2024-09-03_baa35405e538c910a78d36fd482a4444_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-03_baa35405e538c910a78d36fd482a4444_icedid
Size

1.1MB
MD5

baa35405e538c910a78d36fd482a4444
SHA1

42564f74705f5d8ad96db61a9bf61722090023d4
SHA256

d7a005e3967e7eb9ad1dd2f2b6c555002d1b60b73d468a18a0e6dfa7d10358a8
SHA512

6bd9bce66d1bf7f9943c839b2dfcf3bcb67cd0de4e6cdaa87afb3eb73f66e3e937941690847d1185d31cc82eab1f632e840ac8232f0f0c5ff9b6802abbcec785
SSDEEP

24576:jH9rKYssqD1taji9ut2rR8FfBhRJUEbDk1ulUC:R2YssW1taji9ut2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_baa35405e538c910a78d36fd482a4444_icedid

Files

2024-09-03_baa35405e538c910a78d36fd482a4444_icedid
.exe windows:4 windows x86 arch:x86

d9c4bc91f4dd6a1bbd87588646f2d9af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\skumar\My Documents\Visual Studio Projects\EasyInfo\Layer - Presentation (GUI2 - MFC)\Release\Layer - Presentation (GUI2 - MFC).pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetTickCount
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocalTime
TerminateProcess
HeapReAlloc
GetStartupInfoA
HeapSize
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
InterlockedIncrement
GlobalFlags
InterlockedDecrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
SetLastError
MulDiv
lstrcpynA
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetTempPathA
GetModuleFileNameA
SearchPathA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
CopyFileA
GetFileTime
FileTimeToSystemTime
GetFileSize
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetComputerNameA
GlobalMemoryStatus
LoadLibraryA
FreeLibrary
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetVolumeInformationA
GetProcAddress
GetCurrentDirectoryA
GetSystemDirectoryA
SetCurrentDirectoryA
CreateProcessA
CreateMutexA
GlobalAlloc
GlobalFree
LocalAlloc
GetModuleHandleA
FindResourceExA
FreeResource
GetCommandLineA
LoadResource
LockResource
SizeofResource
FindResourceA
DeleteFileA
CreateFileA
CloseHandle
WriteFile
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
InterlockedExchange
SetUnhandledExceptionFilter

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
ReleaseCapture
SetCapture
CharNextA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetMessageA
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
wsprintfA
ShowWindow
IsDialogMessageA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetMenuState
GetMenuItemID
PostThreadMessageA
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
GetParent
GetNextDlgTabItem
RegisterClipboardFormatA
CallNextHookEx
EndDialog
EnumDisplayDevicesA
EnumDisplaySettingsExA
PeekMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
keybd_event
IsIconic
GetSystemMetrics
DrawIcon
MessageBoxA
GetFocus
MoveWindow
GetWindowRect
ScreenToClient
SendMessageA
SetWindowTextA
IsWindow
GetClientRect
GetDlgItem
LoadIconA
LoadBitmapA
GetDC
UnregisterClassA
EnableWindow
CharUpperA
SendDlgItemMessageA

gdi32

GetTextColor
GetRgnBox
GetMapMode
GetBkColor
GetWindowExtEx
GetViewportExtEx
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
CreateRectRgnIndirect
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetDIBits
GetObjectA
PtVisible

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
GetTokenInformation
OpenProcessToken
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
LookupAccountSidA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA

shell32

SHEmptyRecycleBinA
SHFileOperationA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrStrA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantClear
SysFreeString

ddraw

DirectDrawEnumerateA
DirectDrawCreate

dsound

ord2

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

Sections

.text
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 652KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9c4bc91f4dd6a1bbd87588646f2d9af

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ddraw

dsound

version

wininet

Sections

.text Size: 336KB - Virtual size: 334KB

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 652KB - Virtual size: 656KB

.text
Size: 336KB - Virtual size: 334KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 652KB - Virtual size: 656KB