2024-05-30_e1a4db186e920f50d0fd962f74af6a24_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-30_e1a4db186e920f50d0fd962f74af6a24_icedid
Size

288KB
MD5

e1a4db186e920f50d0fd962f74af6a24
SHA1

810c121a85af00f922084a02a2302c0571a8285f
SHA256

e57b8262a57aadaa8d1aec74250d319f56ea451511f1ffe7280dcf5cfd3508e2
SHA512

6dbcaa819961163c432e360f749b1de226a93069c5ad6fb28e6faa6d5c64b054fb06a0f0039457cbb4ed95dfdebf68ac7ce23fa0a33cfce599bb3ca2987598e2
SSDEEP

3072:R2AjnTrXPQmrhfKlJ0s7qVsy3Z6T7Ibn0F/LrkJnj1XDCj5Q1hheXfNZkpSd0CXR:wkTrPQFJiSyp6vIbn0a5AQ1D6qkp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-30_e1a4db186e920f50d0fd962f74af6a24_icedid

Files

2024-05-30_e1a4db186e920f50d0fd962f74af6a24_icedid
.exe windows:4 windows x86 arch:x86

36c851b64b454db5f5f8d3fc6da3ba5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipDeleteFont
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawString
GdipCreateFont
GdipAlloc
GdipDeleteFontFamily
GdipMeasureString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipCloneFont
GdipGetGenericFontFamilySansSerif
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipGetImageThumbnail
GdipCloneImage
GdipCloneBitmapAreaI
GdipFree

psapi

EnumProcesses

kernel32

GetFullPathNameW
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalGetAtomNameW
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
RaiseException
SetErrorMode
GetFileAttributesW
GetFileTime
GetCurrentDirectoryW
GetStartupInfoW
RtlUnwind
ExitProcess
TerminateProcess
GetVolumeInformationW
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
WideCharToMultiByte
GlobalFree
lstrcpyW
GlobalAlloc
FormatMessageW
LocalFree
GlobalLock
GlobalUnlock
OutputDebugStringW
SizeofResource
LockResource
LoadResource
SetLastError
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcatW
lstrcmpW
GetModuleHandleW
GetVersionExA
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
FindResourceW
HeapDestroy
GetProcAddress
WritePrivateProfileStringW
GetLocalTime
GetProcessTimes
OpenProcess
CompareFileTime
CreateEventW
GetLastError
InterlockedDecrement
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameW
SetCurrentDirectoryW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
GetTickCount
GetPrivateProfileSectionW
LoadLibraryW
FreeLibrary
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetPrivateProfileIntW

user32

PostQuitMessage
SetCursor
ShowOwnedPopups
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageW
TranslateAcceleratorW
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
InvalidateRect
LoadAcceleratorsW
ReleaseCapture
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuW
InflateRect
GetMenuItemInfoW
SystemParametersInfoW
GetSysColorBrush
FillRect
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
IsWindowEnabled
SetWindowTextW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
wsprintfW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
EndPaint
GetForegroundWindow
DrawTextW
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
SetRect
GetSystemMetrics
keybd_event
GetCursorPos
FindWindowExW
SetParent
SetWindowPos
GetTitleBarInfo
CharUpperW
GetClassLongW
GetClassNameW
WaitForInputIdle
EnumWindows
IsWindow
IsIconic
FindWindowW
GetWindowThreadProcessId
IsWindowVisible
GetDesktopWindow
GetWindow
ShowWindow
MessageBoxW
EnumDisplaySettingsW
LoadIconW
UpdateWindow
ShowCursor
PostMessageW
KillTimer
GetDC
ReleaseDC
SetTimer
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
GetWindowTextW
DrawTextExW
SendMessageW
EnableWindow
LoadCursorW
GetLastActivePopup
TabbedTextOutW

gdi32

GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
GetStockObject
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ExtCreateRegion
CombineRgn
GetObjectW
CreateDIBSection
PtInRegion
CreateSolidBrush
CreateCompatibleBitmap
SetStretchBltMode
CreateCompatibleDC
SelectObject
DeleteObject
BitBlt
DeleteDC

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW

shell32

DragQueryFileW
DragFinish
ShellExecuteExW

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VariantChangeType

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36c851b64b454db5f5f8d3fc6da3ba5e

Headers

File Characteristics

Imports

gdiplus

psapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 59KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 59KB

.rsrc
Size: 32KB - Virtual size: 29KB