2024-08-12_ffb861862bff72658c622308c7b99325_icedid_poet-rat_sakula

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-12_ffb861862bff72658c622308c7b99325_icedid_poet-rat_sakula
Size

24.3MB
MD5

ffb861862bff72658c622308c7b99325
SHA1

158556037fd75a7722681cdf9db00c14ba9f74b2
SHA256

f1365f904fc56c47ede7b1ed0188311b0dd581fbdd332a0d35121199a6b4ba4a
SHA512

acf72d32b97dc92594080f644feed73f2c4767060a36f62b896eae5b25e2be2cc8e421d261734fb7b0267852941e5bb967473c721ec0ceb584562cf0b153fce3
SSDEEP

196608:ts4ye8MJXVkyxpJA6e6+Sfk5+SJZ3DFbIJu9D0PwXO4jN7rAGMPFlR+v7L5HbeWO:XvJjPJAnXZ9DrO4B7ARs7daV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-12_ffb861862bff72658c622308c7b99325_icedid_poet-rat_sakula

Files

2024-08-12_ffb861862bff72658c622308c7b99325_icedid_poet-rat_sakula
.exe windows:4 windows x86 arch:x86

bcd27a3a50eb13691b357631ef222446

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

winmm

waveOutPrepareHeader
PlaySoundA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
waveOutWrite
waveOutPause
waveOutRestart
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
waveOutUnprepareHeader
midiOutPrepareHeader

ws2_32

inet_ntoa
WSACleanup
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl

kernel32

TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetTempFileNameA
GetStartupInfoA
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
GetTimeFormatA
GetDateFormatA
HeapSize
GetACP
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
IsBadWritePtr
GetStringTypeA
GetStringTypeW
InterlockedExchange
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetCurrentProcessId
SetStdHandle
IsDBCSLeadByte
GetLocalTime
GlobalDeleteAtom
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
SuspendThread
TerminateThread
ReleaseMutex
CreateMutexA
GetVersion
GetLocaleInfoA
GetTimeZoneInformation
QueryPerformanceCounter
SetLastError
GlobalHandle
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
TlsAlloc
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
GlobalFindAtomA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GetProfileIntA
FindResourceExA
lstrcpyW
LocalAlloc

user32

GetTabbedTextExtentA
wvsprintfA
ShowOwnedPopups
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
HideCaret
GetSysColorBrush
GetWindowTextA
GetDlgItem
FindWindowA
keybd_event
GetClassNameA
GetDesktopWindow
VkKeyScanExA
GetKeyboardLayout
GetNextDlgTabItem
UnionRect
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
LoadStringA
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
InvertRect
IsRectEmpty
InsertMenuA
GetMenuStringA
RemoveMenu
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
ClipCursor
DestroyCaret
ShowCaret
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
GetAsyncKeyState
MapDialogRect
InSendMessage
UnregisterClassA
GetDCEx
GetCaretPos
SetCaretPos
CreateCaret
GetDlgCtrlID
LoadImageA

gdi32

BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
CreateCompatibleDC
PolyBezierTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
EndPath
GetTextExtentPoint32A
GetTextMetricsA
GetMapMode
SetRectRgn
GetCharWidthA
CopyMetaFileA
AbortDoc
SetAbortProc
EnumFontFamiliesA
CreateICA
PtInRegion
RectInRegion
CreateEllipticRgnIndirect
Polyline
DeleteEnhMetaFile
SetWinMetaFileBits
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileBits
FrameRgn
CloseFigure
GetPath
StrokeAndFillPath
OffsetRgn
SetPolyFillMode
RestoreDC
SaveDC
PathToRegion
CreateEllipticRgn
DeleteMetaFile
CloseMetaFile
GetTextAlign
GetNearestColor
GetTextFaceA
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
CreatePatternBrush
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
SelectObject
ExtTextOutA
GetDeviceCaps
Polygon
CreateRectRgn
Arc
Chord
Pie
CombineRgn
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
PatBlt
Escape
SetPixelV
CreatePen
EnumFontFamiliesExA
CreateFontA
SetDIBitsToDevice
StretchDIBits
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
SetROP2

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comdlg32

GetOpenFileNameA
CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameA
PrintDlgA
GetFileTitleA

advapi32

SetFileSecurityA
RegSetValueA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileSecurityA

shell32

DragQueryFileA
Shell_NotifyIconA
ExtractIconA
DragFinish
SHGetFileInfoA
ShellExecuteA

ole32

OleSetMenuDescriptor
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoUninitialize
CoInitialize
CoGetClassObject
OleSetClipboard
CreateFileMoniker
CoLockObjectExternal
OleQueryCreateFromData
OleGetClipboard
CreateGenericComposite
CreateItemMoniker
OleSaveToStream
WriteClassStm
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSave
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateFromData
OleSetContainedObject
OleLockRunning
OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CoDisconnectObject
OleIsRunning
OleLoad
OleConvertOLESTREAMToIStorage
OleGetIconOfClass

oleaut32

SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
UnRegisterTypeLi
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayDestroy

odbc32

ord18
ord44
ord3
ord54
ord68
ord72
ord4
ord48
ord49
ord20
ord17
ord59
ord8
ord19
ord46
ord12
ord43
ord41
ord2
ord1
ord50
ord45
ord51
ord15
ord9
ord14
ord11
ord13
ord16
ord5
ord10

comctl32

CreatePropertySheetPageA
PropertySheetA
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Read
ImageList_Duplicate
DestroyPropertySheetPage

wininet

InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FtpGetFileA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

imm32

ImmGetContext
ImmGetCompositionStringA
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionWindow

wldap32

ord29

oledlg

ord11
ord4
ord3

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22.0MB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcd27a3a50eb13691b357631ef222446

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

wininet

imm32

wldap32

oledlg

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 22.0MB - Virtual size: 22.0MB

.data Size: 156KB - Virtual size: 510KB

.rsrc Size: 104KB - Virtual size: 100KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 22.0MB - Virtual size: 22.0MB

.data
Size: 156KB - Virtual size: 510KB

.rsrc
Size: 104KB - Virtual size: 100KB