2024-06-11_27df23a2561b60fef7b2ac353f8acadd_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-11_27df23a2561b60fef7b2ac353f8acadd_icedid
Size

2.4MB
MD5

27df23a2561b60fef7b2ac353f8acadd
SHA1

cae8c67f84c215f28d9175b65dd1afd635820249
SHA256

9bab08ccb56717aee34f657770eb82436e4f36f1e6425bec51347eac8ac9e7f0
SHA512

97cd62c173d73a04b7af0d9ea99620841d2e2d1dc27a3dc6e7538007e55d053f084225f410661a4b3a52a1996d716a175a83df12b933f4d7fbdc1d557154fa43
SSDEEP

49152:JXo/L2v8Zz36xgOxxOJCB5higa/ovHH6Ev:dojZe3GUvigaSHJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_27df23a2561b60fef7b2ac353f8acadd_icedid

Files

2024-06-11_27df23a2561b60fef7b2ac353f8acadd_icedid
.exe windows:4 windows x86 arch:x86

5d114b188ac95d53f22e158d305f2cfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\Mazey\Source\Output\WorldServer\Release\WorldServer.pdb

Imports

winmm

timeGetTime

ws2_32

WSACleanup
WSACreateEvent
ntohs
WSASocketA
htonl
bind
gethostname
htons
closesocket
shutdown
WSASetLastError
WSAGetLastError
connect
gethostbyname
inet_addr
WSARecv
getpeername
WSASend
WSAEnumNetworkEvents
WSAAccept
WSAEventSelect
listen
WSACloseEvent
WSAStartup
setsockopt
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent

kernel32

ReadFile
GetProfileIntA
GetModuleHandleA
LocalFree
FormatMessageA
GetFileSize
VirtualFree
VirtualAlloc
DeleteFileA
WriteFile
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
lstrcpynA
CreateFileA
GetFileAttributesA
GetModuleFileNameA
QueryPerformanceCounter
HeapCreate
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateIoCompletionPort
PostQueuedCompletionStatus
GetOverlappedResult
GetQueuedCompletionStatus
GetSystemInfo
SetThreadPriority
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcatA
CreateEventA
OpenEventA
SetEvent
GetExitCodeProcess
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
Sleep
GetCurrentProcess
TerminateProcess
GetLocalTime
lstrcmpA
MulDiv
lstrlenA
ExitProcess
CloseHandle
OutputDebugStringA
WaitForSingleObject
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
GetTickCount
CreateProcessA
CreatePipe
GlobalMemoryStatus
FileTimeToDosDateTime
SetEnvironmentVariableA
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
MoveFileA
SetFilePointer
FlushFileBuffers
SetEndOfFile
DuplicateHandle
RaiseException
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCurrentThread
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileTime
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualProtect
VirtualQuery
ExitThread
CreateThread
GetStartupInfoA
GetCommandLineA
HeapSize
GetCurrentProcessId
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

user32

GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
IsWindowEnabled
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
GetSysColorBrush
ValidateRect
DestroyMenu
GetKeyState
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
SetForegroundWindow
wsprintfA
CharNextExA
MessageBoxA
GetClientRect
GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
SetWindowPos
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
SetWindowTextA
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
PostQuitMessage
InvalidateRect
LoadStringA
EnableWindow
KillTimer
SetTimer
UpdateWindow
GetWindowRect
SetRect
PtInRect
GetMenu
PostMessageA
GetSysColor
AdjustWindowRectEx
GetParent
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
SendMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
CopyRect
GetWindow
GetMenuState
GetMenuItemID
MapWindowPoints
GetMenuItemCount
GetSubMenu

gdi32

SetBkColor
SaveDC
RestoreDC
SetMapMode
SetTextColor
GetClipBox
SelectObject
DeleteObject
DeleteDC
TextOutA
GetDeviceCaps
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject

advapi32

GetUserNameA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CryptReleaseContext

oleaut32

VariantChangeType
VariantInit
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime

comctl32

ord17

psapi

GetProcessMemoryInfo

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

mscoree

_CorExeMain

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d114b188ac95d53f22e158d305f2cfc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

kernel32

user32

gdi32

advapi32

oleaut32

comctl32

psapi

oleacc

winspool.drv

mscoree

version

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 282KB - Virtual size: 282KB

.data Size: 71KB - Virtual size: 1.8MB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 282KB - Virtual size: 282KB

.data
Size: 71KB - Virtual size: 1.8MB

.rsrc
Size: 160KB - Virtual size: 160KB