2024-06-25_b8a06e728a8030a42143be516c1138f5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_b8a06e728a8030a42143be516c1138f5_icedid
Size

6.3MB
MD5

b8a06e728a8030a42143be516c1138f5
SHA1

80dbddd9b006c760f735962cf3169cf07ef7743a
SHA256

58cc05caa2d40467b4c8ab330079e14dd32e5b3910e78ea81131ecc12c72401f
SHA512

cc469c5169b4481c77de783f0804aac4e61afd7c019e4bf3185acef5431d81aab5b5f63a2fa763714309d0b57b4617bb082ae08054849ca9612248376a90f68f
SSDEEP

196608:nJ16gIaY9YZMWsBNihbJcJovzTxuq5ynHf/oRyyGieoYA:nJ1y39YZMWssoTHoRyyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_b8a06e728a8030a42143be516c1138f5_icedid

Files

2024-06-25_b8a06e728a8030a42143be516c1138f5_icedid
.exe windows:4 windows x86 arch:x86

c1b15379a868c59230a1c1b5e95acce7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\hxljh_000\360Cloud\XCFlyff\Output\Neuz\NoGameguard\Neuz.pdb

Imports

d3d9

Direct3DCreate9

dsound

ord11

winmm

mmioOpenA
mmioWrite
timeGetTime
timeBeginPeriod
timeGetDevCaps
mmioClose
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioAdvance

imm32

ImmAssociateContext
ImmSetOpenStatus
ImmGetContext
ImmGetProperty
ImmGetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmGetOpenStatus
ImmGetConversionStatus
ImmIsIME
ImmGetIMEFileNameA
ImmReleaseContext

ws2_32

getpeername
WSARecv
WSASend
WSACloseEvent
gethostbyname
WSASetLastError
WSACreateEvent
WSAGetLastError
shutdown
closesocket
htons
ntohs
WSAStartup
WSACleanup
socket
WSASetEvent
setsockopt
WSAResetEvent
WSAWaitForMultipleEvents
listen
WSAEventSelect
WSAAccept
WSAEnumNetworkEvents
htonl
WSASocketA
gethostname
send
inet_addr
connect

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

CreateProcessA
GlobalUnlock
GlobalSize
GlobalLock
GlobalAlloc
GetDateFormatA
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetCurrentDirectoryA
GetSystemInfo
SetThreadPriority
CreateEventA
SetEvent
WaitForMultipleObjects
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetOverlappedResult
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
SetUnhandledExceptionFilter
SetErrorMode
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
IsProcessorFeaturePresent
GetProfileIntA
InterlockedDecrement
FatalAppExitA
LocalFree
FormatMessageA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileW
UnmapViewOfFile
FindResourceW
InterlockedCompareExchange
GetProcessHeap
OutputDebugStringW
InterlockedIncrement
lstrcatA
GetModuleHandleA
RaiseException
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetExitCodeProcess
GlobalFree
TerminateProcess
Process32Next
lstrcmpiW
SetEnvironmentVariableA
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetCurrentProcessId
HeapSize
GetCommandLineA
GetSystemDirectoryA
FindNextFileA
GetTimeFormatA
VirtualQuery
VirtualProtect
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalFlags
SuspendThread
GetCurrentThreadId
ResumeThread
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetShortPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetStringTypeExA
GetStringTypeExW
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
GetVersion
GetEnvironmentVariableW
InitializeCriticalSection
OpenMutexA
CreateMutexA
ReleaseMutex
lstrcmpiA
VirtualFree
DeleteCriticalSection
WaitForSingleObject
CloseHandle
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
IsDBCSLeadByte
DeleteFileA
lstrlenA
Sleep
ExitProcess
lstrcmpA
GetTickCount
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
OutputDebugStringA
lstrcpyA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
MoveFileA
GetFileTime
CopyFileA
FreeLibrary
GetFullPathNameA
CreateFileA
MulDiv
lstrcpynA
QueryPerformanceCounter
GetStartupInfoA
SetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
QueryPerformanceFrequency
DebugBreak
SetFileAttributesA

user32

SetWindowTextA
MessageBoxW
SetForegroundWindow
CharNextExA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
CharNextA
GetKeyboardLayout
EqualRect
InflateRect
ReleaseCapture
SetCapture
SetTimer
KillTimer
FindWindowA
OffsetRect
GetIconInfo
IsDlgButtonChecked
EnableWindow
CheckRadioButton
EndDialog
DialogBoxParamA
GetDlgItem
ReleaseDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
LoadAcceleratorsA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
SetWindowLongA
SetMenu
ClipCursor
GetMenu
DestroyMenu
PostQuitMessage
LoadIconA
AdjustWindowRect
LoadMenuA
CreateWindowExA
GetWindowLongA
SetRect
PtInRect
GetPropA
SetPropA
RemovePropA
GetClassInfoA
RegisterClassA
DefWindowProcA
GetClientRect
CopyRect
SetRectEmpty
GetWindowRect
SetWindowPos
DestroyWindow
ShowWindow
SetFocus
CreateDialogParamA
UnregisterClassA
CharUpperA
CharUpperW
CharLowerA
CharLowerW
SetWindowsHookExA
LoadStringA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
IsWindowEnabled
GetLastActivePopup
GetParent
GetSysColorBrush
GetSysColor
UnhookWindowsHookEx
GetWindowTextA
GetWindowTextLengthA
ValidateRect
GetKeyState
IsWindowVisible
GetActiveWindow
GetClassNameA
GetDesktopWindow
GetFocus
GetDlgCtrlID
GetWindow
ClientToScreen
SetScrollPos
GetScrollPos
CheckDlgButton
GetDlgItemInt
GetDlgItemTextA
SendDlgItemMessageA
SetDlgItemInt
SetDlgItemTextA
IsDialogMessageA
MoveWindow
ScrollWindowEx
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetWindowPlacement
IsIconic
IntersectRect
CallWindowProcA
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
AdjustWindowRectEx
UpdateWindow
ShowScrollBar
GetScrollRange
SetScrollRange
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
IsChild
IsWindow
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
GetMenuItemInfoA
SetCursor
ShowOwnedPopups
DeleteMenu
DestroyIcon
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
GetAsyncKeyState
CallNextHookEx
GetDC
SendMessageA
MessageBoxA
PostMessageA
GetCursorPos
ScreenToClient
SystemParametersInfoA
wsprintfA
LoadCursorA
GetSystemMetrics

gdi32

GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateRectRgnIndirect
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
SetRectRgn
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
PlayMetaFileRecord
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
CombineRgn
GetMapMode
PatBlt
ScaleViewportExtEx
SelectPalette
DPtoLP
PolyBezierTo
ExtTextOutW
MoveToEx
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
GetTextMetricsA
SetBkMode
GetCharacterPlacementW
GetCharacterPlacementA
GetObjectW
RemoveFontResourceExA
AddFontResourceExA
GetObjectA
GetDIBits
EnumFontFamiliesExA
ExtTextOutA
DeleteObject
DeleteDC
CreateCompatibleDC
SetMapMode
SelectObject
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
CreateFontA
GetDeviceCaps
GetTextExtentPoint32A
GetStockObject
GetDeviceGammaRamp
SetDeviceGammaRamp
CopyMetaFileA
CreateDCA
SaveDC
SetPolyFillMode
SetROP2
SetStretchBltMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
SetTextJustification
RestoreDC

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegQueryValueA
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegOpenKeyA
RegSetValueA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA

shell32

SHGetFileInfoA
ExtractIconA
ShellExecuteA

ole32

CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
StringFromGUID2
CoDisconnectObject
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
CreateBindCtx

oleaut32

SafeArrayDestroyData
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
SafeArrayPutElement
VariantChangeType
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysReAllocStringLen
VarDateFromStr
VarBstrFromDec
VarDecFromStr
SafeArrayLock
SafeArrayUnlock
VariantInit
SafeArrayDestroy
VarCyFromStr
VarBstrFromCy

mss32

_AIL_shutdown@0
_AIL_service_stream@8
_AIL_start_stream@4
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_close_stream@4
_AIL_pause_stream@8
_AIL_set_digital_master_volume_level@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_close_digital_driver@4

neuzd

GetFaultReason
GetRegisterString

comctl32

ord17

shlwapi

PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA

lua51

lua_next
lua_pushnil
lua_toboolean
lua_tonumber
lua_settop
lua_isstring
lua_isnumber
lua_getfield
luaL_openlibs
luaL_newstate
lua_close
lua_tolstring
lua_setfield
lua_pushcclosure
lua_pcall
luaL_loadbuffer
lua_type

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1000KB - Virtual size: 999KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1b15379a868c59230a1c1b5e95acce7

Headers

File Characteristics

PDB Paths

Imports

d3d9

dsound

winmm

imm32

ws2_32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

mss32

neuzd

comctl32

shlwapi

lua51

oleacc

winspool.drv

comdlg32

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 1000KB - Virtual size: 999KB

.data Size: 64KB - Virtual size: 2.2MB

.rsrc Size: 116KB - Virtual size: 112KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 1000KB - Virtual size: 999KB

.data
Size: 64KB - Virtual size: 2.2MB

.rsrc
Size: 116KB - Virtual size: 112KB