2024-08-28_f3eaff4f0273e13a4580cf1ab5ff1a16_icedid_vidar

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-28_f3eaff4f0273e13a4580cf1ab5ff1a16_icedid_vidar
Size

14.1MB
MD5

f3eaff4f0273e13a4580cf1ab5ff1a16
SHA1

565d1bbd2da10d7432d2477d75c6634f88bc34bc
SHA256

f368b65870ca6417c98998a9bfbef431fc673c91261785312c397d700fa0b535
SHA512

c2d30f71676ae5f382b5134a41dc732cdf12456bf1cca2927a9f9aafa5bc774729b7cd6df15d8fe16ccc9ef17bd5a17485bef876c48fa38438eaeb053f26da5b
SSDEEP

196608:o2wYRI0fS6/MKReBl6yHVtx3KrFRJKvxRBj8V8hBoxPOaeco3eBl6yHVtq9b6HQ:+4o6EKKVtIJ8hBotVtRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-28_f3eaff4f0273e13a4580cf1ab5ff1a16_icedid_vidar

Files

2024-08-28_f3eaff4f0273e13a4580cf1ab5ff1a16_icedid_vidar
.exe windows:5 windows x86 arch:x86

f8e2b65d8ae4dac4189c6152682282ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\nsp.netshield6\trunk\imp\place\code\pc\barclient\barclient\bin\barclient.pdb

Imports

ws2_32

accept
listen
ioctlsocket
gethostbyname
inet_ntoa
gethostname
WSACleanup
WSASetLastError
__WSAFDIsSet
select
WSAIoctl
getsockname
ntohs
bind
getsockopt
getpeername
freeaddrinfo
getaddrinfo
sendto
recvfrom
send
closesocket
WSAStartup
shutdown
gethostbyaddr
recv
connect
inet_addr
setsockopt
socket
WSAGetLastError
htons
htonl

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

psapi

EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
EnumProcesses

iphlpapi

GetAdaptersInfo

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdA

dbghelp

MiniDumpWriteDump

kernel32

GlobalMemoryStatus
GetVersion
WaitForMultipleObjects
GetStringTypeExA
SleepEx
IsWow64Process
GetCurrentProcess
DeleteFileA
CopyFileA
GetTickCount
GetModuleFileNameA
InitializeCriticalSection
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
WriteFile
CloseHandle
FindFirstFileA
FindClose
FindNextFileA
Sleep
GetDriveTypeA
GetModuleHandleA
CreateMutexA
GetLastError
SetErrorMode
GetFileAttributesA
GetLocalTime
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
lstrlenA
GetProcAddress
GetModuleHandleW
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
GetTempPathA
GetSystemDirectoryA
SetFileAttributesA
FreeResource
GetVersionExA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
LoadLibraryA
CreateProcessA
GetExitCodeProcess
GetFileSize
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
GetCurrentDirectoryA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
FlushConsoleInputBuffer
GetFullPathNameA
FormatMessageA
lstrcmpiA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcatA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
ExitThread
CreateThread
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetFileType
SetFilePointer
GetSystemTimeAsFileTime
ExitProcess
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
SetHandleCount
RtlUnwind
FlushFileBuffers
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
InterlockedCompareExchange
CreateFileW
lstrcpyA
PeekNamedPipe
LocalFree
GetFileInformationByHandle
ReadConsoleInputA
SetConsoleMode
GlobalFree
SetEnvironmentVariableA

user32

EndPaint
EndDialog
SetDlgItemTextA
GetFocus
ExitWindowsEx
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
GetClientRect
KillTimer
SetWindowTextA
GetClassNameA
GetForegroundWindow
LoadStringA
FindWindowA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetSysColor
BeginPaint
SetFocus
SendMessageA
PostMessageA
MessageBeep
RegisterClassExA
SetWindowPos
PostQuitMessage
RegisterDeviceNotificationA
ReleaseDC
GetDesktopWindow
GetParent
DrawTextA
GetSystemMetrics
DialogBoxIndirectParamA
GetWindowTextA
SetTimer
GetWindowDC
GetWindowRect
DefWindowProcA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

shell32

SHFileOperationA
ShellExecuteA

oleaut32

VariantClear

shlwapi

PathFindExtensionW
PathFindExtensionA

gdi32

GetObjectA
DeleteDC
CreateCompatibleDC
BitBlt
CreateDIBSection
DeleteObject
SelectObject
SetDIBColorTable
SetBkColor
CreateFontIndirectA
SetBkMode
CreateCompatibleBitmap
GetDIBits

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusShutdown
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromFile

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

mciSendStringA

wldap32

ord79
ord35
ord32
ord200
ord301
ord27
ord41
ord46
ord30
ord143
ord26
ord50
ord60
ord22
ord211
ord33

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8e2b65d8ae4dac4189c6152682282ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

psapi

iphlpapi

setupapi

dbghelp

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

gdiplus

version

winmm

wldap32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 387KB - Virtual size: 387KB

.data Size: 51KB - Virtual size: 225KB

.rsrc Size: 12.1MB - Virtual size: 12.1MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 387KB - Virtual size: 387KB

.data
Size: 51KB - Virtual size: 225KB

.rsrc
Size: 12.1MB - Virtual size: 12.1MB