2024-07-03_162672d84dddb1c7115a2cb311e64723_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_162672d84dddb1c7115a2cb311e64723_icedid
Size

1.1MB
MD5

162672d84dddb1c7115a2cb311e64723
SHA1

16d930f42c96052ace9af5d07ad3d1936a3946f1
SHA256

44ee1f46cccd3ea6de40074da598403e359c56e09f7d48da0b6643d21ecb0a73
SHA512

c77a95853b62192f90c59a5dd6001d11e9662a52f8b6a7da12c634a16ace7a1f69dbc8aa4d7c6cb8263b4dab307e2da5efa3b79e28f6967a56c9163c42a5dfe8
SSDEEP

24576:fTgr+M9z+Wmk5YXaOv7/+k8IdtgcIqfa+YewYHvP0qyyGQn3WteTC70bOlTorEL+:rgrtz+74waOT38IdtgcIqfa+YewYHvP7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_162672d84dddb1c7115a2cb311e64723_icedid

Files

2024-07-03_162672d84dddb1c7115a2cb311e64723_icedid
.exe windows:5 windows x86 arch:x86

8870e3d1017cc26d788003d2dc52bae0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\prj\3in1\clientxj\vcproject\Release\zfClientAdm.pdb

Imports

kernel32

RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeA
GetDateFormatA
LCMapStringA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
ExitProcess
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
GetTimeFormatA
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapAlloc
HeapReAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetTickCount
SetErrorMode
GetFileTime
GetFileSizeEx
DeviceIoControl
FindResourceExW
lstrcpynW
GetProcessHeap
InterlockedCompareExchange
EnumSystemLocalesA
RtlUnwind
GetFileAttributesW
GetFileAttributesExW
FileTimeToLocalFileTime
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GetModuleHandleA
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
WritePrivateProfileStringW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
WriteFile
ReadFile
GetFileSize
CreateFileW
GetCommandLineW
GetLocalTime
GetComputerNameA
GetComputerNameW
lstrlenW
Sleep
GetModuleHandleW
SetLastError
CloseHandle
Module32NextW
Process32NextW
CreateToolhelp32Snapshot
DeleteFileW
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
SetCurrentDirectoryW
CreateMutexW
GetCurrentThreadId
GetStringTypeW

user32

GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
ReleaseDC
GetDC
IsWindow
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EqualRect
AdjustWindowRectEx
EnableMenuItem
CheckMenuItem
GetMenuState
GetSysColor
RegisterClassW
GetClassInfoW
RegisterWindowMessageW
UnregisterDeviceNotification
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PeekMessageW
DispatchMessageW
GetClassInfoExW
CreateWindowExW
UpdateWindow
PostQuitMessage
RegisterDeviceNotificationW
SetMenu
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
DrawTextW
ClientToScreen
KillTimer
InvalidateRect
AppendMenuW
CreatePopupMenu
SetTimer
IsZoomed
LoadCursorW
SetCursor
OffsetRect
SetRect
SetActiveWindow
GetForegroundWindow
GetParent
PostMessageW
PtInRect
ScreenToClient
GetCursorPos
FillRect
GetClientRect
CopyRect
SendMessageW
EnableWindow
SetForegroundWindow
ShowWindow
FindWindowW
GetWindowTextW
SetWindowsHookExW
GetWindowTextLengthW
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
SetDlgItemTextW
IsDialogMessageW
SetWindowTextW
MoveWindow
TabbedTextOutW
PostThreadMessageW
UnionRect
RegisterClipboardFormatW
SetRectEmpty
GetSysColorBrush
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
WindowFromPoint
SystemParametersInfoW
DestroyMenu
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW

gdi32

DeleteObject
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
GetMapMode
GetTextExtentPoint32W
GetBkColor
GetTextColor
GetRgnBox
CreateCompatibleBitmap
ExtSelectClipRgn
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
GetViewportOrgEx
CreateDIBSection
StretchBlt
SetBrushOrgEx
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
GetStockObject
SelectObject

msimg32

GradientFill
AlphaBlend
TransparentBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
RegCloseKey
RegQueryValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateDirectoryExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsUNCW
SHGetValueW
PathAppendW
PathFileExistsW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathAddExtensionW
PathAddBackslashW
PathRemoveFileSpecW
SHSetValueW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
StgCreateDocfileOnILockBytes
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy

wsock32

select
WSAGetLastError
connect
htons
closesocket
inet_ntoa
socket
WSASetLastError
WSACleanup
WSAStartup
ioctlsocket

udwrite

W_IsIn
W_Log
W_Active_ReadKey
W_ReadConfigFile
W_GetLastCap
W_WriteManualRegXMLFile
W_ReadManualRegXMLFile
W_GetInfoCount
W_EnumInfo
W_UnInit
W_CheckKeyID
W_Active_ReadPoint
W_Active_WritePoint
W_Actice_ReadVersion
W_Actice_WriteVersion
W_Actice_GetSerialNo
W_Key_Count
W_ReadCustomFile
W_GetKeyType
W_Init
W_GetKeySpace
W_AddHostConfigFile

sqlite3

sqlite3_free_table
sqlite3_free
sqlite3_busy_timeout
sqlite3_mprintf
sqlite3_exec
sqlite3_get_table

zfdatacommon

DBGetDepartIDByEmpID
DBGetKVStringA
DBSetEmployeeName
DBSetEmployeeID
DBGetDepartEmployee
DBDelEmployee
DBSetKVString
DBSetKVDWORD
DBGetFixPolicy
DBGetEmpNameByID
CreateDBHandle
SetProcessWhiteBuffer
DBGetZoneInfo
UsbTrustGetBuffer
UsbTrustSetBuffer
GetCompatibleIDBuffer
SetCompatibleIDBuffer
SetPolicyVersion
SetDeviceWhiteBuffer
GetDeviceWhiteBuffer
DBGetKVString
DBGetKVDWORD
DBGetVionetServer
DBSetVionetServer
DBGetAllDepart
DBGetALLEmployee
CloseDBHandle
GetProcessWhiteBuffer

zfnetcommon

UrlPost
UrlPostParamFree
UrlGetBufferFree
UrlMakePostParam

unzip

unzOpenCurrentFile
unzCloseCurrentFile
unzReadCurrentFile
unzClose
unzOpen
unzGoToFirstFile
unzGetCurrentFileInfo
unzGoToNextFile

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 900KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8870e3d1017cc26d788003d2dc52bae0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

udwrite

sqlite3

zfdatacommon

zfnetcommon

unzip

psapi

iphlpapi

Sections

.text Size: 900KB - Virtual size: 899KB

.rdata Size: 194KB - Virtual size: 193KB

.data Size: 16KB - Virtual size: 102KB

.rsrc Size: 53KB - Virtual size: 52KB

.text
Size: 900KB - Virtual size: 899KB

.rdata
Size: 194KB - Virtual size: 193KB

.data
Size: 16KB - Virtual size: 102KB

.rsrc
Size: 53KB - Virtual size: 52KB