2024-06-29_c0d3fb5781159c3c53382367c8f4d2f9_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_c0d3fb5781159c3c53382367c8f4d2f9_icedid
Size

750KB
MD5

c0d3fb5781159c3c53382367c8f4d2f9
SHA1

4e17c5ce0479fcd8562515b4eb1c654b854dbeb2
SHA256

701e90e5a743a624ee659cf1728d92e5c823bfb5c15169841902faf946debef7
SHA512

25a671ac2fa564a7b2f81a54a26e79172532315f6bfe869ea443bdd07bd44c2c6ba3025cbf8dad96375254a8aab73c1e58f7a568ec48b3017ba3ae57f963a140
SSDEEP

12288:tkoO3invfl6emIVpV210YNiIA9QyTnWQx63BPyizQRgYjYrbAaQUP3:2oOSvt6hWA1AeJxPhQR5EbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-29_c0d3fb5781159c3c53382367c8f4d2f9_icedid

Files

2024-06-29_c0d3fb5781159c3c53382367c8f4d2f9_icedid
.exe windows:5 windows x86 arch:x86

fadab8be85b63ca047538d835ff8cff1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\codes\liuchang\TRUNK_20240403_V1.7_RS\NetSdkWebPlugin\build\Win32\Release\WebPlugin.pdb

Imports

ndplayer

_NDPlayer_SetLogLevel@4
_NDPlayer_SetPacketCacheFrameNum@8
ord31
ord27
ord50
ord55
ord42
ord14
ord20
ord2
ord6
ord62
ord67
ord49
ord58
ord70
ord41
ord87
ord28
ord97
ord16
ord95
ord18
ord52
ord74
ord53
ord8
ord101
ord120
ord4
ord84
ord12
ord117
ord116
ord135
_NDPlayer_StopDecode@4
ord13
ord96
ord115
ord57
ord132
ord103
ord30
ord56
ord73
ord94
ord66
ord54
ord15
ord102
ord21
ord123
ord124
ord29
ord69
ord93
ord127
ord98
ord60
ord68
_NDPlayer_EnableDisplayDelayTime@8
ord76
ord11
ord78
ord5
ord59
ord134
ord86
ord17
ord19
ord24
ord72
ord23
ord7
ord99
ord126
ord91
ord92
ord26
ord106
ord89
ord51
ord107
ord1
ord61
ord63
ord75
ord90
ord125
ord71

ndrm_module

IMCP_RM_Cleanup
IMCP_RM_GetSendSocket
IMCP_RM_GetAudioInfo
IMCP_RM_StartStreamEx2
IMCP_RM_PlayStream
IMCP_RM_PauseStream
_IMCP_RM_StartStreamV2@60
IMCP_RM_GetPayloadType
IMCP_RM_SetPlayTime
IMCP_RM_StopStream
IMCP_RM_Init

winmm

timeKillEvent
timeSetEvent
mixerGetDevCapsW
mixerGetLineInfoW
mixerClose
waveInGetNumDevs
waveOutGetNumDevs
mixerOpen
mixerGetLineControlsW

kernel32

SizeofResource
LeaveCriticalSection
MultiByteToWideChar
RaiseException
CreateDirectoryA
GetLastError
EnterCriticalSection
FindClose
GetLocalTime
LockResource
GetModuleFileNameA
GetModuleHandleA
FindNextFileW
QueryPerformanceFrequency
DeleteCriticalSection
WaitForSingleObject
Sleep
CopyFileW
MoveFileW
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcessId
CreateThread
GetFileSize
CompareFileTime
GlobalLock
GetTickCount
GlobalAlloc
MulDiv
ReadFile
CreateFileW
GlobalUnlock
WideCharToMultiByte
GlobalFree
FindNextFileA
DeleteFileW
FormatMessageW
GetACP
GetProcAddress
LoadLibraryA
GetCurrentThreadId
CreateMutexW
lstrlenW
SetLastError
GetModuleFileNameW
GetProfileIntW
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventW
GetVersionExA
GetModuleHandleW
lstrcmpW
FreeLibrary
CompareStringW
LoadLibraryW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedDecrement
InterlockedExchange
CompareStringA
LoadLibraryExW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
LocalFree
lstrlenA
GetThreadLocale
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
CreateDirectoryW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
DeleteFileA
MoveFileA
ExitProcess
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
InitializeCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadResource
FindResourceW
FindFirstFileW
FindFirstFileA
InterlockedCompareExchange

user32

UnregisterClassW
CharUpperW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetForegroundWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
InflateRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UpdateWindow
CopyRect
ClientToScreen
SetCursor
SetTimer
FillRect
SetCapture
PostMessageW
KillTimer
LoadCursorW
SetRectEmpty
GetDC
ReleaseDC
FrameRect
LoadBitmapW
ClipCursor
ReleaseCapture
GetClassNameA
SetWindowRgn
GetWindowRect
GetParent
SetParent
GetClientRect
EnumWindows
PtInRect
GetWindowTextA
SetRect
InvalidateRect
GetWindowLongW
MonitorFromWindow
SetWindowLongW
GetCursorPos
EnumChildWindows
IsWindowVisible
SwitchToThisWindow
SendMessageW
EnableWindow
GetMonitorInfoW
wsprintfW
RegisterClipboardFormatW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
DestroyMenu
GetSysColorBrush
MessageBoxW
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetSubMenu
SystemParametersInfoA

gdi32

CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
GetViewportExtEx
GetWindowExtEx
PtVisible
CreatePolygonRgn
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetMapMode
DPtoLP
GetBkColor
GetTextColor
CreateFontIndirectW
CreatePenIndirect
CreateBrushIndirect
CreateRectRgn
PtInRegion
BitBlt
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleBitmap
GetObjectW
CreatePen
TextOutW
GetStockObject
CreateCompatibleDC
CreateRectRgnIndirect
CombineRgn
Rectangle
CreateRoundRectRgn
RectVisible
CreateSolidBrush
GetRgnBox

comdlg32

GetFileTitleW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegSetValueExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
DragAcceptFiles
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
CreateStreamOnHGlobal
CoRevokeClassObject
CreateILockBytesOnHGlobal
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
OleLoadPicture
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysStringLen

wsock32

accept
WSAStartup
WSACleanup
getsockname
gethostbyname
inet_ntoa
ioctlsocket
bind
socket
inet_addr
listen
ntohl
htonl
select
WSAGetLastError
htons
ntohs
setsockopt
recv
closesocket
send
getsockopt
connect
WSASetLastError

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fadab8be85b63ca047538d835ff8cff1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ndplayer

ndrm_module

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 17KB - Virtual size: 33KB

.rsrc Size: 77KB - Virtual size: 76KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 77KB - Virtual size: 76KB