2024-07-03_30f61732a4908bef3f499c7fb6744d27_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_30f61732a4908bef3f499c7fb6744d27_icedid
Size

521KB
MD5

30f61732a4908bef3f499c7fb6744d27
SHA1

4e1b5c859471ee5728ff35fda9d3012757b6eb86
SHA256

7c16ce1e4d34472d24c8bf2d2cf8bd453d0e5714529a2c71b973b8ccc579d71f
SHA512

b26a5915ebc68e93a587a246e8ccf91f3b49b107f5de2bae35ec1a788cdeec5a768c3a0c6fc3015f11376a9ef3a1dd9be9196ab3314b1e13e99436ec35cf188d
SSDEEP

12288:OAyIr+48zVu76oR3a/c2kQGJwPdKN2HeQi8GNjx:Xyh48z4Ac21GJwPdKabGNjx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_30f61732a4908bef3f499c7fb6744d27_icedid

Files

2024-07-03_30f61732a4908bef3f499c7fb6744d27_icedid
.exe windows:5 windows x86 arch:x86

a8176f280287d9d00e824de93b9f026d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\prj\3in1\clientxj\vcproject\Release\zfClientTrans.pdb

Imports

unzip

unzClose
unzReadCurrentFile
unzCloseCurrentFile
unzGoToNextFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzOpen
unzOpenCurrentFile

zftrans

ZfTransStop
ZfTransStart
ZfTransCreate
ZfTransClose
ZfTransGetLastError

kernel32

GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RtlUnwind
HeapReAlloc
RaiseException
Sleep
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetThreadLocale
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
WritePrivateProfileStringW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetFileAttributesExW
WriteFile
SetFilePointer
LocalFree
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetVersionExW
GetModuleFileNameW
GlobalFlags
GlobalFree
GlobalAlloc
FreeResource
MultiByteToWideChar
lstrlenA
lstrcpynW
SleepEx
GetLocalTime
GetTickCount
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
Beep
GetCurrentDirectoryW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
GetWindowsDirectoryW
GetCommandLineW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateMutexW
SetCurrentDirectoryW
VirtualQuery
GetProcessHeap

user32

GetSysColorBrush
CharUpperW
DestroyMenu
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckRadioButton
GetWindowThreadProcessId
IsWindowEnabled
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
SetCapture
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
CallWindowProcW
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsZoomed
EqualRect
SetActiveWindow
GetWindowRect
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
PtInRect
IntersectRect
SetCursor
SetRectEmpty
ReleaseCapture
CharNextW
PostThreadMessageW
IsRectEmpty
ReleaseDC
GetDC
RegisterClipboardFormatW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
PostQuitMessage
AppendMenuW
CreatePopupMenu
RegisterWindowMessageW
GetCursorPos
LoadImageW
SetForegroundWindow
IsWindow
InvalidateRect
KillTimer
SetTimer
GetParent
FillRect
UnionRect
CopyRect
OffsetRect
GetClientRect
GetFocus
EnableWindow
RegisterClassW
DefWindowProcW
LoadIconW
LoadCursorW
SendMessageW
PostMessageW
CopyAcceleratorTableW
InvalidateRgn
UpdateWindow
SetRect
GetMessagePos

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SetViewportExtEx
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ScaleViewportExtEx
SetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
DeleteObject
CreatePatternBrush
SetBrushOrgEx
StretchBlt
GetObjectW
CreateDIBSection
GetViewportOrgEx
BitBlt
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreatePen
Rectangle
SelectObject
GetStockObject
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W

msimg32

TransparentBlt
GradientFill
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW
Shell_NotifyIconW
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindFileNameW
PathAppendW
SHGetValueW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddExtensionW
PathAddBackslashW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
SHSetValueW

oledlg

OleUIBusyW

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleUninitialize
StgOpenStorageOnILockBytes
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitialize
CoFreeUnusedLibraries
OleInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SysAllocString
SysFreeString
SysStringLen

stringmgr

GetStringMgr

sqlite3

sqlite3_free
sqlite3_exec
sqlite3_mprintf

zfdatacommon

DBGetKVDWORD
CloseDBHandle
CreateDBHandle

psapi

GetModuleFileNameExW

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8176f280287d9d00e824de93b9f026d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unzip

zftrans

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

stringmgr

sqlite3

zfdatacommon

psapi

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 76KB - Virtual size: 76KB