2024-09-06_4da55129539cafda44576d05073131a4_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-06_4da55129539cafda44576d05073131a4_icedid
Size

368KB
MD5

4da55129539cafda44576d05073131a4
SHA1

014079d64d9523810c40962b55fca25df8dbed72
SHA256

175bac7e168f49124b3e7161da927e8a2350671f9c540dc58a0e847488290ab7
SHA512

9bd676f51c451d269b3d90555a5b2b1498d9271c5fa87fe5f0e9f1758598cb57465fa0f018f2f39ca540047bb05e9c9532157cbf9658c54f828f2ada3a2d4cb7
SSDEEP

6144:D3i0KQBPFzKGrHV2JKbfz4twLEOd51oGfoKS8tY/vnAVEP:D3ivQFsGrH86z4twIOdsJ8tlEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-06_4da55129539cafda44576d05073131a4_icedid

Files

2024-09-06_4da55129539cafda44576d05073131a4_icedid
.exe windows:4 windows x86 arch:x86

20b5d672c31129fa7371d3950e93ee34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\codes\学习\rs外挂\产金挂\setup\小绿龙场画圈戒指版RsSetUP\Release\W绿龙洞画圈戒指版RsSetUP.pdb

Imports

kernel32

LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
TlsSetValue
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetLocaleInfoW
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
GetFileTime
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
WritePrivateProfileStringA
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
FindClose
lstrcpyA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
lstrcpynA
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
MultiByteToWideChar
CreateThread
GetPrivateProfileIntA
WinExec
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetFileSize
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemDefaultLangID
GetPrivateProfileStringA
CreatePipe
GetStartupInfoA
CreateProcessA
TerminateProcess
ReadFile
CopyFileA
FormatMessageA
LocalFree
GetTempPathA
GetCurrentProcessId
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32First
Process32Next
WaitForSingleObject
FindFirstFileA
GetFileAttributesA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
DeleteFileA
MoveFileExA
Sleep
WideCharToMultiByte
GetTickCount
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateDirectoryA
FindResourceA
LoadResource
LockResource
CreateFileA
SizeofResource
WriteFile
CloseHandle
GetTimeZoneInformation
FreeResource

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
CopyRect
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
wsprintfA
GetMenuState
RegisterClipboardFormatA
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
CharUpperA
SetWindowTextA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
BlockInput
GetForegroundWindow
SendMessageA
UnregisterClassA
MessageBoxA
PostMessageA
PostThreadMessageA
UpdateWindow

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

ord17

shlwapi

PathIsURLA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
StrCmpNIA
UrlIsA

oledlg

ord8

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VarBstrCat
SysFreeString
SysAllocString
SystemTimeToVariantTime

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState
FtpCommandA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetConnectA
FtpOpenFileA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
FtpGetFileSize
InternetQueryDataAvailable
InternetSetOptionExA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b5d672c31129fa7371d3950e93ee34

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

ws2_32

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 44KB - Virtual size: 40KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 44KB - Virtual size: 40KB