2024-07-01_bbeb27320a5df56d47c5a6f516a44d3b_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-01_bbeb27320a5df56d47c5a6f516a44d3b_icedid
Size

172KB
MD5

bbeb27320a5df56d47c5a6f516a44d3b
SHA1

5ead268a4ff11e8db2a41110727576f3b26c0cd8
SHA256

2adbede8503f1fcdc59e88a2b4c892dfdfe54ea081ce4483832288d6bc26c91f
SHA512

5e74c6bad6aff5f519e6ba98bf4ec1637de4432d60474ac50c123a290d490f7c5e1c9a4fe2a305f443be32f6bf59b3fff61f41526dec068f7136e791adf6930b
SSDEEP

3072:X7fOOo64WfiSY9o9xqGXURIvnCI4opIuWlOn6sbLkUQolZV:XqW4Wv9I10P4INxQw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-01_bbeb27320a5df56d47c5a6f516a44d3b_icedid

Files

2024-07-01_bbeb27320a5df56d47c5a6f516a44d3b_icedid
.exe windows:4 windows x86 arch:x86

18e607abb7a970bc8e45ef172e57dd26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\eastcom\eccsp\bin\ECC_CDMSP_HOPPER.pdb

Imports

xfsbase

?SendHardWareEvent@CSPBase@@QAEXKKKPAE@Z
?SendEventNotify@CSPBase@@QAEXKKPAXG@Z
?GetSPConfig@CSPBase@@SAHPBD0PAXAAK@Z
?HandleMsg@CSPBase@@SAHXZ

w32_cdm_hopper

?WriteCassetteInfo@CNMDCashDev@@QAEJPAUtCassetteInfo@@@Z
?CashIsTaken@CNMDCashDev@@QAEJXZ
?Reject@CNMDCashDev@@QAEJXZ
?Retract@CNMDCashDev@@QAEJD@Z
?GetDevInformation@CNMDCashDev@@QAEJAAUtNMDInformation@@@Z
??1CNMDCashDev@@UAE@XZ
?GetFirmwareInfo@CNMDCashDev@@QAEJPAD@Z
?SendCommand2Device@CNMDCashDev@@QAEJJJI@Z
?GetHopperDeviceStatus@CNMDCashDev@@QAEJAAH@Z
?GetHopperCashStatus@CNMDCashDev@@QAEJAAH@Z
?GetDevStatus@CNMDCashDev@@QAEJAAUtNMDStatus@@@Z
?SetAutoRetractTime@CNMDCashDev@@QAEJK@Z
?EnableAutoRetract@CNMDCashDev@@QAEJ_N0@Z
?GetMaxNotesSingleReject@CNMDCashDev@@QAEJAAH@Z
?GetTotalNotesBoudleRejected@CNMDCashDev@@QAEJAAH@Z
?GetTotalNotesSingleRejected@CNMDCashDev@@QAEJAAH@Z
?OpenCassette@CNMDCashDev@@QAEJD@Z
?CloseCassette@CNMDCashDev@@QAEJD@Z
?Reset@CNMDCashDev@@QAEJXZ
?GetDispenselActCount@CNMDCashDev@@QAEJQAUtDispense@@AAH@Z
??0CNMDCashDev@@QAE@XZ
?ReadCassetteInfo@CNMDCashDev@@QAEJPAUtCassetteInfo@@@Z
?OpenCommPort@CNMDCashDev@@QAEJXZ
?SetFeedRetryNumber@CNMDCashDev@@QAEJH@Z
?ConfigRejectCalculation@CNMDCashDev@@QAEJH@Z
?Dispense@CNMDCashDev@@QAEJPAUtDispense@@@Z

cdm_xfs_hopper

?UpdatePCUCount@CCdmXFS@@QAEHQBDHKK@Z
??0CCdmXFS@@QAE@PAUHINSTANCE__@@PADPAVCCdmDev@@@Z
?SetPhysicalCashUnit@CCdmXFS@@QAEHQBUtag_CDM_PCU@@K@Z
?UpdatePCURejectCount@CCdmXFS@@QAEHQBDH@Z
??1CCdmXFS@@UAE@XZ
?TrcWriteLog@CCdmXFS@@QAEXXZ
?UpdatePCUStatus@CCdmXFS@@QAEHQBDW4CU_STATUS@@@Z
?GetPhysicalCashUnit@CCdmXFS@@QAEXQAUtag_CDM_PCU@@AAKH@Z

kernel32

GetPrivateProfileStringA
LocalFree
lstrcpynA
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalFree
SetLastError
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
TlsFree
lstrcmpA
GlobalFlags
GetCurrentThreadId
lstrcpyA
GetModuleHandleA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetStartupInfoA
HeapReAlloc
HeapSize
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateThread
GetTickCount
Sleep
LoadLibraryA
GetProcAddress
SetEvent
ReleaseMutex
CloseHandle
CreateMutexA
WaitForSingleObject
GetCommandLineA
lstrlenA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalReAlloc

user32

SetForegroundWindow
MapWindowPoints
LoadIconA
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
GetClientRect
DefWindowProcA
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
GetClassInfoA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CallWindowProcA
SystemParametersInfoA
GetMenu
AdjustWindowRectEx
PostMessageA
UnregisterClassA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
SetWindowLongA
GetDlgItem
SetWindowsHookExA
CallNextHookEx
RegisterClassA
SendMessageA
DispatchMessageA
GetKeyState
PeekMessageA

advapi32

RegCloseKey
RegSetValueExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

trcerrex

ord3
ord1

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

GetStockObject
DeleteDC
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantChangeType
VariantClear
VariantInit

Exports

Exports

??0CCustomTrace@@QAE@ABV0@@Z
??0CCustomTrace@@QAE@XZ
??0CNMDCashDev@@QAE@ABV0@@Z
??1CCustomTrace@@UAE@XZ
??4CCustomTrace@@QAEAAV0@ABV0@@Z
??4CEccCdmShutter@@QAEAAV0@ABV0@@Z
??4CNMDCashDev@@QAEAAV0@ABV0@@Z
??_7CCustomTrace@@6B@
??_7CNMDCashDev@@6B@
?BalanceTrace@CCustomTrace@@QAEHH@Z
?BusinessTrace@CCustomTrace@@QAEHKJ@Z
?CDMRetractResult@CCustomTrace@@AAEXJPAD@Z
?CIMRetractResult@CCustomTrace@@AAEXJPAD@Z
?CashInEndResult@CCustomTrace@@AAEXJPAD@Z
?CashInResult@CCustomTrace@@AAEXJPAD@Z
?CashInRollbackResult@CCustomTrace@@AAEXJPAD@Z
?CashInStartResult@CCustomTrace@@AAEXJPAD@Z
?CashNumberTrace@CCustomTrace@@QAEHPAUCassetteUnit@@@Z
?CommonResult@CCustomTrace@@AAEXJPAD@Z
?DispenseResult@CCustomTrace@@AAEXJPAD@Z
?ErrorCodeTrace@CCustomTrace@@QAEHQADK@Z
?InitExchange@CCustomTrace@@QAEHHQAH@Z
?OpenResult@CCustomTrace@@AAEXJPAD@Z
?PresentResult@CCustomTrace@@AAEXJPAD@Z
?RejectResult@CCustomTrace@@AAEXJPAD@Z

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18e607abb7a970bc8e45ef172e57dd26

Headers

File Characteristics

PDB Paths

Imports

xfsbase

w32_cdm_hopper

cdm_xfs_hopper

kernel32

user32

advapi32

comctl32

trcerrex

oleacc

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 920B

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 920B