2024-06-08_acd0809342f62f6b1913e581f3e9e460_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-08_acd0809342f62f6b1913e581f3e9e460_icedid
Size

624KB
MD5

acd0809342f62f6b1913e581f3e9e460
SHA1

5818a60c2231b26813ae4e6585472d1d19a7f99e
SHA256

944f59f0ad7b3b83cfd842044dd02caef4ccf84b92b57c7f0b0fd70addb42b5c
SHA512

eff2f08e7c83f4049ccd3444945d9ed7e43afa85754069ed724a04782a3db854e55a29c3e3542acbd9ef219944e66baedaa35cc6f1452c66b296d835babf6299
SSDEEP

12288:wgR5NaejGmlCyzNw/wUEe/xuB0vQXbXcjhPvcEP:LRLvGHiq/REe/xurXwjh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_acd0809342f62f6b1913e581f3e9e460_icedid

Files

2024-06-08_acd0809342f62f6b1913e581f3e9e460_icedid
.exe windows:4 windows x86 arch:x86

a524127fc2f6b1acf279f6063d4e7751

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Led\PrgModule\Cp5200sdk\Cp5200sdk\TestCP5200\Release\TestCP5200.pdb

Imports

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindExtensionW
StrToIntA
PathFindFileNameA
PathFileExistsA
PathIsUNCA

kernel32

GetModuleFileNameA
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GetLocalTime
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
ReadFile
ClearCommError
SetupComm
PurgeComm
SetCommTimeouts
CreateEventA
GetCommState
SetCommState
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
FindNextFileA
FindClose
Sleep
DeleteFileA
GetTempPathA
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
VirtualProtect
lstrcmpA
GetStringTypeA
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
FindResourceExA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileIntA
CreateFileA
GetFileSize
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CloseHandle
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetLastError
WideCharToMultiByte
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetTickCount
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetACP
InterlockedExchange
SetEnvironmentVariableA
GetLocaleInfoW
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeW
WriteFile

user32

DestroyIcon
DrawStateA
ReleaseDC
GetDC
CreateIconIndirect
GetIconInfo
CopyRect
InflateRect
OffsetRect
FillRect
FrameRect
DrawFocusRect
SendMessageA
GetWindowRect
PostThreadMessageA
RegisterClipboardFormatA
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
SetCapture
GetClientRect
ClientToScreen
InvalidateRect
GetActiveWindow
GetNextDlgTabItem
GetParent
WindowFromPoint
EnableWindow
GetWindowLongA
DestroyMenu
DestroyCursor
SetCursor
PostMessageA
TrackPopupMenuEx
GetSubMenu
GetSysColor
LoadImageA
LoadMenuA
GetSystemMetrics
SetTimer
KillTimer
SendMessageW
CreateWindowExA
CreateWindowExW
DestroyWindow
IsWindow
SetWindowTextA
SetWindowTextW
GetFocus
IsWindowVisible
CharUpperA
UnregisterClassA
LoadIconA
IsRectEmpty
SetRect
MessageBeep
GetSysColorBrush
GetMenuItemInfoA
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
LoadCursorA
MapDialogRect
GetAsyncKeyState
wsprintfA
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
GetCursorPos
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
EndPaint
GetWindow
PtInRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
SetWindowPos
SetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
RegisterClassA
GetClassInfoA
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
GetMenuItemCount
GetMenuItemID
GetMenu
UpdateWindow
SetForegroundWindow
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
GetMenuState
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetKeyState

gdi32

StretchBlt
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
GetClipBox
EnumFontFamiliesExA
CreateDIBSection
SetDIBColorTable
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
DeleteObject
ExtSelectClipRgn
CreatePatternBrush
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
GetTextMetricsA
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetRgnBox

comdlg32

GetSaveFileNameA
ChooseColorA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

shell32

DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Draw
ImageList_GetImageInfo

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
SafeArrayDestroy
OleCreateFontIndirect

gdiplus

GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipAlloc
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipSaveImageToFile
GdipGetImagePaletteSize
GdipCloneImage
GdipGetImagePixelFormat
GdipGetImageHeight
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageEncoders

winmm

PlaySoundA

cp5200

ord72
ord101
ord74
ord102
ord76
ord103
ord77
ord104
ord79
ord71
ord100
CP5200_CmmPacker_Destroy
CP5200_CmmPacker_Data
CP5200_ParsePushUserVarRet
CP5200_MakePushUserVarData
CP5200_CmmPacker_Create
CP5200_TextToImageEx
CP5200_TextToImage
CP5200_MakeImageDataFromFile
ord21
CP5200_ParseWritePrivateCodeRet
CP5200_MakeWritePrivateCodeData
ord20
CP5200_ParseReadPrivateCodeRet
CP5200_MakeReadPrivateCodeData
CPowerBox_ParseSendPictureRet
CPowerBox_MakeSendPictureData
CPowerBox_ParseSetProgramPropertyRet
CPowerBox_MakeSetProgramPropertyData
CPowerBox_ParseInOutProgramTemplateRet
CPowerBox_MakeInOutProgramTemplateData
CPowerBox_ParseSendTextRet
CPowerBox_MakeSendTextData
CPowerBox_ParseGetScheduleRet
CPowerBox_MakeGetScheduleData
CPowerBox_ParseQueryProgramTemplateRet
CPowerBox_MakeQueryProgramTemplateData1
CPowerBox_ParseDeleteProgramRet
CPowerBox_MakeDeleteProgramData
CPowerBox_ParseSetScheduleRet
CPowerBox_MakeSetScheduleData
CPowerBox_ParseDeleteScheduleRet
CPowerBox_MakeDeleteScheduleData
CPowerBox_ParseQueryProgramRet
CPowerBox_MakeQueryProgramData
CPowerBox_ParseSetProgramTemplateRet
CPowerBox_MakeSetProgramTemplateData1
CPowerBox_ParseSetAloneProgramRet
CPowerBox_MakeSetAloneProgramData
ord91
ord93
ord92
CP5200_Runsch_SetAttrEx
ord90
ord80
ord37
ord36
ord39
ord38
ord55
ord54
CP5200_ParseWriteConfigRet
CP5200_MakeWriteConfigData
CP5200_RS232_WriteHWSetting
ord70
CP5200_Net_WriteHWSetting
CP5200_RS232_ReadHWSetting
CP5200_Net_ReadHWSetting
CP5200_ParseScreenTestRet
CP5200_MakeScreenTestData
ord27
ord26
ord25
ord24
ord23
ord22
ord51
ord50
ord31
ord30
ord49
ord48
ord33
ord32
ord35
ord34
ord53
ord52
CP5200_ParseRestartAppRet
CP5200_MakeRestartAppData
ord56
ord57
CP5200_ParseReadConfigRet
CP5200_MakeReadConfigData
CP5200_ParseGetTempHumiRet
CP5200_MakeGetTempHumiData
CP5200_RS232_QueryControllerInfo
CP5200_Net_QueryControllerInfo
CP5200_ParseSaveClearWndRet
CP5200_MakeSaveClearWndData
CP5200_ParseExitSplitScreenRet
CP5200_MakeExitSplitScreenData
CP5200_ParseSetGlobalZoneRet
CP5200_MakeSetGlobalZoneData
CP5200_ParseSetZoneAndVariableRet
CP5200_MakeSetZoneAndVariableData
CP5200_ParseSplitScreenRet
CP5200_MakeSplitScreenData
CP5200_ParseSendMultiProtocolRet
CP5200_MakeSendMultiProtocol
CP5200_ParseSendTextRet
CP5200_MakeSendTextData
CP5200_ParseSendTagTextRet
CP5200_MakeSendTagTextData
CP5200_ParseSendPureTextRet
CP5200_MakeSendPureTextData
CP5200_ParseSendStaticRet
CP5200_MakeSendStaticData
CP5200_ParseSendClockRet
CP5200_MakeSendClockData
CP5200_ParseSendPictureRet
CP5200_MakeSendPictureData
CP5200_ParseSetUserVarRet
CP5200_MakeSetUserVarData
CP5200_ParseSelectedAndUserVarRet
CP5200_MakeSelectedAndUserVarData
CP5200_RS232_SendInstantMessage1
CP5200_Net_SendInstantMessage1
CP5200_ParsePlaySelectedPrgRet
CP5200_MakePlaySelectedPrgData

ws2_32

closesocket
shutdown
setsockopt
WSAGetLastError
select
connect
ioctlsocket
htons
htonl
socket
send
recv
WSACleanup
WSAStartup

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a524127fc2f6b1acf279f6063d4e7751

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

gdiplus

winmm

cp5200

ws2_32

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 84KB - Virtual size: 83KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 84KB - Virtual size: 83KB