2024-08-22_af37841dec3644201f19dfde198adc16_icedid_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-22_af37841dec3644201f19dfde198adc16_icedid_wapomi
Size

1.8MB
MD5

af37841dec3644201f19dfde198adc16
SHA1

f41bed25ec3013a4b5a37bb5de5466bbc8185d1c
SHA256

7a9d6289494db252ebc168fa46d09c12c34811f7de2ecfed5f62971c03b04332
SHA512

5ef29d499a4d88fe5cdedbc8f9584fa379a2172568b94cadbd7902ad19dd42cae66480e453e14b582b4185155cc40a6e7718d89518ee115d4cb6c797a2c5ba80
SSDEEP

24576:zqc2h2XmC7NjQix8xu6N+J1/tyvjOMYHUqklitz2p:zg2hPx8BN+j/tyrOTklqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-22_af37841dec3644201f19dfde198adc16_icedid_wapomi

Files

2024-08-22_af37841dec3644201f19dfde198adc16_icedid_wapomi
.exe windows:5 windows x86 arch:x86

bc804cb7e8d826abe7e3a16769a10eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

processflow

ConnectDB
WriteDataToFlow
DisconnectDB
CheckProcessEnable
ExitProcessFlow
InitProcessFlow

porthound

CreateDevHound
ReleaseDevHound

sprdmesapp

MES_CheckPreStation
MES_InitTest
MES_WriteTestResult
MES_GetLastError
MES_Disconnect
MES_Release
MES_Create
MES_EnableCheck
MES_GetBatchInfo
MES_GetBatchName

secbinpack9

CreateSecPacParse

liveupdatesdll

CheckToolVerUpdate

wininet

InternetGetConnectedState

kernel32

GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
GetCurrentProcessId
VirtualProtect
GetModuleHandleA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
SetFileTime
GetTempFileNameW
GetFullPathNameW
GetDiskFreeSpaceW
GlobalGetAtomNameW
MoveFileW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetShortPathNameW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
GetVersionExW
LocalReAlloc
TlsFree
GlobalFlags
SystemTimeToFileTime
FindResourceExW
GetFileAttributesExW
LocalFileTimeToFileTime
SetErrorMode
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
CreateFileA
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetComputerNameExW
lstrcpynW
lstrcpyW
lstrcatW
RemoveDirectoryW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
CreateNamedPipeW
FlushFileBuffers
IsBadWritePtr
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
IsBadReadPtr
GetFileTime
InitializeCriticalSection
InterlockedIncrement
DeleteCriticalSection
GetCurrentDirectoryW
GetFileSizeEx
SetFilePointer
WriteFile
GetSystemDirectoryW
FindNextFileW
InterlockedDecrement
Sleep
CreateDirectoryW
GetTempPathW
DeleteFileW
CreateEventW
CreateFileW
GetFileSize
ReadFile
WaitForSingleObject
ResetEvent
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
GetLocalTime
CloseHandle
WritePrivateProfileSectionW
GetPrivateProfileSectionW
FindFirstFileW
FindClose
SetEvent
FreeLibrary
GetModuleFileNameW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
SetFileAttributesW
WritePrivateProfileStringW
GetTickCount
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenA
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
TlsSetValue

user32

GetSysColorBrush
LoadCursorW
UnregisterClassW
DeleteMenu
DestroyIcon
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatW
PostThreadMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
LoadMenuW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
TrackPopupMenu
SetMenu
SetForegroundWindow
IsWindowVisible
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
CharUpperW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
GetDesktopWindow
DrawIcon
GetMessagePos
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
ScreenToClient
MapWindowPoints
DrawFocusRect
DrawFrameControl
OffsetRect
PtInRect
GetClassNameW
GetWindow
ReleaseDC
GetDC
LoadImageW
FrameRect
IsRectEmpty
IsWindow
EnumWindows
PeekMessageW
GetSystemMenu
EnableMenuItem
GetWindowTextW
GetKeyState
MessageBeep
SetRect
keybd_event
GetCaretPos
KillTimer
SetTimer
InflateRect
PostMessageW
UpdateWindow
GetFocus
FillRect
IsZoomed
CopyRect
SystemParametersInfoW
GetMenuItemInfoW
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
GetClientRect
LoadBitmapW
GetSysColor
BringWindowToTop
TranslateAcceleratorW
SetWindowContextHelpId
ShowOwnedPopups
SetCursor
GetMessageW
ValidateRect
PostQuitMessage
DrawTextW
GetParent
TranslateMessage
DispatchMessageW
GetWindowRect
LoadIconW
SendMessageW
EnableWindow
InvalidateRect
SetRectEmpty
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
GetCursorPos
WindowFromPoint
MapDialogRect
GetAsyncKeyState
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetWindowLongW
DestroyWindow

gdi32

GetClipBox
SetBkColor
CreateBitmap
CreateRectRgnIndirect
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetDeviceCaps
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetMapMode
DPtoLP
GetBkColor
GetCharWidthW
StretchDIBits
EnumFontFamiliesExW
GetRgnBox
MoveToEx
LineTo
CreateDIBSection
CreateFontW
ExtTextOutW
Rectangle
CreatePen
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetBkMode
SetTextColor
DeleteObject
CreateSolidBrush
GetTextColor
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
GetStockObject
SetWindowExtEx
SelectObject
IntersectClipRect
ExcludeClipRect
SetMapMode

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
CryptReleaseContext
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
CryptAcquireContextW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueW
RegCloseKey
CryptGenRandom

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
DragFinish
DragQueryFileW
SHGetFileInfoW
ExtractIconW

comctl32

ImageList_GetIconSize
ImageList_DrawEx

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoRegisterMessageFilter
CoTaskMemFree
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
VariantCopy
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 756KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ga&�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc804cb7e8d826abe7e3a16769a10eda

Headers

DLL Characteristics

File Characteristics

Imports

version

processflow

porthound

sprdmesapp

secbinpack9

liveupdatesdll

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 756KB - Virtual size: 756KB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 18KB - Virtual size: 36KB

.rsrc Size: 751KB - Virtual size: 750KB

ga&�u� Size: 16KB - Virtual size: 20KB

.text
Size: 756KB - Virtual size: 756KB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 18KB - Virtual size: 36KB

.rsrc
Size: 751KB - Virtual size: 750KB

ga&�u�
Size: 16KB - Virtual size: 20KB