2024-08-25_9419f77d9dc9ce1f82e34a1d57fd5793_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-25_9419f77d9dc9ce1f82e34a1d57fd5793_icedid
Size

4.2MB
MD5

9419f77d9dc9ce1f82e34a1d57fd5793
SHA1

20340277ad1d4476d3561f1751f8b74aac268417
SHA256

21750bebc2e9cad2fe3bb5b8fa49ecbcd8636549dc7b05783f1adbbf96ea634a
SHA512

edc7afa1020637c46225ab4518541abbca5f8452dd1c2c10eb15c1ba6c87ed2682afdde4850fa8b7f4d634bd862661a0a1e206c3da4c5f3987d7c8c8ec01990e
SSDEEP

98304:2pGy2Dv60vGgcj8SnmK7UU0Gx7Yo1S9Jin6zXIneW/zyQpwNtZDrEbir5h8:Dy2Dv1s8e2Xie4zCVU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-25_9419f77d9dc9ce1f82e34a1d57fd5793_icedid

Files

2024-08-25_9419f77d9dc9ce1f82e34a1d57fd5793_icedid
.exe windows:5 windows x86 arch:x86

ba666b910e5dd62c709994fcb1c475c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\WorkSpace\CDGOUT_30_SPH200\OutPut\ODMGuard\ODMGuard.pdb

Imports

kernel32

SetVolumeLabelW
MoveFileW
GetStringTypeExW
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
GetFileAttributesExW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetModuleHandleA
SetThreadPriority
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
CreateSemaphoreW
ReleaseSemaphore
ReleaseMutex
WaitForMultipleObjects
SetErrorMode
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
GetThreadContext
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeW
ExitProcess
DeleteFileA
SetEnvironmentVariableW
HeapReAlloc
ExitThread
HeapSize
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
SetThreadContext
FlushInstructionCache
ContinueDebugEvent
GetProcessVersion
ReadProcessMemory
VirtualProtectEx
SuspendThread
GetLogicalDriveStringsW
QueryDosDeviceW
GetLocalTime
lstrcpynA
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
FindFirstFileA
DefineDosDeviceW
MoveFileExW
DebugBreak
RaiseException
WaitForDebugEvent
lstrcmpiA
GetTempPathW
LocalAlloc
LocalFree
InterlockedDecrement
RemoveDirectoryW
GetSystemInfo
GetCommandLineW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetSystemDefaultLangID
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SetSystemTime
GetSystemTime
GetLogicalDrives
Process32FirstW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLongPathNameW
GetEnvironmentVariableW
UnmapViewOfFile
GetProcessTimes
GetSystemTimeAsFileTime
Module32FirstW
Module32NextW
FormatMessageW
CreateMutexW
GetCurrentProcessId
GetCurrentDirectoryW
CreateDirectoryW
CopyFileW
SetFileAttributesW
GetPrivateProfileStringW
OpenThread
CreateToolhelp32Snapshot
Process32NextW
OpenProcess
OpenMutexW
CreateProcessW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
GetVersionExA
CreateEventW
ResetEvent
WaitForSingleObject
CreateThread
GetCurrentThreadId
GetTickCount
OpenEventW
SetEvent
FreeLibrary
OutputDebugStringW
IsBadStringPtrW
IsBadStringPtrA
TerminateProcess
IsBadCodePtr
GetVersion
IsBadReadPtr
IsBadWritePtr
VirtualProtect
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileIntW
WritePrivateProfileStringW
Sleep
ResumeThread
GetModuleHandleW
LoadLibraryW
GetProcAddress
ExpandEnvironmentStringsW
SearchPathW
SetLastError
GetFileAttributesW
lstrcmpiW
lstrcpynW
GetVersionExW
GetCurrentProcess
SetPriorityClass
LoadResource
LockResource
SizeofResource
FindResourceW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
lstrcpyW
GetModuleFileNameW
GetSystemDirectoryW
lstrcatW
DeleteFileW
GetDiskFreeSpaceW
lstrlenW
WideCharToMultiByte
GetLastError
SetFilePointer
lstrlenA
MultiByteToWideChar
GetFileSize
DeviceIoControl
CreateFileW
ReadFile
CloseHandle
GetStartupInfoW
WriteFile

user32

GetMenuItemInfoW
InflateRect
SetWindowContextHelpId
ShowOwnedPopups
SetCursor
PostQuitMessage
InvalidateRect
SetRectEmpty
IsZoomed
LoadMenuW
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuStringW
InsertMenuW
RemoveMenu
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
DestroyMenu
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
SendMessageW
EnableWindow
IsWindow
SystemParametersInfoW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
UpdateWindow
GetSubMenu
GetMenuItemID
MsgWaitForMultipleObjects
GetSysColorBrush
LoadCursorW
GetDialogBaseUnits
UnregisterClassW
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
DeleteMenu
SetCapture
WaitMessage
DestroyIcon
SetParent
CharNextW
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
GetClientRect
MapDialogRect
wsprintfW
LoadIconW
SetWindowLongW
GetWindowLongW
PostMessageW
GetDesktopWindow
GetWindow
GetDlgCtrlID
BroadcastSystemMessageW
GetDlgItem
SetForegroundWindow
DrawIcon
GetSystemMetrics
LockWindowUpdate
GetDCEx
RegisterClipboardFormatW
UnionRect
WinHelpW
IsIconic
GetWindowRect
MessageBoxW
SetWindowsHookExW
CallNextHookEx
PeekMessageW
UnhookWindowsHookEx
EnumChildWindows
GetWindowTextW
GetParent
GetClassNameW
WaitForInputIdle
wsprintfA
SetTimer
AppendMenuW
GetSystemMenu
KillTimer
CharUpperW
CopyRect
GetDC
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
SetDlgItemInt

gdi32

CreateCompatibleBitmap
SetRectRgn
CombineRgn
GetMapMode
StretchDIBits
GetBkColor
GetTextColor
GetRgnBox
CreateFontW
DPtoLP
GetCharWidthW
GetTextMetricsW
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
TextOutW
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
PatBlt
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetTextExtentPoint32W
CreateRectRgnIndirect
CreateFontIndirectW
ExtTextOutW

comdlg32

GetOpenFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyW
DeregisterEventSource
RegisterEventSourceW
QueryServiceConfigW
ControlService
QueryServiceStatusEx
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegQueryValueW
RegCreateKeyExW
RegDeleteValueW
RegCreateKeyW
RegSetValueW
ReportEventW
RegDeleteKeyW
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
FindExecutableW
SHChangeNotify
ShellExecuteW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
ExtractIconW

shlwapi

StrStrIW
StrStrIA
PathFileExistsW
PathFindFileNameW
SHGetValueW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
SHSetValueW
SHDeleteValueW

oledlg

OleUIBusyW

ole32

OleSetClipboard
OleDuplicateData
OleIsCurrentClipboard
StringFromCLSID
CoTaskMemAlloc
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterClassObject
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx
OleUninitialize
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleRun
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTreatAsClass

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetElement
VariantClear
VariantInit
VariantCopy
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
VariantChangeType
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
GetErrorInfo
SetErrorInfo
CreateErrorInfo

iphlpapi

GetAdaptersInfo

ntdll

RtlFreeAnsiString
NtClose
NtCreateFile
RtlNtStatusToDosError
ZwQueryObject
RtlUnicodeStringToAnsiString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

ImageUnload
ImageLoad

psapi

GetModuleInformation
GetModuleFileNameExW
EnumProcessModules
GetMappedFileNameW

ws2_32

WSACleanup
select
closesocket
recv
send
connect
htons
inet_addr
gethostbyname
socket
htonl
ntohl
WSAStartup

Exports

Exports

FormatNTFS

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba666b910e5dd62c709994fcb1c475c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

ntdll

version

imagehlp

psapi

ws2_32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 306KB - Virtual size: 305KB

.data Size: 33KB - Virtual size: 73KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 306KB - Virtual size: 305KB

.data
Size: 33KB - Virtual size: 73KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB