2024-09-07_b9a4be0b9be791608b327de5569b0e4a_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-07_b9a4be0b9be791608b327de5569b0e4a_icedid
Size

492KB
MD5

b9a4be0b9be791608b327de5569b0e4a
SHA1

3c253af5d711a97200ae0b40b89565ad15475480
SHA256

343d24663d7346a359bd9d70a2a14e9983874e5f854a8b08e2f4aa38044d47e3
SHA512

95f5041a618f50be39a36e909ecfeed4d7ea04e62c35f041f0e675ffcd86491b425b380b7d92a26d1f874d83b2adc84112a03249e969287bf12276209d3b8b10
SSDEEP

6144:7wkhMv87Q9EFEc8FaSgbHtBxVRvYV7zL1uSb6VWi8FBo95qIGK3q0FgZyFPp4jWq:bPil6vRvYlzL1uSz/W5Gh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-07_b9a4be0b9be791608b327de5569b0e4a_icedid

Files

2024-09-07_b9a4be0b9be791608b327de5569b0e4a_icedid
.exe windows:4 windows x86 arch:x86

5b78e0f507066235d90acd5516edcac4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GetModuleHandleA
GlobalFlags
TlsGetValue
GlobalReAlloc
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
VirtualProtect
FreeResource
LocalFree
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
ConvertDefaultLocale
GetVersion
lstrcmpA
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
GetPrivateProfileStringW
lstrcpyW
ReadProcessMemory
EnumResourceLanguagesW
GetShortPathNameW
lstrlenA
FormatMessageW
CreateThread
TerminateThread
ResumeThread
SuspendThread
MoveFileW
Sleep
EnumResourceNamesW
FindResourceExW
GetLogicalDriveStringsW
GetDriveTypeW
QueryDosDeviceW
CreateDirectoryW
GetWindowsDirectoryW
FindFirstFileW
FindClose
CreateFileW
ExpandEnvironmentStringsW
GetTempPathW
WideCharToMultiByte
OpenProcess
CloseHandle
GetVersionExW
GlobalHandle
GlobalFree
LocalAlloc
OutputDebugStringW
LoadLibraryExW
FreeLibrary
SetLastError
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentThreadId
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GlobalAlloc
FlushInstructionCache
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
SetPriorityClass
GetCurrentThread
GetCommandLineW
SetThreadPriority

user32

GetClassLongW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
GetMenu
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetPropW
GetCapture
GetPropW
RemovePropW
GetAsyncKeyState
SetActiveWindow
CreateDialogIndirectParamW
UnhookWindowsHookEx
GetMenuItemID
WinHelpW
GetSubMenu
MessageBoxW
SetWindowLongW
UnregisterClassA
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetNextDlgTabItem
SetWindowContextHelpId
MapDialogRect
GetWindowRect
SystemParametersInfoW
MapWindowPoints
ShowWindow
EndDialog
UpdateWindow
LoadIconW
KillTimer
SetTimer
PostMessageW
SendDlgItemMessageA
SendDlgItemMessageW
IsDialogMessageW
CharNextW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetSysColorBrush
UnregisterClassW
DestroyMenu
GetMenuItemCount
DefWindowProcW
wsprintfW
GetSysColor
MoveWindow
EnableWindow
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSystemMetrics
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos

gdi32

EnumFontFamiliesExW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
IsValidSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
EqualSid

shell32

ShellExecuteExW
ShellExecuteW

ole32

OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantChangeType
GetErrorInfo

msi

ord118
ord158
ord159
ord160
ord32
ord66
ord92
ord173
ord70
ord8

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathStripPathW
PathRemoveExtensionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetSetOptionW
HttpSendRequestA
HttpOpenRequestW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b78e0f507066235d90acd5516edcac4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

msi

shlwapi

version

wininet

rpcrt4

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 60KB - Virtual size: 57KB

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 60KB - Virtual size: 57KB