2024-05-30_9e22ebe7b67b360df0527607a33cc2a4_hacktools_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-30_9e22ebe7b67b360df0527607a33cc2a4_hacktools_icedid
Size

18.5MB
MD5

9e22ebe7b67b360df0527607a33cc2a4
SHA1

c13421942de9e70fe153827032ad8e4d1ff00755
SHA256

779f8de063ec37408cc138ef9f9d1f1b6b3b53662d65113e7220fd8cf34decda
SHA512

b3784ef938bd03395b244d07b59b4fdbd2bdec464d52981a49073c96c46a069ff7640d3c6728449794356b19650dfafc25fa7e062592c15adafc8b2b34249370
SSDEEP

393216:MyquSxCXH1ykHazSKw5mOuXqfnHtTyhrOkz2z/H:MyfzHaBw5QXqfw1Ok2P

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-30_9e22ebe7b67b360df0527607a33cc2a4_hacktools_icedid

Files

2024-05-30_9e22ebe7b67b360df0527607a33cc2a4_hacktools_icedid
.exe windows:4 windows x86 arch:x86

cfaca9ab3bc58e01eeca05c4e13c07ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerA
SetProcessWorkingSetSize
GetSystemDirectoryA
GetStdHandle
SetHandleCount
GetACP
LCMapStringA
DeleteFileA
WriteFile
GetEnvironmentVariableA
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
IsBadReadPtr
HeapReAlloc
ExitProcess
DeviceIoControl
CreateFileA
LocalSize
CreateThread
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
IsWow64Process
WideCharToMultiByte
RtlMoveMemory
OpenProcess
HeapSize
TerminateProcess
RtlUnwind
GetCommandLineA
lstrcpyn
HeapAlloc
SetWaitableTimer
GetCPInfo
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
GetExitCodeThread
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
InterlockedIncrement
GlobalFlags
MulDiv
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GetModuleFileNameA
GetTickCount
lstrlenA
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GetStringTypeW
IsBadCodePtr
SetStdHandle
GlobalFree
GlobalUnlock
GlobalLock
Process32Next
GlobalAlloc
FreeLibrary
LoadLibraryA
HeapFree
GetProcessHeap
Process32First
Module32Next
Module32First
WriteProcessMemory
CreateToolhelp32Snapshot
MultiByteToWideChar
ReadProcessMemory
GetOEMCP
GetTempPathA
RaiseException
TerminateThread
GlobalHandle
TlsFree
LeaveCriticalSection
CloseHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
CopyFileA
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetEnvironmentVariableA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
InterlockedExchange
VirtualProtect
VirtualQuery
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
CloseHandle
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetThreadLocale
GetStringTypeExA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FormatMessageA
LocalFree
SuspendThread
ReleaseMutex
CreateMutexA
lstrcmpiA
FlushInstructionCache
TerminateThread
InterlockedIncrement
InterlockedDecrement
FileTimeToSystemTime
GetVersion
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GetTimeZoneInformation
SetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
OpenProcess
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcessId
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
GetSystemInfo
InterlockedCompareExchange
GetDriveTypeA
GetLogicalDriveStringsA
WaitForSingleObject
FindNextFileA

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
OleFlushClipboard
CLSIDFromString
CoUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleRun
CoCreateInstance
CLSIDFromString
CreateILockBytesOnHGlobal

user32

GetMenuItemCount
InsertMenuA
SetMenuInfo
GetSubMenu
GetMenuItemID
LoadMenuA
GetSystemMenu
CreatePopupMenu
CreateMenu
RegisterClassExA
GetParent
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClassNameA
BeginPaint
EndPaint
CallWindowProcA
GetAsyncKeyState
GetClientRect
DestroyWindow
DefWindowProcA
DefMDIChildProcA
LoadCursorA
SetCursor
TrackMouseEvent
DestroyIcon
SetWindowLongA
DestroyCursor
CreateWindowExA
GetWindowLongA
CheckMenuRadioItem
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
PtInRect
GetDlgCtrlID
ClientToScreen
SetFocus
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
AppendMenuA
GetWindowPlacement
SystemParametersInfoA
GetForegroundWindow
GetMessagePos
GetMessageTime
RegisterClassA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
PostThreadMessageA
CreateDialogIndirectParamA
EndDialog
GetFocus
SetForegroundWindow
GetWindowRect
SetActiveWindow
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect
SetWindowRgn
RemovePropA
GetPropA
SetPropA
MessageBoxA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnableWindow
IsWindowEnabled
ShowWindow
IsWindowVisible
SetParent
SetWindowPos
UpdateWindow
ValidateRect
InvalidateRect
ScreenToClient
TrackPopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemRect
SendDlgItemMessageA
GetMenuState
GetMenuInfo
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoA
SetMenuItemBitmaps
SetMenuDefaultItem
wsprintfA
PeekMessageA
GetMessageA
SendMessageA
GetWindow
PostQuitMessage
PostMessageA
MsgWaitForMultipleObjects
DestroyMenu
GetClassInfoA
GetDlgItem
MoveWindow
GetNextDlgGroupItem
LoadStringA
MapDialogRect
SetWindowContextHelpId
CharNextA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetClassLongA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
PostThreadMessageA
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
UnregisterClassA
CharUpperA
GetWindowTextLengthA
EnumThreadWindows
CheckMenuItem
IsMenu
GetMenuItemRect
DrawMenuBar
RemovePropA
GetSysColorBrush
GetMenuItemInfoA
UnregisterHotKey
RegisterHotKey
CreateWindowExA
GetForegroundWindow
GetNextDlgTabItem
SetWindowTextA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetTabbedTextExtentA
DrawStateA
GrayStringA
TabbedTextOutA
WindowFromDC
GetWindowDC
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
FrameRect
MoveWindow
CallWindowProcA
DrawTextA
GetCursor
GetWindowTextA
FindWindowExA
GetDlgItem
FindWindowA
GetWindowThreadProcessId
mouse_event
keybd_event
GetClassNameA
GetDesktopWindow
VkKeyScanExA
GetKeyboardLayout
SetPropA
EnumChildWindows
GetPropA
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
ScrollDC
IsRectEmpty
InvertRect
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen

atl

ord42
ord10
ord11
ord47

shell32

DragQueryFileA
Shell_NotifyIconA
DragFinish
DragAcceptFiles
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
DragQueryFileA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
DragAcceptFiles
DragFinish

gdi32

CreateDIBSection
ExtTextOutA
SetViewportOrgEx
CreatePatternBrush
CreateSolidBrush
StretchBlt
CreateRoundRectRgn
CombineRgn
GetClipBox
ScaleWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
ExtCreateRegion
BitBlt
SelectObject
DeleteDC
TextOutA
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
Escape
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateBrushIndirect
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
Pie
Chord
Arc
CreateHatchBrush
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
RoundRect
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
CreateRoundRectRgn
GetCurrentObject
Polygon
GetTextExtentPoint32A
GetDeviceCaps
GetStockObject
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
GetMapMode
GetViewportExtEx
ExtSelectClipRgn
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
GetTextMetricsA
CreateEllipticRgnIndirect
MoveToEx
LineTo
GetClipBox
TranslateCharsetInfo
CreateFontA
SetDIBitsToDevice
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
SetTextColor
SetBkMode
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
ExtCreateRegion
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
BitBlt

advapi32

RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
ControlService
DeleteService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegOpenKeyExA
StartServiceA
CreateServiceA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17
ImageList_DrawIndirect
ImageList_Read
ImageList_LoadImageA
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_AddMasked
_TrackMouseEvent
ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Duplicate

oledlg

ord8
ord8

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SysAllocString
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
SafeArrayCreate
VariantChangeType
VariantInit
SafeArrayDestroy
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayGetElemsize
SysAllocStringLen
VariantTimeToSystemTime
GetErrorInfo
LHashValOfNameSys

shlwapi

PathFileExistsA

winmm

waveOutRestart
PlaySoundA
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart

ws2_32

ntohs
__WSAFDIsSet
getsockname
getpeername
listen
recv
connect
accept
ntohl
recvfrom
sendto
socket
htonl
bind
htons
WSAAsyncSelect
ioctlsocket
closesocket
send
gethostname
inet_addr
inet_ntoa
gethostbyname
WSAStartup
WSACleanup
select

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

rasapi32

RasHangUpA
RasGetConnectStatusA

msimg32

TransparentBlt
AlphaBlend
GradientFill

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

wldap32

ord29

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15.1MB - Virtual size: 15.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfaca9ab3bc58e01eeca05c4e13c07ba

Headers

File Characteristics

Imports

kernel32

ole32

user32

atl

shell32

gdi32

advapi32

winspool.drv

comctl32

oledlg

oleaut32

shlwapi

winmm

ws2_32

msvfw32

avifil32

rasapi32

msimg32

comdlg32

wininet

wldap32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 15.1MB - Virtual size: 15.1MB

.data Size: 256KB - Virtual size: 780KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 15.1MB - Virtual size: 15.1MB

.data
Size: 256KB - Virtual size: 780KB

.rsrc
Size: 96KB - Virtual size: 95KB