2024-05-26_5fb3afd62b6a300d645bccc33f987215_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-26_5fb3afd62b6a300d645bccc33f987215_icedid
Size

256KB
MD5

5fb3afd62b6a300d645bccc33f987215
SHA1

a74502e690123e8888f9f6dd7f0e6e2491d31099
SHA256

12b884fdd2ebda7bd4cea27212dc115c8311ac151d0af1c07f587229bb5979b9
SHA512

6634e066e89e2934192145136086885102d6b54330e76c75525f37dda5ef4bfadc62ea84377357f6aa50352f2dd0c46c043078693807e39c5c36ff54cfe2268c
SSDEEP

6144:udESnr1M8/j0PoYNeqSF7RyRoUrOGH9utW:u26M8/j0PoGeqSzy6UXH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-26_5fb3afd62b6a300d645bccc33f987215_icedid

Files

2024-05-26_5fb3afd62b6a300d645bccc33f987215_icedid
.exe windows:4 windows x86 arch:x86

dc6c535dcf674378669bf8c29e87d586

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
FlushFileBuffers
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapSize
TerminateProcess
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
SetStdHandle
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpyA
GetCurrentThreadId
GlobalFlags
lstrcmpA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleA
lstrlenA
lstrcmpiA
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
GetSystemTime
GetFileInformationByHandle
GetFileAttributesA
SuspendThread
ResumeThread
CreateDirectoryA
SetFileAttributesA
SetFileTime
GetComputerNameA
GetLocalTime
SystemTimeToFileTime
IsDBCSLeadByte
LoadLibraryA
GetProcAddress
Sleep
CreateThread
ExitThread
GetFileSize
CreateFileMappingA
IsBadReadPtr
GetModuleFileNameA
MapViewOfFile
GetTickCount
UnmapViewOfFile
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
MultiByteToWideChar
GetFullPathNameA
CreateFileA
SetFilePointer
WriteFile
GetDriveTypeA
GetCurrentDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
ExitProcess
GetVersion
GetLastError
FormatMessageA
lstrcpynA
VirtualFree
LocalFree

user32

RemovePropA
GetTopWindow
GetMessageTime
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA
IsIconic
CopyRect
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetKeyState
ValidateRect
ClientToScreen
GetDlgCtrlID
PtInRect
GetFocus
GetLastActivePopup
UnhookWindowsHookEx
GetSysColor
GetSysColorBrush
UnregisterClassA
GetMenuState
PeekMessageA
MoveWindow
GetWindowWord
SetWindowWord
SetActiveWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoA
BringWindowToTop
IsWindow
TranslateAcceleratorA
IsDialogMessageA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
GetClientRect
SendDlgItemMessageA
GetParent
SetDlgItemTextA
GetWindow
ReleaseCapture
IsDlgButtonChecked
CreatePopupMenu
GetWindowTextA
ModifyMenuA
BeginDeferWindowPos
IsWindowEnabled
DeferWindowPos
EndDeferWindowPos
InvalidateRgn
IsWindowVisible
GetMessagePos
RegisterHotKey
UnregisterHotKey
SetCursor
PostMessageA
EnableWindow
GetWindowPlacement
SetWindowPlacement
DialogBoxParamA
RegisterWindowMessageA
GetAsyncKeyState
MessageBeep
KillTimer
GetMenuItemID
GetSystemMenu
DeleteMenu
GetMenuStringA
LoadAcceleratorsA
PostQuitMessage
SetFocus
SetClassLongA
FlashWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WinHelpA
SetWindowTextA
LoadMenuA
GetSubMenu
GetCursorPos
TrackPopupMenu
GetCapture
GetClassLongA
GetClassInfoExA
SetPropA
CallWindowProcA
GetPropA
DestroyMenu
SetTimer
CreateMenu
GetMenuItemCount
AppendMenuA
InsertMenuA
EnumWindows
GetClassNameA
ShowWindow
UpdateWindow
GetSystemMetrics
MessageBoxA
LoadIconA
LoadCursorA
FindWindowA
SetForegroundWindow
EndDialog
GetDlgItem
SendMessageA
wsprintfA
RegisterClassA
GetWindowLongA
SetWindowLongA
SetWindowPos
DefWindowProcA
DestroyWindow
CreateWindowExA
GetDC
ReleaseDC
GetDlgItemTextA

gdi32

SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetMapMode
RestoreDC
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
GetObjectA
CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreatePen
SelectObject
Ellipse
Rectangle
GetStretchBltMode
SetStretchBltMode
StretchBlt
CreateRectRgn
CreateEllipticRgn
CombineRgn
SelectClipRgn
BitBlt
DeleteObject

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyExA
GetUserNameA

shell32

DragFinish
ShellExecuteExA
ExtractIconA
SHChangeNotify
SHGetPathFromIDListA
DragQueryFileA
Shell_NotifyIconA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ord17

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

ws2_32

sendto
WSACleanup
gethostname
recvfrom
WSAAsyncSelect
WSAStartup
socket
accept
ioctlsocket
setsockopt
listen
gethostbyname
WSAGetLastError
inet_addr
select
recv
connect
ntohl
bind
send
htons
inet_ntoa
closesocket

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc6c535dcf674378669bf8c29e87d586

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 28KB - Virtual size: 24KB