2024-09-04_4e1f276ea252a21c5d51617b5ed05489_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-04_4e1f276ea252a21c5d51617b5ed05489_icedid
Size

10.0MB
MD5

4e1f276ea252a21c5d51617b5ed05489
SHA1

aea0bc206cb76ecc9d6f44d1b7164e1b589e640d
SHA256

0f77724fead9c8e65de46ab15bc57bcc4c34220eda37b7405629136ff4173c02
SHA512

e1b40967c8b38ebf51f049e0bc4c6340b2875a2d7ac2f0ac04e3aa314a7d6c5a1e659807152f47d7833025eeb859109b2a2d427a46428d11c3574a4a44f50013
SSDEEP

196608:xDsXFti0lFlBySXz1mpq4RsPe6JHZ1ggWchgtwmfaq6TF:4ttlByaDimF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-04_4e1f276ea252a21c5d51617b5ed05489_icedid

Files

2024-09-04_4e1f276ea252a21c5d51617b5ed05489_icedid
.exe windows:5 windows x86 arch:x86

03e2afb6ff43e2b8a3e67164a6eeb3bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\PROJ\CodeLogic\Release\PilotEdit.pdb

Imports

ws2_32

closesocket
inet_addr
socket
select
bind
WSAGetLastError
gethostbyname
WSASetLastError
connect
send
recv
WSACleanup
WSAStartup
inet_ntoa
ntohs
htons
getsockname

kernel32

GetComputerNameW
FormatMessageA
DeleteFileA
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
ReleaseSemaphore
LocalSize
OpenProcess
FlushInstructionCache
lstrcpynA
GetUserDefaultLangID
OutputDebugStringW
GetPrivateProfileSectionNamesW
GetLocalTime
LoadLibraryExW
lstrcpynW
EnumResourceTypesW
FindResourceW
LoadResource
SizeofResource
LockResource
GetFileSize
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
CopyFileW
FormatMessageW
CreateFileW
GetLastError
MoveFileW
CreateFileMappingW
CloseHandle
DeleteFileW
LocalFree
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenW
GetCurrentDirectoryW
ExitProcess
SystemTimeToFileTime
CreateDirectoryW
GetModuleHandleW
GetTickCount
SetFileTime
LoadLibraryW
GetVersionExW
GetFileAttributesW
FileTimeToSystemTime
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
GetLongPathNameW
SetLastError
GetProcAddress
GetFileTime
GetFileAttributesExW
GetSystemTime
GetTempFileNameW
EnumResourceNamesW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
VirtualQuery
GetSystemInfo
VirtualAlloc
CreateThread
ExitThread
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoW
GetProfileIntW
FindResourceExW
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
RaiseException
VirtualProtect
lstrlenA
GlobalReAlloc
GetDiskFreeSpaceW
LocalAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FileTimeToLocalFileTime
FindNextFileW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
GlobalGetAtomNameW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalSize
GlobalAlloc
MulDiv
GlobalFree
FreeResource
InterlockedIncrement
WaitForSingleObject
MoveFileExW
FreeLibrary
RemoveDirectoryW
GlobalUnlock
GlobalLock
GetACP
CreateProcessW
InterlockedDecrement
CompareFileTime
SetFileAttributesW

user32

OpenClipboard
GetDoubleClickTime
DrawEdge
DrawFrameControl
GetCursor
InvertRect
DrawFocusRect
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
SetClipboardData
DrawIconEx
LoadImageW
CreateIconIndirect
CreateIconFromResourceEx
CopyIcon
GetIconInfo
DrawStateW
LockWindowUpdate
GetDCEx
GetTabbedTextExtentA
CreateMenu
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DestroyIcon
SetWindowRgn
DrawIcon
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
UnregisterClassW
GetDialogBaseUnits
GetSysColorBrush
WindowFromPoint
IsClipboardFormatAvailable
GetAsyncKeyState
WaitMessage
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyCursor
SetCursorPos
MapVirtualKeyW
GetKeyNameTextW
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
TranslateAcceleratorW
GetMessageW
TranslateMessage
CloseClipboard
ValidateRect
CharUpperW
MoveWindow
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetWindowRect
UpdateWindow
RegisterClipboardFormatW
LoadBitmapW
GetDesktopWindow
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetMenuStringW
AppendMenuW
GetMenuItemID
UnhookWindowsHookEx
GetActiveWindow
EmptyClipboard
GetMenuDefaultItem
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
GetWindowRgn
IsMenu
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
ClientToScreen
SetFocus
GetDlgItem
SetWindowLongW
EndDialog
ShowCaret
HideCaret
SetClassLongW
GetClipboardFormatNameW
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SendMessageTimeoutW
SetMenuDefaultItem
GetCursorPos
GetWindowTextW
IntersectRect
EnumWindows
PostMessageW
CopyRect
CheckMenuItem
GetScrollPos
ReleaseCapture
RemoveMenu
ShowScrollBar
EnableMenuItem
SetScrollPos
LoadMenuW
GetScrollRange
SetScrollRange
PtInRect
ModifyMenuW
GetClientRect
GetSubMenu
GetSysColor
KillTimer
SetTimer
ScreenToClient
EnableWindow
SendMessageW
LoadIconW
RegisterWindowMessageW
InsertMenuW
GetParent
GetMenuItemCount
wsprintfW
DeleteMenu
IsWindowVisible
IsWindow
InvalidateRect
GetFocus
SetForegroundWindow
BringWindowToTop
GetMessagePos
LoadCursorW
SetCursor
ReleaseDC
GetDC
GetWindowThreadProcessId
MessageBoxW
GetKeyState
SetCapture
FrameRect
FillRect
GetWindow
SetRect
IsZoomed
IsIconic
SetActiveWindow
SetWindowTextW
CreateWindowExW
ShowWindow

gdi32

PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
GetViewportOrgEx
DPtoLP
Rectangle
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
SetRectRgn
CombineRgn
GetMapMode
StretchDIBits
CreateEllipticRgn
Ellipse
GetTextColor
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
EnumFontFamiliesExW
StretchBlt
CreateDIBSection
SetPixel
GetDIBits
CreateBrushIndirect
Polygon
BeginPath
EndPath
StrokePath
GetBitmapBits
ExtCreateRegion
GetCurrentObject
CreatePolygonRgn
RoundRect
Polyline
FillPath
StrokeAndFillPath
CloseFigure
PtInRegion
ExtFloodFill
SetBrushOrgEx
GetObjectA
OffsetRgn
GetTextCharsetInfo
CreatePalette
CreateDIBitmap
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SelectObject
CreateRectRgnIndirect
ExtTextOutW
BitBlt
CreateFontIndirectW
GetBkColor
GetDeviceCaps
PatBlt
CreateSolidBrush
GetTextMetricsW
CreateFontW
GetCharWidthW
CreateBitmap
GetTextExtentPoint32W
CopyMetaFileW
CreateDCW
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
GetJobW
DocumentPropertiesW

advapi32

RegCloseKey
RegSetValueW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
SetFileSecurityW
GetFileSecurityW
RegCreateKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
IsTextUnicode
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
CryptDestroyKey
CryptExportKey
CryptGetUserKey
CryptDestroyHash
CryptCreateHash
CryptSignHashA
CryptSetHashParam
CryptEnumProvidersA
CryptGetProvParam

shell32

SHAppBarMessage
DragAcceptFiles
SHGetSpecialFolderPathW
DragQueryFileW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW
DragFinish
ExtractIconW
ShellExecuteW
SHGetSpecialFolderLocation

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_GetImageCount

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathCombineW
SHCreateStreamOnFileW
PathFindFileNameA

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

CoLockObjectExternal
OleRun
CreateStreamOnHGlobal
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
OleFlushClipboard

oleaut32

SysAllocString
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
OleLoadPicturePath
VarUdateFromDate
VariantChangeTypeEx
GetErrorInfo
SysFreeString

wsock32

inet_ntoa
__WSAFDIsSet
shutdown
setsockopt
getsockopt

gdiplus

GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipSetCompositingMode
GdipSetCompositingQuality
GdipFillRectangle
GdipDrawString
GdipDisposeImageAttributes
GdipCreateFontFromLogfontA
GdipCloneBrush
GdiplusStartup
GdiplusShutdown
GdipSetLineBlend
GdipCreatePath
GdipDeletePath
GdipSetPathGradientCenterColor
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPointI
GdipSetPathGradientBlend
GdipCreateLineBrush
GdipCreateLineBrushI
GdipAddPathEllipseI
GdipCreatePathGradientFromPath
GdipSetSmoothingMode
GdipFillRectangleI
GdipFillPieI
GdipCreateImageAttributes
GdipCreateFontFromDC

wininet

InternetCloseHandle
InternetFindNextFileW
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
FtpOpenFileW
FtpCommandW
FtpFindFirstFileW
InternetConnectW
InternetGetLastResponseInfoW

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertNameToStrW
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateContext
CertSetCertificateContextProperty
CertCloseStore

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e2afb6ff43e2b8a3e67164a6eeb3bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

gdiplus

wininet

imagehlp

winmm

crypt32

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 130KB - Virtual size: 12.0MB

.rsrc Size: 9.9MB - Virtual size: 9.9MB

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 130KB - Virtual size: 12.0MB

.rsrc
Size: 9.9MB - Virtual size: 9.9MB