2024-06-11_c557bdcc79b898b8b1f6178480de94de_hacktools_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-11_c557bdcc79b898b8b1f6178480de94de_hacktools_icedid
Size

6.0MB
MD5

c557bdcc79b898b8b1f6178480de94de
SHA1

44a6d0984d6ab29f92609c00b5267589257bf6ef
SHA256

a9a0603e9fea3c28969b222c897057bff46c7da824d62dde300ddb3ead4fcad4
SHA512

f83125db4904441ec082a6a1a2bceb3a87443c3b163190a4112f86d5c0a7634541ec47bde35f1e206c4f1522a2cd05ee91cf2a316f0979141de113e3db9c6007
SSDEEP

98304:JNy58dJugz4+2OtBr2PJ5SU2rdtf6MgtztaG+Y90ZtdGaeNwk22XPwfEclNns:JM58dJugk+2OtBr2x9O6Mgtztdp0Ztd6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_c557bdcc79b898b8b1f6178480de94de_hacktools_icedid

Files

2024-06-11_c557bdcc79b898b8b1f6178480de94de_hacktools_icedid
.exe windows:5 windows x86 arch:x86

7be0c4209e2fbaba30d5a916257a325f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\iSafeDev\SVNDev\WPK\WPK.pdb

Imports

imme

setLBDownHook

kernel32

SetErrorMode
lstrcmpW
GlobalFlags
ResumeThread
SuspendThread
GlobalAddAtomW
GlobalDeleteAtom
GlobalFindAtomW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetStartupInfoW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
RtlUnwind
RaiseException
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
GetTimeZoneInformation
GetCPInfo
IsValidCodePage
LCMapStringW
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
lstrcmpA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SizeofResource
LockResource
GetAtomNameW
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
CompareStringW
GetModuleHandleA
GetFileSizeEx
GetFileAttributesExW
GetShortPathNameW
GetVolumeInformationW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
SetLastError
MulDiv
LocalFileTimeToFileTime
HeapLock
HeapWalk
HeapUnlock
HeapValidate
GetProcessHeaps
SetFileTime
SetFileAttributesA
CreateDirectoryA
FindFirstFileA
FindNextFileA
LoadResource
FindResourceW
OutputDebugStringA
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
ReadFile
CreateFileW
GetFileSize
CloseHandle
OpenMutexW
CreateMutexW
GetLastError
GetFileAttributesW
SetFileAttributesW
WaitForSingleObject
ReleaseMutex
SetFilePointer
WriteFile
SetEndOfFile
MapViewOfFile
UnmapViewOfFile
SetEvent
CreateEventA
OpenMutexA
CreateFileMappingA
OpenEventA
CreateMutexA
OpenFileMappingA
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
Sleep
CreateThread
GetModuleHandleW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateDirectoryW
GetModuleFileNameW
GetVersion
GetCurrentProcess
GetDiskFreeSpaceExW
FormatMessageW
SetEnvironmentVariableA
LocalLock
LocalFree
GetVersionExW
GetProcAddress
GetSystemInfo
SetCurrentDirectoryA
SetCurrentDirectoryW
CopyFileA
MoveFileA
MoveFileW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetModuleFileNameA
GetComputerNameA
GetOEMCP
GetACP
CompareFileTime
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentProcessId
FreeLibrary
FormatMessageA
LoadLibraryW
LoadLibraryA
GetFullPathNameW
GetFullPathNameA
DeleteFileA
GetFileAttributesA
GetTempPathW
GetTempPathA
CreateFileA
GetVersionExA
LockFileEx
LockFile
UnlockFile
FlushFileBuffers
AreFileApisANSI
GetSystemTime
GetFileInformationByHandle
DuplicateHandle
CreateFileMappingW
GetFileType
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
GetFileTime
Module32FirstW
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
GlobalSize
GetTickCount
ExitProcess
ExpandEnvironmentStringsW
GetLocalTime
WaitForMultipleObjects
LocalAlloc
ResetEvent
GlobalFree
SetThreadPriority
CreateEventW
lstrcpyW
CreateProcessW
lstrlenW
lstrlenA
GetUserDefaultLangID
GetComputerNameW
CopyFileW
RemoveDirectoryW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileW
GetDateFormatW
FindFirstFileW
GetTimeFormatW

user32

SetRectEmpty
DeleteMenu
ShowOwnedPopups
SetCursor
CreateDialogIndirectParamW
GetNextDlgTabItem
SystemParametersInfoW
GetMenuItemInfoW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
GetMenu
OffsetRect
InvalidateRect
IsWindow
GetSystemMetrics
wsprintfW
PostMessageW
GetMessageW
DispatchMessageW
LoadStringW
TranslateMessage
RegisterWindowMessageW
LoadAcceleratorsW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetScrollPos
SetScrollPos
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
PeekMessageW
ValidateRect
IntersectRect
InflateRect
CopyRect
PtInRect
GetFocus
SetWindowPos
ScrollWindowEx
SetFocus
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetWindowTextLengthW
UnhookWindowsHookEx
GetSysColorBrush
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
GetDialogBaseUnits
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
ReleaseCapture
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
SetRect
KillTimer
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
DestroyIcon
TranslateAcceleratorW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SendMessageW
SetWindowTextW
SetClipboardViewer
RegisterHotKey
RegisterRawInputDevices
SetTimer
ChangeClipboardChain
UnregisterHotKey
FindWindowW
ShowWindow
SetForegroundWindow
FlashWindow
OpenClipboard
GetClipboardData
CloseClipboard
GetForegroundWindow
GetKeyState
GetKeyboardState
ToAscii
MapVirtualKeyW
GetKeyNameTextA
GetRawInputData
CheckMenuItem
GetKeyNameTextW
GetWindowTextW
GetCursorPos
EnableWindow
MessageBoxW
GetSysColor
GetWindowDC
WindowFromPoint
GetIconInfo
GetDesktopWindow
GetDC
ReleaseDC
DrawIconEx
GetWindowThreadProcessId
GetWindowRect
GetClassNameW
GetWindow
LoadMenuW
GetSubMenu
TrackPopupMenu
DestroyMenu
GetGUIThreadInfo
GetKeyboardLayout
DefWindowProcW
GetLastInputInfo
BeginPaint
EndPaint
PostQuitMessage
EndDialog
SetWinEventHook
UnhookWinEvent
RemoveMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
CharUpperW
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen

gdi32

CreateHatchBrush
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
CreateSolidBrush
GetDCOrgEx
GetTextExtentPoint32W
GetCharWidthW
CreateFontW
StretchDIBits
GetTextMetricsW
GetBkColor
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CopyMetaFileW
CreateDCW
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
DPtoLP
LineTo

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

FindFirstPrinterChangeNotification
ClosePrinter
FindNextPrinterChangeNotification
GetPrinterW
FreePrinterNotifyInfo
EnumPrintersW
EnumJobsW
OpenPrinterW
FindClosePrinterChangeNotification
DocumentPropertiesW

advapi32

RegSetValueW
CryptDestroyHash
CryptHashData
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetUserNameW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptEnumProvidersA
CryptGetProvParam
CryptExportKey
CryptImportKey
CryptDestroyKey
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegCreateKeyW
RegCreateKeyExW
CryptCreateHash
CryptGetUserKey
CryptGenKey
CryptDeriveKey

shell32

ExtractIconW
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
DragFinish
Shell_NotifyIconW
DragQueryFileW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
StrFormatByteSizeW
PathRemoveFileSpecW

gdiplus

GdipLoadImageFromStreamICM
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageThumbnail
GdipFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetUserGetInfo
NetUserEnum
NetApiBufferFree

winmm

waveInOpen
mmioOpenW
mmioCreateChunk
mmioWrite
mmioAscend
waveInGetErrorTextW
waveInGetNumDevs
waveInGetDevCapsW
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInClose
mmioClose
waveInUnprepareHeader
waveInGetPosition

ws2_32

bind
__WSAFDIsSet
select
connect
htons
listen
getpeername
gethostbyname
getsockname
inet_ntoa
ntohs
socket
WSAGetLastError
ioctlsocket
accept
setsockopt
getsockopt
WSACleanup
WSAStartup
gethostname
closesocket
inet_addr
send
recv
shutdown

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

ole32

ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
CoInitializeEx
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SysFreeString
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SysStringByteLen
VariantInit
VariantClear
SysStringLen
SafeArrayCopy
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysAllocStringByteLen

curllib

curl_slist_free_all
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_easy_reset
curl_slist_append
curl_easy_cleanup

msvcp90

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ

libeay32

ord778

crypt32

CertDuplicateStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertSaveStore
CertDeleteCertificateFromStore
CertGetSubjectCertificateFromStore
CertVerifyRevocation
CertNameToStrW
CryptDecodeObject
CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertCreateCertificateContext
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CryptSignMessage
CryptEncodeObject
CryptVerifyMessageSignature
CryptEncryptMessage
CryptVerifyDetachedMessageSignature

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 120KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 266KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7be0c4209e2fbaba30d5a916257a325f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imme

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

gdiplus

version

netapi32

winmm

ws2_32

wtsapi32

ole32

oleaut32

curllib

msvcp90

libeay32

crypt32

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 120KB - Virtual size: 167KB

.rsrc Size: 266KB - Virtual size: 268KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 120KB - Virtual size: 167KB

.rsrc
Size: 266KB - Virtual size: 268KB