2024-05-25_71042c53058e611f2d1574697eb1e37c_hello_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-25_71042c53058e611f2d1574697eb1e37c_hello_icedid
Size

16.7MB
MD5

71042c53058e611f2d1574697eb1e37c
SHA1

c5f2aa947efcd12fc565d04088ea8ed72fecf022
SHA256

270011f963b654b1d05b4e21cec21b03fe84961ecf15b0bf474040161a7c0010
SHA512

13c212e1d7a58c9f10cda703b28c353277e84a290fea2a1f21c0f33b60bc7a1b9c7612ca23eb69b5613b2ec6e9bb8f07fa6c4041bc0a61f0aadd68addb944882
SSDEEP

196608:g2UmIM1B3VYOXgvzYYULQWKt/AEnA7mS3sIPAND956kqCeHCHC3NZNMTB8G+90:g2UmIM1NVXQv80X9AA3Ua7cC6ZYTr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-25_71042c53058e611f2d1574697eb1e37c_hello_icedid

Files

2024-05-25_71042c53058e611f2d1574697eb1e37c_hello_icedid
.exe windows:4 windows x86 arch:x86

dd44f1e78dfe19332975df8eb95af8f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
ResumeThread
GlobalAlloc
FreeResource
WaitForSingleObject
ResetEvent
SetEvent
GetLongPathNameW
GetSystemInfo
GetCurrentProcessId
CopyFileW
MoveFileW
MoveFileExW
GetPrivateProfileIntW
GetVolumeInformationW
DeviceIoControl
GetCurrentProcess
CreateFileW
GetLastError
ReadFile
lstrcpynW
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
lstrlenA
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetStartupInfoW
LoadLibraryA
RaiseException
InterlockedExchange
TlsAlloc
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
MulDiv
IsBadWritePtr
TlsSetValue
lstrcmpiA
lstrcmpA
CreateThread
ExpandEnvironmentStringsW
SearchPathW
GetModuleHandleW
GetExitCodeProcess
WaitForMultipleObjects
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetProcessTimes
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
LoadLibraryExW
GetFileTime
FileTimeToLocalFileTime
GetWindowsDirectoryW
GetShortPathNameW
VirtualQuery
OpenProcess
ExitProcess
TerminateProcess
SetProcessWorkingSetSize
GetTempPathW
GetTempFileNameW
GetSystemTime
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GlobalFree
CreateEventW
GetDiskFreeSpaceExW
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
DuplicateHandle
GetFileType
lstrlenW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
Sleep
CreateProcessW
SetFilePointer
FindResourceW
FreeLibrary
SizeofResource
LoadResource
LockResource
SetFileAttributesW
GetTickCount
GetFileAttributesW
SetEndOfFile
WriteFile
FlushInstructionCache
OutputDebugStringW
DebugBreak
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
CreateMutexW
GetVersionExW
GetFileSize
IsBadReadPtr
CloseHandle
GetModuleFileNameW

user32

DefWindowProcW
MessageBoxW
BringWindowToTop
IsIconic
GetDesktopWindow
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
wvsprintfW
CharNextW
DialogBoxParamW
MapVirtualKeyW
GetKeyNameTextW
GetShellWindow
GetWindowThreadProcessId
SubtractRect
FindWindowExW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetParent
EndDialog
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetWindowLongW
LoadStringW
ShowWindow
SetForegroundWindow
WaitForInputIdle
PostMessageW
FindWindowW
DispatchMessageW
SendMessageTimeoutW
CopyRect
GetUpdateRect
SetRect
ReleaseDC
GetWindowDC
LoadImageW
GetWindowTextLengthW
GetDlgCtrlID
ReleaseCapture
SetCapture
GetDC
GetCapture
ClientToScreen
SetWindowLongW
UpdateWindow
OffsetRect
IsWindowEnabled
GetSysColor
FillRect
DrawEdge
GetSystemMetrics
InflateRect
DrawFocusRect
SetCursor
DrawTextW
CreateDialogParamW
GetMenu
AdjustWindowRectEx
IsWindow
EndPaint
RedrawWindow
BeginPaint
SendMessageW
PostQuitMessage
SetWindowTextW
GetWindowTextW
SetWindowRgn
KillTimer
SetDlgItemTextW
GetDlgItem
InvalidateRect
SetTimer
EnableWindow
CreateWindowExW
CallWindowProcW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
PtInRect

gdi32

CreateCompatibleBitmap
SetViewportOrgEx
GetObjectW
CreateFontW
SetBkMode
SetTextColor
CreateFontIndirectW
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
CombineRgn
DeleteObject
GetCurrentObject
CreateDIBSection
CreateSolidBrush
CreateDIBPatternBrushPt
GetBitmapBits
CreatePatternBrush
OffsetViewportOrgEx
GetDeviceCaps
GetStockObject
CreateRectRgn

advapi32

GetSidIdentifierAuthority
RegOpenKeyW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegEnumValueW
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
AdjustTokenPrivileges
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
DuplicateTokenEx
RegQueryValueExW
RegEnumKeyExW

shell32

SHGetSpecialFolderLocation
SHGetFileInfoW
SHAppBarMessage
SHFileOperationW
SHFreeNameMappings
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
OleUninitialize
OleInitialize
CoSetProxyBlanket

olepro32

ord251

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
SysFreeString

comctl32

ImageList_Remove
ImageList_SetImageCount
ImageList_Create
ImageList_Add
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Duplicate

msimg32

AlphaBlend

wininet

HttpQueryInfoW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
InternetReadFile
InternetReadFileExA
InternetSetStatusCallbackW
InternetSetOptionA
InternetConnectW

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo

shlwapi

PathRemoveFileSpecW
PathGetDriveNumberW
SHGetValueA
StrToIntExW
PathIsURLW
PathIsRootW
PathCombineW
PathMatchSpecW
PathFindExtensionW
StrCmpIW
PathFileExistsW
SHEnumKeyExW
SHDeleteKeyW
StrStrIW
StrCmpNIW
SHDeleteValueW
StrCatW
SHSetValueW
SHGetValueW
PathIsDirectoryW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

urlmon

ObtainUserAgentString

msvcp60

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z

msvcrt

__p__fmode
__set_app_type
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
towlower
iswspace
swprintf
rewind
fgets
_strnicmp
fprintf
abs
atoi
fwrite
memcmp
pow
_purecall
_ftol
wcscat
gmtime
strcmp
calloc
_beginthreadex
wcsncat
towupper
wcscpy
_ltow
swscanf
iswdigit
realloc
strcpy
strncpy
sprintf
_ismbslead
wcspbrk
_strlwr
strncat
_vsnwprintf
_vsnprintf
strcat
wcstok
wcsncmp
strtok
_snwprintf
_snprintf
tolower
isspace
isprint
__CxxFrameHandler
free
_wfopen
fseek
ftell
malloc
fread
fclose
wcschr
_wtoi
wcsstr
memmove
??2@YAPAXI@Z
_wcslwr
wcsncpy
wcsrchr
wcscmp
strlen
memcpy
memset
_wcsicmp
wcslen
_except_handler3
_wtol
_ui64tow
time
_wtoi64
__dllonexit
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_wcsnicmp
_onexit

netapi32

Netbios

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.3MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd44f1e78dfe19332975df8eb95af8f8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

comctl32

msimg32

wininet

psapi

shlwapi

version

wintrust

urlmon

msvcp60

msvcrt

netapi32

comdlg32

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 176KB - Virtual size: 194KB

.rsrc Size: 16.3MB - Virtual size: 16.3MB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 176KB - Virtual size: 194KB

.rsrc
Size: 16.3MB - Virtual size: 16.3MB