2024-09-07_63f6e0204c20dcc703805f6f817f9829_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-07_63f6e0204c20dcc703805f6f817f9829_icedid
Size

8.1MB
MD5

63f6e0204c20dcc703805f6f817f9829
SHA1

446d6b50e416257745236489b8263ae5c0b45302
SHA256

a46f11d92966131beaa362f24057c70a391f2dc4f3f7d09595c9e7b50664cc9d
SHA512

13e72455e7e62b20fcf9d46e530820a0b4cf7036b18ef48d0806da969ac7e76a625355c459551544df90e958b1676210b56e551477503123c5aa9a0b4a15066d
SSDEEP

196608:W2G/beEl6iLjmuhHzLe+lTy/hjC866nGf2Cs8WI:+j6YTI5G866Gf2CsTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-07_63f6e0204c20dcc703805f6f817f9829_icedid

Files

2024-09-07_63f6e0204c20dcc703805f6f817f9829_icedid
.exe windows:4 windows x86 arch:x86

8483f41d4a59bcbf7f0de7e1b18ca20a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
RtlUnwind
HeapFree
HeapAlloc
GetDriveTypeA
GetStartupInfoA
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetACP
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
GetCurrentDirectoryA
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
MulDiv
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetUserDefaultLangID
GetModuleFileNameA
GetSystemInfo
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentProcess
GetVersionExA
GetModuleHandleA
lstrcmpiA
GetTickCount
CreateProcessA
SetEvent
GetProcessVersion
OpenProcess
GetExitCodeProcess
TerminateProcess
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
MoveFileExA
GetTempPathA
LoadLibraryA
GetProcAddress
FreeLibrary
WriteFile
ReadFile
CreateFileA
GetFileSize
FindFirstFileA
FindNextFileA
DeleteFileA
FindClose
RemoveDirectoryA
GetFileAttributesA
MoveFileA
GetCommandLineA
GetSystemDirectoryA
CreateEventA
WaitForSingleObject
CloseHandle
GetLastError
FormatMessageA
lstrcpyA
CreateDirectoryA
LocalFree
UnhandledExceptionFilter

user32

UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
CharUpperA
ModifyMenuA
SetMenuItemBitmaps
DispatchMessageA
TranslateMessage
PeekMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
LoadStringA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
IsDialogMessageA
MoveWindow
ClientToScreen
PostThreadMessageA
RegisterWindowMessageA
SendMessageA
PostMessageA
DefDlgProcA
IsWindowUnicode
LoadIconA
ShowWindow
RegisterClipboardFormatA
InvalidateRect
InflateRect
DestroyMenu
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
GetMenuState
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
SystemParametersInfoA
GetDC
SetWindowTextA

gdi32

GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserA
ControlService
StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

comctl32

ord17

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard

olepro32

ord253

oleaut32

VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantChangeType

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.7MB - Virtual size: 18.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8483f41d4a59bcbf7f0de7e1b18ca20a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

userenv

psapi

version

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 18.7MB - Virtual size: 18.7MB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 18.7MB - Virtual size: 18.7MB