2024-06-05_1243ce713f11559bbef71b75ce26d0a7_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_1243ce713f11559bbef71b75ce26d0a7_icedid
Size

972KB
MD5

1243ce713f11559bbef71b75ce26d0a7
SHA1

317fe0b0051106b6a0c75baa3c2dcd4d2ea7c9b4
SHA256

feaa98ba213cf7a27f5741252140f10b01f2547e203339773079d414941ee98c
SHA512

698d64d42ef235e521591892e09538631b7750372597d52575023f00099f104005ec623ce02f71372aea6c9eaf3e9c8ead78f4b722309decf7ef0de283341494
SSDEEP

12288:NWJzZMqu+yX/ZFTrfCYNrKdIZWIvq92CHx7As2iH6nsgINnNgL:0JzZMqbyX/ZFTrfsnIC959AZsgI3gL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_1243ce713f11559bbef71b75ce26d0a7_icedid

Files

2024-06-05_1243ce713f11559bbef71b75ce26d0a7_icedid
.exe windows:4 windows x86 arch:x86

f1f1f3624312efc71e2e4cf39e80559e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

c:\code\Warhammer\Obj\PC\Bin\AutoPlay.pdb

Imports

kernel32

HeapSize
HeapCompact
DeleteFileA
MoveFileA
CopyFileA
SetFilePointer
ReadFile
FlushFileBuffers
SleepEx
CancelIo
GetTickCount
ReadDirectoryChangesW
GlobalAlloc
GlobalLock
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
GlobalAddAtomA
FreeResource
GlobalFree
GlobalUnlock
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
MulDiv
GetModuleFileNameW
InterlockedDecrement
LocalFree
FormatMessageA
GlobalSize
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetThreadLocale
HeapReAlloc
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetShortPathNameA
GetOEMCP
GetAtomNameA
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
RtlUnwind
RaiseException
GetStartupInfoA
UnhandledExceptionFilter
GetDriveTypeA
ExitProcess
ExitThread
CreateThread
GetStdHandle
IsValidCodePage
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
SetConsoleCtrlHandler
FatalAppExitA
IsValidLocale
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateSemaphoreA
ReleaseSemaphore
GetExitCodeThread
TerminateThread
HeapValidate
VirtualFree
VirtualAlloc
IsBadStringPtrA
IsBadCodePtr
IsBadWritePtr
VirtualProtect
SetLastError
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
GetPrivateProfileSectionA
lstrcmpA
InterlockedIncrement
InterlockedExchangeAdd
GetTimeFormatA
GetLocalTime
GetDateFormatA
FindFirstFileA
FindNextFileA
FindClose
CompareFileTime
GetACP
GetFileAttributesA
CreateProcessA
EnumSystemLocalesA
GetLocaleInfoA
GetCPInfo
Sleep
GetStringTypeA
FreeLibrary
LCMapStringW
GetUserDefaultLCID
LCMapStringA
GetStringTypeW
GetFileSize
GetFileTime
GetSystemInfo
GlobalMemoryStatus
WriteFile
GetSystemTimeAsFileTime
VirtualQuery
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetUnhandledExceptionFilter
TerminateProcess
GetFullPathNameA
GetCurrentThreadId
GetCurrentProcessId
OpenProcess
CreateFileA
GetCurrentThread
GetVersionExA
GetCurrentProcess
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
lstrcatA
OutputDebugStringA
HeapFree
GetProcessHeap
HeapAlloc
lstrcpynA
LoadLibraryA
GetProcAddress
CreateDirectoryA
lstrcpyA
DebugBreak
lstrlenA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
GetEnvironmentVariableW
GetVersion
InterlockedExchange
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCommandLineA
GetModuleFileNameA
SetCurrentDirectoryA
CreateEventA
GetLastError
LockFile
CloseHandle

user32

InflateRect
GetMenuItemInfoA
UnregisterClassA
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetDlgCtrlID
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
GetSystemMetrics
CreateDialogIndirectParamA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetDC
GetDialogBaseUnits
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendMessageA
MessageBoxA
SetDlgItemTextA
SetWindowTextA
SetLastErrorEx
CharNextA
GetSysColor
KillTimer
RedrawWindow
UpdateWindow
SetWindowTextW
LoadStringA
wvsprintfA
wsprintfA
DestroyWindow
RegisterWindowMessageA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
CallWindowProcA
PostMessageA
SendMessageTimeoutA
CharUpperA
PostQuitMessage
SetCursor
LoadCursorA
GetClientRect
GrayStringA
DrawTextExA
CharUpperW
CharLowerA
CharLowerW
EnableWindow
InvalidateRect
LoadImageA
LoadBitmapA
SetTimer
DestroyMenu
GetAsyncKeyState
ScreenToClient
ClientToScreen
GetWindowRect
WindowFromDC
DestroyIcon
GetSysColorBrush
DeleteMenu
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
EndPaint
BeginPaint
GetWindowDC
GetCursorPos
ReleaseDC
DrawTextA
TabbedTextOutA
FillRect
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
PeekMessageA
ScrollWindow
SetActiveWindow

gdi32

SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
SetBkColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
CreatePen
ExtCreatePen
CreateHatchBrush
CopyMetaFileA
CreateDCA
GetTextMetricsA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
GetTextExtentPoint32A
DeleteDC
CreateFontIndirectA
GetStockObject
DeleteObject
CreateSolidBrush
GetObjectA
CreateCompatibleDC
Escape
StretchBlt
SelectObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteA
SHGetFileInfoA
ExtractIconA

shlwapi

PathFindExtensionA
PathRemoveFileSpecA
PathRemoveExtensionA
PathStripToRootA
StrStrIA
PathFindFileNameA
PathIsUNCA

ole32

ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
CoTaskMemAlloc
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleDuplicateData
CoDisconnectObject
CoCreateInstance
StringFromGUID2
CLSIDFromString
ReadFmtUserTypeStg

oleaut32

SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantCopy

Sections

.text
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1f1f3624312efc71e2e4cf39e80559e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 808KB - Virtual size: 807KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 20KB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 808KB - Virtual size: 807KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 20KB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB