuRadioItem
GetMenuItemCount
GetCursorPos
SetForegroundWindow
GetWindowTextW
UnregisterHotKey
PtInRect
CreatePopupMenu
AppendMenuW

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
DeleteDC
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreatePolygonRgn
GetPixel
FillRgn
OffsetRgn
CreateRectRgnIndirect
CombineRgn
SetRectRgn
CreateRectRgn
CreateFontW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
GetStockObject
CreateFontIndirectW
StretchBlt
SetStretchBltMode
SetTextColor
SetBkColor
BitBlt
GetDeviceCaps
CreateBitmap
GetObjectW
SetDIBColorTable
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetSecurityInfo
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
FreeSid
SetSecurityInfo
SetEntriesInAclW
AllocateAndInitializeSid

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteA
SHGetSpecialFolderPathA
SHChangeNotify
DragAcceptFiles

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsA
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes

oleaut32

VariantCopy
VariantInit
SysFreeString
VariantChangeType
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
GetErrorInfo

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdiplusShutdown
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage

ws2_32

setsockopt
WSACloseEvent
recv
send
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
closesocket
connect
inet_addr
htons
WSAEventSelect
WSACreateEvent
socket
WSAGetLastError
inet_ntoa
gethostname
WSAStartup
WSACleanup
gethostbyname

Sections

.text
Size: 596KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1150ffc001770138c92f71f546e06a2a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

ws2_32

Sections

.text Size: 596KB - Virtual size: 592KB

.rdata Size: 148KB - Virtual size: 145KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 356KB - Virtual size: 353KB

.text
Size: 596KB - Virtual size: 592KB

.rdata
Size: 148KB - Virtual size: 145KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 356KB - Virtual size: 353KB