2024-10-09_551defa30bce97f633948168ac49f4f5_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-09_551defa30bce97f633948168ac49f4f5_icedid
Size

1013KB
MD5

551defa30bce97f633948168ac49f4f5
SHA1

170291c1627dbcdc884c48331718c1ce07030c80
SHA256

3b70dbe788eb26c833077a2314f73da959454e1ad57bbb28dd0ea44c256fcf15
SHA512

6b9e879c6ca78a7d484c5c0fd504c66df8e3ab3963e1fe93238c2b64a15673a4140d55c16c4e2fc0dded429308e11f6b48c1197bd3d8fe0b4ea4b425128a80ef
SSDEEP

24576:eMJO0myCqVChfk28GFkeSJ+/DjAWpR76v9:lJO0KqVk5Z/DjAw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-09_551defa30bce97f633948168ac49f4f5_icedid

Files

2024-10-09_551defa30bce97f633948168ac49f4f5_icedid
.exe windows:5 windows x86 arch:x86

04f40d76f67f88783d210a0c83ff8fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\AND_SECON_01_DO\__win32\release\__bin\SeCon_Win32.pdb

Imports

netapi32

NetUserModalsGet
NetLocalGroupDelMembers
NetLocalGroupGetInfo
NetLocalGroupAdd
NetLocalGroupAddMembers
NetLocalGroupDel
NetUserGetLocalGroups
NetApiBufferFree

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetTimeZoneInformation
GetTimeFormatA
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetDriveTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
HeapSize
GetFileType
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CompareStringA
InterlockedExchange
GetModuleHandleA
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
GlobalAddAtomW
GlobalFlags
lstrcmpW
GetCurrentThreadId
CompareStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
lstrlenA
lstrcmpA
FreeLibrary
GetFileTime
GetFileSizeEx
GetFileAttributesW
CreateFileW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
DeleteFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
HeapFree
Sleep
InterlockedIncrement
CreateDirectoryW
InterlockedDecrement
lstrcpyW
lstrlenW
GetACP
GetLocaleInfoW
WideCharToMultiByte
CloseHandle
GetModuleFileNameA
GetProcAddress
GetLastError
GetVersionExW
GetProcessHeap
GetModuleHandleW
GetCurrentProcess
HeapAlloc
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetDateFormatA
InterlockedCompareExchange

user32

GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowPos
SetWindowLongW
IsWindow
TabbedTextOutW
DrawTextExW
GrayStringW
GetSubMenu
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetWindowTextW
UnhookWindowsHookEx
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
LoadIconW
RegisterWindowMessageW
DrawTextW
PostQuitMessage
DestroyMenu
GetForegroundWindow

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetMapMode
RestoreDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps
SaveDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

MakeSelfRelativeSD
RegDeleteValueW
RegDeleteKeyW
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
AddAce
AddAccessAllowedAce
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
MakeAbsoluteSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
AddAccessDeniedAce
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetEntriesInAclW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAclInformation
GetExplicitEntriesFromAclW
DeleteAce
SetSecurityDescriptorControl
InitializeSid
GetSidLengthRequired
FreeSid
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegSetValueExW
RegEnumKeyExW
RegSetKeySecurity
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
GetAce
SetFileSecurityW
LookupAccountSidW
RegCloseKey
GetLengthSid
RegOpenKeyExW
LookupAccountNameW
RegQueryValueExW
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW

shlwapi

PathIsUNCW
PathFindFileNameW
PathStripToRootW

ole32

CoInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun

oleaut32

VariantCopy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocString
SysAllocStringLen
VariantInit
GetErrorInfo

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04f40d76f67f88783d210a0c83ff8fb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 580KB - Virtual size: 580KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 1024B - Virtual size: 832B

.tc Size: 246KB - Virtual size: 248KB

.text
Size: 580KB - Virtual size: 580KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 1024B - Virtual size: 832B

.tc
Size: 246KB - Virtual size: 248KB