2024-06-01_ca052ffd464cce4b605d0accbb236b03_icedid_necurs

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_ca052ffd464cce4b605d0accbb236b03_icedid_necurs
Size

1.5MB
MD5

ca052ffd464cce4b605d0accbb236b03
SHA1

2fd70f417011b5ca37636ef9bf10d02b759f850d
SHA256

7e505196cb3b462ec06ae17713c300332a8fd07a17d2e2e0e70f9016a16a3071
SHA512

3a37015ae23c17a6e999e87bb94e13e451647342ef94cbfb00d4726771185cd61e348f8a8cae5beabff7a03787b7ce90fd185f56e6924475bc82f7a3cff49e87
SSDEEP

24576:Kz4kugEMg9QgNdWd3O8kmvyyxxmDSpxgZVup0O/+dNIe7sxYRWB3kEVU2yduPeCM:2TuGg+gNzcyybGSpxg7up0O/0NRCUX7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_ca052ffd464cce4b605d0accbb236b03_icedid_necurs

Files

2024-06-01_ca052ffd464cce4b605d0accbb236b03_icedid_necurs
.exe windows:4 windows x86 arch:x86

ac5cdee8c40a086a0b0b38aed43f41bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\root\kephyr\products\nightclaw\vs\nightclaw\Release\nightclaw.pdb

Imports

psapi

EnumPageFilesA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

sfc

SfcIsFileProtected

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

crypt32

CertCloseStore
CryptQueryObject
CryptMsgClose
CryptMsgGetParam
CertGetNameStringA
CertFindCertificateInStore

kernel32

lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
WritePrivateProfileStringA
GetModuleFileNameW
InterlockedIncrement
GetThreadLocale
FileTimeToSystemTime
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
WriteFile
SetFilePointer
FlushFileBuffers
FreeResource
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetTickCount
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
SetStdHandle
GetProcessHeap
GetStartupInfoA
HeapSize
VirtualFree
HeapDestroy
HeapCreate
SetHandleCount
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
MulDiv
RaiseException
LoadLibraryA
LCMapStringW
LCMapStringA
GetUserDefaultLCID
InterlockedCompareExchange
GetFileSize
EnumResourceNamesA
GetFileInformationByHandle
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetProcAddress
LoadLibraryExA
FreeLibrary
Sleep
InterlockedDecrement
TerminateProcess
ReadProcessMemory
ExpandEnvironmentStringsA
QueryDosDeviceA
FindNextFileA
CopyFileA
GetLogicalDrives
GetDriveTypeA
SetCurrentDirectoryA
CreateRemoteThread
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetVersionExA
FindFirstFileA
FindClose
SetLastError
GetCommandLineA
GetModuleFileNameA
CreateDirectoryA
GetStdHandle
ReleaseMutex
CreateMutexA
WaitForSingleObject
TerminateThread
GetCurrentThreadId
FormatMessageA
CreateFileA
ReadFile
ExitProcess
GetCurrentThread
SetThreadPriority
OpenProcess
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileType
GetCurrentProcessId
SearchPathA
SetFileAttributesA
DeleteFileA
GetFileAttributesA
MoveFileExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeExA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateFileW
LockFile

user32

RegisterClipboardFormatA
PostThreadMessageA
SetRect
IsRectEmpty
CopyAcceleratorTableA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
UnregisterClassA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
EnableWindow
GetCapture
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MessageBeep
GetNextDlgGroupItem
DestroyMenu
LoadStringA
LoadCursorA
GetSysColorBrush
CharNextA
ReleaseCapture
SetCapture
InvalidateRgn
CallNextHookEx
InvalidateRect
CharUpperA
MessageBoxA
SendMessageA
PostMessageA
IsIconic
IsZoomed
GetWindowRect
GetClientRect
LoadIconA
DestroyIcon
GetSystemMetrics
SystemParametersInfoA
LoadImageA
ReleaseDC
GetDC
GetWindowTextA
GetClassNameA
wsprintfW
GetWindowThreadProcessId
GetParent
GetWindowLongA
RegisterWindowMessageA
CreateWindowExA
GetClassInfoExA
GetDesktopWindow

gdi32

DeleteDC
GetStockObject
CreateRectRgnIndirect
ExtSelectClipRgn
GetBkColor
GetTextColor
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
GetRgnBox
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx
GetDeviceCaps
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryInfoKeyA
RegQueryValueA
RegOpenKeyA
OpenThreadToken
ImpersonateSelf
LookupPrivilegeValueA
PrivilegeCheck
AdjustTokenPrivileges
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA

shell32

SHGetFolderPathA

comctl32

ord17

shlwapi

SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathCanonicalizeA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
VariantCopy
SysStringLen
VariantChangeType
DispCallFunc
LoadRegTypeLi
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

ws2_32

WSCDeinstallProvider
WSCGetProviderPath
WSCEnumProtocols
WSACleanup
WSAStartup
WSCUnInstallNameSpace
WSAGetLastError

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac5cdee8c40a086a0b0b38aed43f41bf

Headers

File Characteristics

PDB Paths

Imports

psapi

version

sfc

wintrust

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 296KB - Virtual size: 292KB

.data Size: 36KB - Virtual size: 51KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 296KB - Virtual size: 292KB

.data
Size: 36KB - Virtual size: 51KB

.rsrc
Size: 28KB - Virtual size: 27KB