2024-10-09_5abb83f8f649f2a5df404a9043e900d1_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-09_5abb83f8f649f2a5df404a9043e900d1_icedid
Size

7.5MB
MD5

5abb83f8f649f2a5df404a9043e900d1
SHA1

db182da07387511ba858963b619d5ba7ac51e5b5
SHA256

d155d5e17a54a87ad46fd87fd4b4b5eeb119a8ca49bab42e55a4cf4f65f5a32e
SHA512

cc11f9aa3815749f061fbcf3919159b4d4ce6ca304d72880efc2bb97b5e1976ce4f3e7f23526534fefd16cd78e1f0659de0e9057b285bae8f3adee57bddb3c01
SSDEEP

98304:nFLGyxRQ1YewGYqdwkLcHHimOgvcpzD/nhlzz3YqdwkLcHH7NlNzwVCK:nzqwGjAiEvcFnDbjA5XzwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-09_5abb83f8f649f2a5df404a9043e900d1_icedid

Files

2024-10-09_5abb83f8f649f2a5df404a9043e900d1_icedid
.exe windows:4 windows x86 arch:x86

34c65d0684482425e8dc8d1230e9d6b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDesktopWindow
MessageBoxA

kernel32

GetVersion
GetVersionExA
VirtualFree
Sleep
GetCurrentProcess
OutputDebugStringA
TerminateProcess
OpenProcess
VirtualProtect
GetCurrentThread
ReadFile
SetFilePointer
VirtualAlloc
GetFileSize
lstrcatA
GetSystemDirectoryA
HeapReAlloc
HeapAlloc
GetProcessHeap
IsBadReadPtr
FreeLibrary
HeapFree
GetModuleFileNameA
RtlUnwind
HeapSize
GetModuleHandleA
IsBadWritePtr
GetStdHandle
WriteFile
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLastError
LoadLibraryA
GetProcAddress
GetCurrentProcessId
WritePrivateProfileStringA
WaitForSingleObject
ReleaseMutex
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
OpenMutexA
CreateMutexA
InitializeCriticalSection
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GlobalAlloc
GlobalFree
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
SetLastError
CreateThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SuspendThread
ResumeThread
CloseHandle
ExitProcess
SetEnvironmentVariableA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

psapi

GetModuleFileNameExW
GetModuleFileNameExA

shlwapi

PathFindFileNameA
PathFindFileNameW
PathFindExtensionW
PathFindExtensionA

ws2_32

ntohl
inet_addr
ioctlsocket
connect
select
WSACleanup
send
recv
gethostbyname
WSAStartup
recvfrom
socket
setsockopt
htons
htonl
bind
closesocket
sendto
gethostname
inet_ntoa
WSAGetLastError

hid

HidD_GetFeature
HidD_FlushQueue
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetAttributes
HidD_GetHidGuid
HidD_SetFeature

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XSKey
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34c65d0684482425e8dc8d1230e9d6b5

Headers

File Characteristics

Imports

user32

kernel32

advapi32

psapi

shlwapi

ws2_32

hid

setupapi

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 6.5MB - Virtual size: 6.5MB

.data Size: 68KB - Virtual size: 409KB

.rsrc Size: 32KB - Virtual size: 29KB

.XSKey Size: 260KB - Virtual size: 260KB

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 6.5MB - Virtual size: 6.5MB

.data
Size: 68KB - Virtual size: 409KB

.rsrc
Size: 32KB - Virtual size: 29KB

.XSKey
Size: 260KB - Virtual size: 260KB