2024-05-26_78cef36e1ea5fbeb002873f9bdae2a1d_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-26_78cef36e1ea5fbeb002873f9bdae2a1d_icedid
Size

332KB
MD5

78cef36e1ea5fbeb002873f9bdae2a1d
SHA1

a2d2f1b58639e36910b4ca49c62e63a1f0e5a2ec
SHA256

9a799fc8ba6c33a3dbb3993a397c7d93626599a79f729e279f7340af3dc0fbcf
SHA512

ca8defec1b1be32f2335bb36c1ef2626f99fc58c361eb548d9c569f0ad6c42aff6ba63904337f6a8109e565ae3db771d6110d946332c2e469ffa78dc295bb90c
SSDEEP

3072:j5Otfv8c/JAbUGiv3nixnKYRuKAafwLgbiLuowYgvAoteyDLWDevnGBJqmKkfl2G:kccoU7YnKYRuixbicaosyDLWBBUVaoy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-26_78cef36e1ea5fbeb002873f9bdae2a1d_icedid

Files

2024-05-26_78cef36e1ea5fbeb002873f9bdae2a1d_icedid
.exe windows:4 windows x86 arch:x86

69cd9326dc18c1655e669b11e804a652

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\My Solution\eMailMagic Pro\Src\MailMagicLite\Release\MailMagicLite.pdb

Imports

ssleay32

ord183
ord87
ord77
ord78
ord108
ord43
ord96
ord48
ord8
ord116
ord12
ord74
ord75

libeay32

ord467
ord2604
ord2254
ord1804
ord197
ord224
ord254
ord298
ord466

winmm

timeEndPeriod
timeBeginPeriod

kernel32

InterlockedDecrement
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
ExitThread
CreateThread
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
RaiseException
MulDiv
CreateEventA
SuspendThread
SetEvent
SetThreadPriority
CloseHandle
GetCurrentThread
GlobalAlloc
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileStringA
WaitForSingleObject
FormatMessageA
lstrcpynA
LocalFree
SetLastError
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
FreeResource
lstrcmpA
lstrcpyA
Sleep
WideCharToMultiByte
ResumeThread
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WaitMessage
ReleaseDC
GetDC
wsprintfA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
ShowWindow
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowLongA
GetSysColor
GetParent
RedrawWindow
LockWindowUpdate
LoadBitmapA
CopyRect
EnumChildWindows
GetWindowLongA
SetWindowTextA
CharUpperA
GetSystemMetrics
CreateWindowExA
DestroyWindow
LoadIconA
KillTimer
SetTimer
GetClientRect
GetWindowRect
IsIconic
PostMessageA
SendMessageA
DrawIcon
EnableWindow
MapWindowPoints

gdi32

GetStockObject
SetMapMode
RestoreDC
DeleteDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathCompactPathExA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear
VarDateFromStr

ws2_32

sendto
send
recvfrom
socket
WSACleanup
WSASetLastError
WSAAsyncSelect
recv
connect
htons
inet_addr
gethostbyname
htonl
bind
WSAStartup
ntohl
select
closesocket
WSAGetLastError
accept

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69cd9326dc18c1655e669b11e804a652

Headers

File Characteristics

PDB Paths

Imports

ssleay32

libeay32

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 72KB - Virtual size: 70KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 72KB - Virtual size: 70KB