2024-10-02_9cb438c983403c56fffc6f801a537032_hijackloader_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-02_9cb438c983403c56fffc6f801a537032_hijackloader_icedid
Size

1.6MB
MD5

9cb438c983403c56fffc6f801a537032
SHA1

b28d54bce7327dcc9e2291028c2f188ab7a577d7
SHA256

b4d1a57f075af6d7eaee2572684dfe0b9feb8c4df79695cac55d6d11ad2e970b
SHA512

f920823df5ea5fef127ab3f68d6c6bb926534c3186baec03f9a4dff07fb91e105b02091d81793aa21c3c040a6b01f3d072dc7311957d062616fef31bcc1f7780
SSDEEP

49152:lencs7jc0FK79/Ves7FozshjPHYnsABxi+S6:lencf/Ves7WwhjPm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-02_9cb438c983403c56fffc6f801a537032_hijackloader_icedid

Files

2024-10-02_9cb438c983403c56fffc6f801a537032_hijackloader_icedid
.exe windows:6 windows x86 arch:x86

4b0b594d68692b0de70c17754d8636d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARM.pdb

Imports

msi

ord114
ord16
ord120
ord123
ord205
ord159
ord160
ord141
ord8
ord118
ord171
ord92
ord116
ord115
ord119
ord88
ord240
ord131
ord150
ord78
ord70
ord181
ord195
ord32
ord281

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

DeleteUrlCacheEntryW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetErrorDlg
InternetSetOptionW
InternetCloseHandle

sensapi

IsNetworkAlive

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer

kernel32

GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FlushFileBuffers
GetFullPathNameW
LockFile
UnlockFile
DuplicateHandle
LoadLibraryExW
LoadLibraryA
GetCurrentThreadId
GetVersionExW
FreeLibrary
GlobalDeleteAtom
SetThreadPriority
SuspendThread
ResumeThread
GetPrivateProfileIntW
GlobalAddAtomW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
GetModuleHandleA
FileTimeToLocalFileTime
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
GetACP
ExpandEnvironmentStringsW
GetCurrentProcessId
ProcessIdToSessionId
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetSystemInfo
WideCharToMultiByte
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
OpenEventW
Module32NextW
Module32FirstW
GetNativeSystemInfo
Process32NextW
GetLongPathNameW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
lstrcmpA
lstrcmpW
LocalAlloc
GetExitCodeProcess
CreateProcessW
GetFileInformationByHandle
OpenMutexW
CreateMutexW
SystemTimeToFileTime
SetEndOfFile
RemoveDirectoryW
GetFileSize
SetFilePointer
GetThreadLocale
GetPrivateProfileSectionNamesW
MoveFileW
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ReadFile
LocalFree
GetUserDefaultLangID
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
FormatMessageW
GetLocalTime
GetModuleHandleW
GetProcAddress
GetVolumeInformationW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
CreateFileW
GetCurrentThread
GetCurrentProcess
GetTempPathW
OpenProcess
CopyFileW
WaitForSingleObject
SetEvent
GetTickCount64
CloseHandle
CreateEventW
SetLastError
Sleep
GetThreadPriority
MultiByteToWideChar
FindClose
FindFirstFileW
DeleteFileW
lstrlenW
SetFileAttributesW
SetFileTime
WriteFile
GetLastError
GlobalAlloc
CreateDirectoryW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetCPInfo
RtlUnwind
GetDriveTypeW
SetEnvironmentVariableW
SetCurrentDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
SetStdHandle
GetFileType
HeapQueryInformation
GetStdHandle
ExitProcess
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
CompareStringW

user32

DestroyMenu
GetMonitorInfoW
MonitorFromWindow
WinHelpW
UnhookWindowsHookEx
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollPos
RedrawWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
CopyRect
GetSysColor
ScreenToClient
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowLongW
GetWindowTextLengthW
SetFocus
GetDlgCtrlID
SetDlgItemTextW
GetSysColorBrush
ShowWindow
GetLastActivePopup
GetWindowLongW
IsWindowEnabled
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperW
GetMenuStringW
OffsetRect
SendDlgItemMessageA
UnregisterClassW
GetWindow
FindWindowW
ExitWindowsEx
RegisterWindowMessageW
RealChildWindowFromPoint
InvalidateRect
EnumWindows
GetWindowTextW
IsWindowVisible
GetWindowThreadProcessId
FindWindowExW
SystemParametersInfoW
SetActiveWindow
DrawAnimatedRects
SetForegroundWindow
SetMenuDefaultItem
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
ClientToScreen
GetCursorPos
LoadMenuW
SetCursor
DrawFocusRect
InflateRect
SetRectEmpty
GetParent
SetWindowTextW
LoadCursorW
GetActiveWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PeekMessageW
UpdateWindow
GetFocus
IsWindow
SetTimer
GetWindowRect
SendMessageW
LoadIconW
EnableWindow
PostMessageW
SetWindowPos
GetForegroundWindow
KillTimer
MessageBoxW
GetDlgItem
DestroyWindow

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
CreateBitmap
GetDeviceCaps
DeleteDC
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetTextColor
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
SetMapMode
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegDeleteTreeW
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
OpenProcessToken
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegFlushKey
ConvertSidToStringSidW
LookupAccountNameW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateWellKnownSid
RegCreateKeyW
RegDeleteKeyExW
LookupAccountSidW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
DuplicateToken
OpenThreadToken

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHFileOperationW
Shell_NotifyIconW
SHAppBarMessage
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
SHDeleteKeyW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
OleRun
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantCopy
VariantChangeType
GetErrorInfo

urlmon

URLDownloadToFileW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

crypt32

CryptUnprotectData
CryptProtectData
CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam

wintrust

WinVerifyTrust

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b0b594d68692b0de70c17754d8636d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

wininet

sensapi

secur32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

userenv

crypt32

wintrust

oleacc

Sections

.text Size: 733KB - Virtual size: 733KB

.rdata Size: 358KB - Virtual size: 357KB

.data Size: 11KB - Virtual size: 32KB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 120KB - Virtual size: 124KB

.text
Size: 733KB - Virtual size: 733KB

.rdata
Size: 358KB - Virtual size: 357KB

.data
Size: 11KB - Virtual size: 32KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 120KB - Virtual size: 124KB