2024-09-30_1e18404472250a041435d8f4ee8b0cfb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-30_1e18404472250a041435d8f4ee8b0cfb_icedid
Size

224KB
MD5

1e18404472250a041435d8f4ee8b0cfb
SHA1

1f9dae8e09f2603b5ea323dfcd9946adec068395
SHA256

df1169f85d45874e014f4c83a152c5f53de7d53579cfbe39408afadf6ca66b16
SHA512

305c3e32ea15a9f3bb705e6c14ff1e2e78c44d9afece14fc3a02fd13273294ff32393cdd8ec6cbe77094ffe77eacbda11cdbb61b9bbdc5c8f8659f699524b834
SSDEEP

3072:YJ27CgU/k4EImS0UZd0zqXc+oxP1qG0ZhEozubAWIQ+FFnGDwr73ewbsSgftz0:YgdC0UZd0zqsJxtqbZGoub4Vu0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-30_1e18404472250a041435d8f4ee8b0cfb_icedid

Files

2024-09-30_1e18404472250a041435d8f4ee8b0cfb_icedid
.exe windows:4 windows x86 arch:x86

f7f2944faa0aa6d440ce4bd45d50ab36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\Products\OBX\9.11.2.0\obcn\cbs\Output\Pro\Win32\cbpsX86.pdb

Imports

kernel32

SetThreadPriority
ResumeThread
GetCurrentThreadId
SuspendThread
GetVersion
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetThreadLocale
FileTimeToSystemTime
GetCurrentProcessId
GetModuleHandleA
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
InterlockedExchange
CompareStringA
SetFilePointer
SetEndOfFile
FileTimeToLocalFileTime
HeapAlloc
ExitThread
HeapFree
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetProcessHeap
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetLocaleInfoA
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrlenW
FlushFileBuffers
WriteFile
ReadFile
MoveFileExW
LocalFree
FormatMessageW
GetQueuedCompletionStatus
LeaveCriticalSection
CreateThread
PostQueuedCompletionStatus
GetCurrentProcess
SetLastError
GetLongPathNameW
SetErrorMode
CreateFileW
SetPriorityClass
DeleteCriticalSection
ReadDirectoryChangesW
CreateDirectoryW
InitializeCriticalSection
EnterCriticalSection
CreateIoCompletionPort
GetModuleHandleW
InterlockedDecrement
ResetEvent
InterlockedIncrement
FreeLibrary
GetModuleFileNameA
LoadLibraryW
GetLastError
WaitForSingleObject
FindResourceW
MultiByteToWideChar
GetModuleFileNameW
SizeofResource
SetCurrentDirectoryW
WideCharToMultiByte
SetDllDirectoryW
CreateEventW
ExitProcess
GetProcAddress
CloseHandle
LockResource
Sleep
SetEnvironmentVariableW
SetEvent
LoadResource

user32

DestroyMenu
PostQuitMessage
UnregisterClassA
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
ClientToScreen
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBeep
PostThreadMessageW
PostMessageW
GetMessageW
wsprintfW
EnableWindow
MessageBoxW
GetWindowTextW
UnhookWindowsHookEx
LoadCursorW
ShowWindow
SetWindowTextW
CreateWindowExW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
GetCursorPos
PeekMessageW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
GrayStringW

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
RegisterEventSourceW
StartServiceCtrlDispatcherW
ReportEventW

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

GetStockObject
SelectObject
CreateBitmap
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SaveDC
RestoreDC
SetBkColor
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
SetTextColor
SetMapMode
GetClipBox
DeleteObject
SetViewportOrgEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

_Java_com_ahsay_cloudbacko_core_action_RunCDPCmd_startCDP@12
_Java_com_ahsay_cloudbacko_core_action_RunCDPCmd_stopCDP@16
_Java_com_ahsay_cloudbacko_core_action_RunCDPCmd_updateCDP@24

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7f2944faa0aa6d440ce4bd45d50ab36

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleacc

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 436B

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 436B