2024-06-27_627c714c73b5e56c741f95927c7c84e5_bkransomware_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_627c714c73b5e56c741f95927c7c84e5_bkransomware_icedid
Size

1.6MB
MD5

627c714c73b5e56c741f95927c7c84e5
SHA1

e60b09ef97e57d344ae642f319519844c67d4be7
SHA256

8eeff2152ffd15927be9f978d79e68b2fffe4a425ff359631ccebd50bdab6957
SHA512

879c72b27fa60699d0e1e677517af6cc2026a3ad5756fdb0b2d74a8becb15200ee1b8f3f1fa6f080ba0a72da018d6ed2d0e40975a692c42589c0add12d69794c
SSDEEP

49152:9lgF6pBlui8SPR1Qvn2IUKcCveHtkPVfuBr:9YGBlui151U2IUK3uEVfuBr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_627c714c73b5e56c741f95927c7c84e5_bkransomware_icedid

Files

2024-06-27_627c714c73b5e56c741f95927c7c84e5_bkransomware_icedid
.exe windows:5 windows x86 arch:x86

f74eae2d55d43992aa494fc61180d1ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sources\VCPP\cz_1x\tmp\Client2AutoUpdate\Release\PDB\Client2AutoUpdate.pdb

Imports

kernel32

LCMapStringW
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStdHandle
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
IsValidCodePage
GetCurrentDirectoryW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
GlobalFree
UnhandledExceptionFilter
GetFileType
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
ExitThread
CreateThread
HeapQueryInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwind
GetSystemTimeAsFileTime
SetEnvironmentVariableA
IsProcessorFeaturePresent
IsDebuggerPresent
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
lstrcpyA
GetACP
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
CompareStringW
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GetVersionExA
CreateFileW
OutputDebugStringW
GetDriveTypeW
WriteConsoleW
GlobalFindAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
ResumeThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
GetVolumeInformationA
LoadLibraryA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFileSize
FlushFileBuffers
CreateFileA
GlobalAddAtomA
GlobalFlags
FreeLibrary
GetModuleFileNameA
GetCurrentProcessId
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CompareStringA
FileTimeToSystemTime
GlobalGetAtomNameA
lstrcmpA
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
OutputDebugStringA
SetLastError
GetLastError
FindResourceW
FormatMessageA
MulDiv
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
InitializeCriticalSectionAndSpinCount
WinExec
CopyFileA
Sleep
DeleteFileA
FindClose
FindFirstFileA
SetCurrentDirectoryA
GetFullPathNameA
GetCommandLineA

user32

RegisterClipboardFormatA
ModifyMenuA
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongA
LockWindowUpdate
SetParent
SetRect
SetCursorPos
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetSystemMenu
IsZoomed
GetComboBoxInfo
LoadMenuW
TrackMouseEvent
GetKeyNameTextA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
LoadImageW
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
MapVirtualKeyA
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
IntersectRect
InflateRect
LoadBitmapW
CharUpperBuffA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsIconic
PostQuitMessage
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetTopWindow
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetClientRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CharUpperA
DestroyIcon
RealChildWindowFromPoint
GetClassNameA
GetDesktopWindow
PtInRect
ClientToScreen
GetWindowRect
IsDialogMessageA
SetWindowLongA
SetWindowTextA
GetFocus
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
DrawIcon
GetWindowRgn
DestroyCursor
MapDialogRect
CreateMenu
SetMenuItemInfoA
GetDlgCtrlID
SendDlgItemMessageA
CheckDlgButton
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
GetWindow
GetScrollPos
SetScrollPos
SetFocus
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongA
MessageBoxA
IsWindowEnabled
EnableWindow
SendMessageA
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
IsRectEmpty

gdi32

GetTextMetricsA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
CreateRoundRectRgn
GetTextExtentPoint32A
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
SetTextColor
SetROP2
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CreateFontIndirectA
CombineRgn
ScaleWindowExtEx
SetTextAlign
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
MoveToEx
GetObjectA
RoundRect
CopyMetaFileA
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
DeleteObject
GetDeviceCaps
CreateDCA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
StartServiceA
CreateServiceA
RegSetValueExA
DeleteService
QueryServiceStatus
ControlService
RegDeleteValueA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA

shell32

SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
DragFinish
DragQueryFileA

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathRemoveFileSpecW
PathFindFileNameA
StrFormatKBSizeA

uxtheme

GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetThemePartSize

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleDuplicateData
CoDisconnectObject

oleaut32

SysFreeString
SysAllocString
VariantInit
LoadTypeLi
VarBstrFromDate
VariantChangeType
VariantCopy
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
SysAllocStringByteLen

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f74eae2d55d43992aa494fc61180d1ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 23KB - Virtual size: 51KB

.rsrc Size: 39KB - Virtual size: 38KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 23KB - Virtual size: 51KB

.rsrc
Size: 39KB - Virtual size: 38KB