2024-06-20_15758d6340260c4d709bac5eb2a6f57a_backswap_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-20_15758d6340260c4d709bac5eb2a6f57a_backswap_icedid
Size

2.8MB
MD5

15758d6340260c4d709bac5eb2a6f57a
SHA1

da699ffa159a9ed92ebfd70c987a12541b2e8a80
SHA256

d148d09e678d11645e8582cbbcd74795d4bb1853e0843438fa9f99c9b657f882
SHA512

393094f996e16a5a71b0741885ef2d482fa69c8f0eb5902ad20d05e6960438efce2e74e21601404a7e50c5a5609b59b0595ecefcb7eea485e08bb29bcbce6abf
SSDEEP

49152:/A2bdtbvJg8fKupY4xm96szDW3sfdRlIsuYwfc7MUwjYbAhhT63lmj5WowLDOCWV:PLbvJg8fLY4xm/zDW3WlIsuYwfm8IAT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-20_15758d6340260c4d709bac5eb2a6f57a_backswap_icedid

Files

2024-06-20_15758d6340260c4d709bac5eb2a6f57a_backswap_icedid
.exe windows:5 windows x86 arch:x86

2157926e1da295d2ed89f3a6c02d5bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dev\win32\peti\Release - static\peti.pdb

Imports

wininet

InternetCloseHandle
InternetSetStatusCallback
InternetOpenA
InternetErrorDlg
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
InternetGoOnline
InternetCrackUrlA
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromFileICM
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI

kernel32

ExitThread
GetStartupInfoW
HeapQueryInformation
HeapSize
ExitProcess
SetStdHandle
UnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
HeapCreate
IsValidCodePage
LCMapStringW
SetHandleCount
GetConsoleCP
GetConsoleMode
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
CompareStringW
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
HeapSetInformation
GetCommandLineA
HeapReAlloc
GetFileType
PeekNamedPipe
GetFileInformationByHandle
DecodePointer
EncodePointer
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
FindResourceExW
VirtualProtect
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetWindowsDirectoryA
GetCurrentDirectoryA
lstrcpyA
GetFileSizeEx
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetACP
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
GlobalFlags
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
ReplaceFileA
GetFileAttributesA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
VirtualQuery
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
DeleteFileA
GetThreadLocale
GetStringTypeExA
CreateEventA
SuspendThread
SetEvent
SetThreadPriority
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
lstrcmpA
GlobalFree
CopyFileA
GlobalSize
lstrlenW
lstrlenA
GlobalReAlloc
GetTickCount
TerminateProcess
ExpandEnvironmentStringsA
InterlockedExchange
LocalFree
LocalAlloc
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetVersion
FreeResource
FindResourceA
FormatMessageA
Sleep
FindClose
FindNextFileA
FindFirstFileA
RaiseException
MulDiv
lstrcmpiA
GetEnvironmentVariableA
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
SetUnhandledExceptionFilter
ResumeThread
MultiByteToWideChar
GetTempPathA
SearchPathA
GetProfileIntA
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GetModuleFileNameA
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
DeactivateActCtx
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
GlobalUnlock
GlobalLock
GetLastError
GetTimeZoneInformation
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetSystemInfo
VirtualAlloc
SetEndOfFile
RtlUnwind
CreateThread

user32

GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableA
LockWindowUpdate
WaitMessage
UpdateLayeredWindow
IsMenu
LoadImageW
IsCharLowerA
MapVirtualKeyExA
SetMenuDefaultItem
GetUpdateRect
CopyIcon
CharUpperBuffA
SubtractRect
GetWindowRgn
SetLayeredWindowAttributes
EnumDisplayMonitors
UnregisterClassA
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatA
RealChildWindowFromPoint
UnionRect
DrawIcon
LoadAcceleratorsW
SetCursorPos
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
DestroyCursor
UnpackDDElParam
ReuseDDElParam
DestroyIcon
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
CharUpperA
GetMessageA
TranslateMessage
ValidateRect
IsIconic
DestroyMenu
GetMenuItemInfoA
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
GetWindowDC
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
DestroyWindow
GetMessageTime
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
RegisterClassA
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
InvertRect
ToAsciiEx
GetClipCursor
ClipCursor
CloseClipboard
IsChild
GetDoubleClickTime
GetWindowTextA
EmptyClipboard
GetClassInfoA
ShowScrollBar
OpenClipboard
LoadImageA
SetClipboardData
IsRectEmpty
CallWindowProcA
DrawIconEx
GetClassLongA
CheckMenuItem
GetSystemMenu
GetWindowThreadProcessId
EnumWindows
SetRectEmpty
UnhookWindowsHookEx
TrackPopupMenuEx
SetWindowsHookExA
CallNextHookEx
SetMenu
LoadMenuA
GetMenuStringA
GetMenu
IntersectRect
GetClassNameA
CreateWindowExA
GetSysColorBrush
MapDialogRect
GetIconInfo
LoadCursorW
GetTopWindow
LoadIconW
DefWindowProcA
FindWindowExA
DragDetect
ShowWindow
DeferWindowPos
SetWindowPos
PostQuitMessage
GetWindow
InsertMenuA
EnumChildWindows
IsZoomed
SetMenuItemInfoA
LoadStringA
GetDlgCtrlID
SetForegroundWindow
GetFocus
GetKeyState
SetActiveWindow
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
IsWindowVisible
MessageBeep
FlashWindow
SetParent
SetWindowLongA
GetWindowLongA
GetDesktopWindow
LoadIconA
wsprintfA
SendNotifyMessageA
PostThreadMessageA
KillTimer
UpdateWindow
SetTimer
GetMessagePos
SystemParametersInfoA
LoadBitmapW
FrameRect
DrawEdge
DrawFocusRect
GetCapture
ScreenToClient
DrawFrameControl
SetRect
GetSystemMetrics
GetCursorPos
RemoveMenu
GetSubMenu
LoadMenuW
OffsetRect
MessageBoxA
ReleaseCapture
DrawStateA
SetClassLongA
DestroyAcceleratorTable
CopyImage
NotifyWinEvent
EnableScrollBar
HideCaret
GetAsyncKeyState
GetMenuDefaultItem
IsClipboardFormatAvailable
GetNextDlgGroupItem
CharNextA
InvalidateRgn
WindowFromPoint
ReleaseDC
GetDC
PtInRect
SetCapture
FillRect
EqualRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
CopyRect
GetSysColor
GetTabbedTextExtentW
CreateMenu
CopyAcceleratorTableA
SetWindowRgn
DeleteMenu
GetClientRect
GetParent
LoadCursorA
SetCursor
GetMenuItemRect
GetMenuItemID
GetMenuItemCount
GetMenuState
EnableMenuItem
RedrawWindow
PostMessageA
InvalidateRect
ClientToScreen
AppendMenuA
CreatePopupMenu
IsWindow
InflateRect
GetWindowRect
SendMessageA
EnableWindow
GetClassInfoExA

gdi32

ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
RestoreDC
GetWindowExtEx
StartDocA
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
SetRectRgn
StartPage
EndPage
GetClipBox
AbortDoc
SelectObject
GetViewportOrgEx
CreateEllipticRgn
Ellipse
CreateDIBSection
GetCharWidthA
CreateFontA
EnumFontFamiliesA
GetTextCharsetInfo
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetRgnBox
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateRoundRectRgn
Polyline
SetDIBColorTable
StretchBlt
OffsetRgn
EnumFontFamiliesExA
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
SaveDC
CreateDCA
CopyMetaFileA
SetMapMode
SetAbortProc
CreatePolygonRgn
GetCurrentObject
CombineRgn
CreateRectRgn
CreateHalftonePalette
SetPixel
GetPixel
Rectangle
Polygon
GetObjectA
GetStockObject
GetTextMetricsA
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileA
GetDeviceCaps
CreatePen
CreateFontIndirectA
BitBlt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
SetStretchBltMode
SetROP2
GetMapMode
DPtoLP
EndDoc
GetBkColor
GetDIBColorTable
CreateBitmap
PatBlt
SetTextColor
SetBkColor
DeleteObject
CreateRectRgnIndirect
SetViewportOrgEx
SetBkMode
GetDIBits
CreateSolidBrush
StretchDIBits
SetDIBitsToDevice
CreateDIBitmap
RealizePalette
GetTextExtentPoint32A
CreatePalette
SetPolyFillMode

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
GetJobA
DocumentPropertiesA

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegSetValueExA

shell32

SHAppBarMessage
SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

ole32

RevokeDragDrop
OleDraw
CoInitializeEx
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
RegisterDragDrop
CoTaskMemFree
OleRun
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
DoDragDrop
OleGetClipboard
CoLockObjectExternal
OleLockRunning
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoDisconnectObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantCopy
VariantInit
VariantChangeType
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysAllocStringByteLen
VariantClear
SafeArrayGetElemsize
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
LoadTypeLi
OleCreateFontIndirect
SafeArrayGetDim
VarUdateFromDate
VariantTimeToSystemTime
GetErrorInfo

oledlg

ord8

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2157926e1da295d2ed89f3a6c02d5bf0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

gdiplus

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 454KB - Virtual size: 453KB

.data Size: 39KB - Virtual size: 79KB

.rsrc Size: 362KB - Virtual size: 362KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 454KB - Virtual size: 453KB

.data
Size: 39KB - Virtual size: 79KB

.rsrc
Size: 362KB - Virtual size: 362KB