2024-07-27_35a171c75317cad21c2235fbb5f08f1b_icedid_skypams

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-27_35a171c75317cad21c2235fbb5f08f1b_icedid_skypams
Size

1.7MB
MD5

35a171c75317cad21c2235fbb5f08f1b
SHA1

9c8f690faaf1b10b6b27ccd4d3394c9df71fa6d6
SHA256

a3ab3387a82c1d71347747ae2a7b894f12c82c601cc185459197c2e659bae5c3
SHA512

20c34d11304a37e53c38b716f6c711ad7b7fb9da46643d6e945be25f6a1571a783fc8afe6ea360d1d0a0993d00c750e2369dbac4c31647f6921053656954b07d
SSDEEP

49152:maOpuDB3YoUgYvQaj5FKXTWVQCS9o+Pb3/d5m0r+XRJjv:mrj5FKXTW89oCi08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-27_35a171c75317cad21c2235fbb5f08f1b_icedid_skypams

Files

2024-07-27_35a171c75317cad21c2235fbb5f08f1b_icedid_skypams
.exe windows:5 windows x86 arch:x86

886f2a00983d55c22fb2f5a74d9ade19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Project\optimizepc\Release\GoClean.pdb

Imports

psapi

EnumProcesses

kernel32

GetStartupInfoA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
GetTimeZoneInformation
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapCreate
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
FreeEnvironmentStringsA
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
GetProcAddress
CreateFileW
InterlockedCompareExchange
VirtualProtect
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetModuleHandleW
ExitThread
GetEnvironmentStrings
VirtualQuery
GetModuleHandleA
LocalFree
FormatMessageA
GetLastError
lstrlenA
DeleteFileA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetVersionExA
CreateFileA
GetDriveTypeA
CloseHandle
DeviceIoControl
Sleep
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
ReadFile
SetFilePointer
VirtualFree
VirtualAlloc
DefineDosDeviceA
SetLastError
LoadLibraryA
FreeLibrary
GetTickCount
GetProcessTimes
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
GetLongPathNameA
GetTempPathA
ResumeThread
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
CopyFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
RemoveDirectoryA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameW
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
RaiseException
GetModuleFileNameA
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetTempFileNameA
ResetEvent
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetComputerNameA
GetVolumeInformationA
CreateThread
TerminateThread
CreateEventA
SetEvent
GetExitCodeThread
GetThreadPriority
SetThreadPriority
lstrcmpA
lstrcpyW
GetVersion
GetDiskFreeSpaceExA
MoveFileA
SuspendThread
LocalAlloc
MultiByteToWideChar
ExpandEnvironmentStringsA
CreateProcessA
GetSystemInfo
GlobalMemoryStatus
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
ExitProcess
WinExec
GetCurrentDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetFileSize
WriteFile
GetFileAttributesA
SetFileAttributesA
FindClose
WaitForSingleObject
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
PostMessageA
GetClassNameA
EnumWindows
GetWindowTextA
GetWindowDC
GetClassInfoExA
AdjustWindowRectEx
EqualRect
CallWindowProcA
GetMenu
SetWindowPos
IntersectRect
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
EndDialog
BeginPaint
EndPaint
GetClassInfoA
RegisterClassA
DefWindowProcA
UpdateWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawStateA
FrameRect
CreateIconIndirect
TrackPopupMenuEx
DestroyCursor
DestroyMenu
EnumDisplaySettingsA
RegisterWindowMessageA
SetForegroundWindow
SetParent
SetActiveWindow
LoadMenuA
GetSubMenu
GetWindowThreadProcessId
CharUpperA
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
CopyAcceleratorTableA
GetMenuItemID
DrawAnimatedRects
FindWindowA
InvalidateRgn
SetCapture
ReleaseCapture
CharNextA
UnregisterClassA
GetNextDlgGroupItem
RegisterClipboardFormatA
FindWindowExA
SendMessageA
GetWindowRect
EnableWindow
GetSysColor
wsprintfA
GetClientRect
GetParent
LoadBitmapA
PostThreadMessageA
GetMenuItemCount
SetTimer
KillTimer
MessageBoxA
PtInRect
LoadImageA
FillRect
InvalidateRect
InflateRect
GetDC
ReleaseDC
RedrawWindow
PostQuitMessage
PeekMessageA
GetSystemMetrics
SetWindowLongA
GetWindowLongA
ShowWindow
MessageBeep
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
LoadIconA
GetIconInfo
EnumChildWindows
SystemParametersInfoA
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
IsWindow
DestroyIcon
ScreenToClient
IsRectEmpty
OffsetRect
GetWindowPlacement
CreateWindowExA
SetRect
MoveWindow
GetWindow
GetDlgCtrlID
GetDlgItem
SetRectEmpty
IsWindowVisible
LockWindowUpdate
CopyRect
LoadCursorA
MsgWaitForMultipleObjects
DispatchMessageA
SetCursor

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetWindowExtEx
CreatePen
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
GetViewportExtEx
SetTextAlign
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetClipBox
SetDIBitsToDevice
GetDeviceCaps
Rectangle
GetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
SetPixel
CreateFontIndirectA
GetObjectA
CreateFontA
CreateSolidBrush
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
GetTextExtentPoint32A
CreateRectRgn
DeleteObject
FillRgn
CombineRgn
SetRectRgn
DeleteDC
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetKeySecurity
CloseServiceHandle
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
StartServiceA
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegQueryValueA
EnumDependentServicesA
ControlService
QueryServiceStatusEx
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
EnumServicesStatusExA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegFlushKey
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
GetUserNameA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
QueryServiceStatus

shell32

SHGetSpecialFolderPathA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SHGetMalloc
Shell_NotifyIconA
SHAppBarMessage
ShellExecuteExA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
PathAppendA
PathAddBackslashA
SHDeleteKeyA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA

oledlg

ord8

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayGetElement
VarDateFromStr
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
OleLoadPicture
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

gethostbyname
gethostbyaddr
bind
inet_addr
htons
recvfrom
sendto
WSAGetLastError
inet_ntoa
setsockopt
WSASetLastError
closesocket
WSASocketA
select
WSACleanup
gethostname
WSAStartup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetNetworkParams
GetAdaptersInfo

setupapi

SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
CM_Get_Device_IDA
SetupDiGetDeviceInstanceIdA

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CryptDecodeObject

winmm

PlaySoundA
waveOutGetNumDevs
waveOutGetDevCapsA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetOpenUrlA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

886f2a00983d55c22fb2f5a74d9ade19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

version

iphlpapi

setupapi

pdh

crypt32

winmm

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 44KB - Virtual size: 83KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 44KB - Virtual size: 83KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB