2024-05-29_ac0cf4df3a456e512e361899aa56c7de_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-29_ac0cf4df3a456e512e361899aa56c7de_icedid
Size

2.8MB
MD5

ac0cf4df3a456e512e361899aa56c7de
SHA1

8560a2bcecccbf56654dc9a428eef69a61d30fcc
SHA256

84db888b80edf380f511b1d10fef6b814da013b3d8e7051ad7596e7bccc0816c
SHA512

fd2492c4b1f9539e44d688793029ab0f130520212570e0e364f635a2ff165f46f11970d69cce6fc1c75f0a7b1fd51eab769811f17e4ac7e48ab900da71d3d826
SSDEEP

49152:NebrhehKPgssSt2g9ljR8xmN3Aek03noj45wlDTAlju:0bNehv7StneUJF3noxDx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-29_ac0cf4df3a456e512e361899aa56c7de_icedid

Files

2024-05-29_ac0cf4df3a456e512e361899aa56c7de_icedid
.exe windows:4 windows x86 arch:x86

8cd87daae4eb6051a3a133869314a190

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Office\Source\groove\bin\ReleaseSym\GrooveMigrator.pdb

Imports

dbghelp

SymInitialize

kernel32

TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
DebugBreak
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetModuleFileNameW
CreateFileW
ReadFile
FlushFileBuffers
DeleteFileW
MoveFileW
GetFileAttributesW
CreateDirectoryW
SetEndOfFile
GetFileSize
SetFilePointer
WriteFile
ReadProcessMemory
LoadLibraryW
GetProcAddress
RtlCaptureContext
GetCurrentProcessId
CreateProcessW
WaitForSingleObject
GetSystemInfo
ResetEvent
FreeLibrary
FileTimeToSystemTime
VirtualQuery
lstrlenW
TerminateProcess
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
GetEnvironmentVariableW
LCMapStringW
LCMapStringA
LoadLibraryA
RtlUnwind
GetDriveTypeA
GetCurrentDirectoryA
GetOEMCP
GetACP
GetCPInfo
VirtualFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
HeapSize
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
GetCurrentThreadId
SetEvent
GetCommandLineW
CreateEventW
AddAtomW
GetSystemTime
GetModuleHandleA
FormatMessageW
RaiseException
GetCurrentProcess
ExpandEnvironmentStringsW
LocalAlloc
GetCurrentThread
MoveFileExW
GetDriveTypeW
GetLogicalDriveStringsW
CloseHandle
GetVolumePathNameW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetLastError
GetTickCount
CreateThread
MulDiv
GetModuleHandleW
LocalFree
Sleep
SetLastError
FindFirstFileW
FindClose
FindNextFileW
HeapReAlloc
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStdHandle
GetFileType
WriteConsoleW
ExitThread
UnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
GetFullPathNameW
QueryPerformanceCounter
InterlockedIncrement
GetStringTypeW
GetLocaleInfoA
GetStringTypeA

user32

LoadCursorW
GetCursor
SetCursor
wsprintfW
PostThreadMessageW
RegisterWindowMessageW
GetDlgItem
EnableWindow
UnregisterClassA
GetClientRect
LoadStringW
ReleaseDC
GetDC
LoadBitmapW
PostQuitMessage
SendDlgItemMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DestroyWindow
MessageBoxW
CreateDialogParamW
ShowWindow
MoveWindow

gdi32

CreateFontIndirectW
GetDeviceCaps
GetStockObject

advapi32

GetLengthSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
IsWellKnownSid
EqualSid
ConvertStringSidToSidW
RevertToSelf
CopySid
GetTokenInformation
OpenThreadToken
ImpersonateSelf
QueryServiceStatus
ControlService
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW

shell32

SHFileOperationW
SHGetFolderPathW

ole32

StringFromIID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo
SysReAllocStringLen
SysAllocString
SysAllocStringLen

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

InitCommonControlsEx

shlwapi

StrFormatByteSizeW

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cd87daae4eb6051a3a133869314a190

Headers

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

comctl32

shlwapi

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 82KB - Virtual size: 82KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 82KB - Virtual size: 82KB