2024-09-30_f303589fc5437f688a97dafa1ad36be1_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-30_f303589fc5437f688a97dafa1ad36be1_icedid
Size

2.7MB
MD5

f303589fc5437f688a97dafa1ad36be1
SHA1

a46e149152ad0dc756b1de016e9d8b281873f290
SHA256

520ab410d0596c8f4e8290523f9ff927177613700647305684e5de03550a84f2
SHA512

0595a4e5607a6102f28710dfe72d128b4c910e2dcd04d1ba849eb39c8ec64d08f7f09b65ef87c02e58d42807f0be238e395fb3c95c4b6353f2b26b3a41983d02
SSDEEP

49152:DesbnynTTLT9rDKEo60ZYslG/O0Xs5y9/+gORuiq8:DesbuTTo0c5y9/+pRx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-30_f303589fc5437f688a97dafa1ad36be1_icedid

Files

2024-09-30_f303589fc5437f688a97dafa1ad36be1_icedid
.exe windows:5 windows x86 arch:x86

b0541de20399f35b47de17469a795248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GetTickCount
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetFileSizeEx
SetErrorMode
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
WritePrivateProfileStringA
FreeResource
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
lstrcmpA
FormatMessageA
LocalFree
MulDiv
FileTimeToLocalFileTime
FindNextFileA
GetCurrentProcessId
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
SetLastError
GetThreadLocale
GetFileAttributesA
LoadLibraryA
GetProcAddress
GlobalMemoryStatus
Sleep
GetLastError
CreateFileA
GetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CloseHandle
InterlockedDecrement
SetCurrentDirectoryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentDirectoryA
GetVersionExA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
lstrlenA
CreateDirectoryA
lstrcmpiA
RemoveDirectoryA
CreateProcessA
DeleteFileA
GetEnvironmentStrings
FindFirstFileA

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
SetCapture
UnregisterClassA
GetSysColorBrush
DrawFocusRect
DestroyMenu
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
GetScrollRange
GetScrollPos
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowTextLengthA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
RegisterClassA
CloseClipboard
SetClipboardData
EmptyClipboard
GetActiveWindow
IsWindowVisible
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
OpenClipboard
GetClassNameA
GetWindowTextA
GetSystemMetrics
DrawIcon
DrawEdge
AppendMenuA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
InvalidateRect
SetTimer
KillTimer
EnableWindow
LoadIconA
GetWindow
PostMessageA
SetWindowPos
SetWindowPlacement
GetWindowPlacement
GetClipboardData
GetKeyState
GetSubMenu
LoadMenuA
ClientToScreen
SetCursor
LoadCursorA
GetCursorPos
PtInRect
SetRect
BringWindowToTop
GetDC
GetParent
ScreenToClient
CharUpperA
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongA

gdi32

CreateCompatibleDC
GetStockObject
CreateRectRgnIndirect
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetMapMode
CreateFontIndirectA
TextOutA
RectVisible
PtVisible
BitBlt
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetCurrentObject
GetTextExtentPoint32A
GetObjectA
CreateSolidBrush
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetMalloc
DragFinish
DragQueryFileA
SHGetPathFromIDListA

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
StrCmpW
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoUninitialize
OleIsCurrentClipboard
CoTaskMemFree
CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantClear
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
GetErrorInfo
SysFreeString

Sections

.text
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0541de20399f35b47de17469a795248

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 725KB - Virtual size: 724KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 39KB - Virtual size: 39KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.text
Size: 725KB - Virtual size: 724KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 39KB - Virtual size: 39KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB