2024-10-12_1007f1b94240f0a50247cca49e72b4f5_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-12_1007f1b94240f0a50247cca49e72b4f5_icedid
Size

3.1MB
MD5

1007f1b94240f0a50247cca49e72b4f5
SHA1

0bbf9cdd3146c46950ef02590fd60e597e6090ec
SHA256

bb807bcbc8b293063d6025b482582e4762ce37d201d4289086cf5ec12be5c3f6
SHA512

3c4a32e7716a5b0951096e032b3f5d4117361cf579958a7291a847bb57533f6b335a027a40c72a7b3b717d1b9ea94ea3fe70f4a5b4e8e545d1e2a5c968fbf1c2
SSDEEP

98304:WTx+Llu0StKBBe5jM7ubpdpPLvTsgOBWI69:Wd+hu0ZBBe5jMSvXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-12_1007f1b94240f0a50247cca49e72b4f5_icedid

Files

2024-10-12_1007f1b94240f0a50247cca49e72b4f5_icedid
.exe windows:4 windows x86 arch:x86

a516208e5706d498de3bed1d923b3629

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\UC_Client\0821\Run\UC.pdb

Imports

netapi32

Netbios

winmm

timeKillEvent
timeGetDevCaps
timeBeginPeriod
PlaySoundA
timeGetTime
timeSetEvent

ddraw

DirectDrawEnumerateExA

ts

TS_InvitePeplayContinue
TS_InviteReplayNextByDate
TS_InviteReplayPreByDate
TS_InviteReplaySpeedByDate
TS_InviteModulePeplayByDateContinue
TS_InviteModuleReplayByDatePause
TS_InviteReplayStopByDate
TS_InviteReplayPauseByDate
TS_InvitePeplayContinueByDate
TS_InviteReplaySearchByDate
TS_InviteReplaySearch
TS_InviteReplayStart
TS_InviteDloadStop
TS_InviteDloadStart
TS_InviteReplayStartByDate
TS_SetRealDataCallback
TS_SetPtzDirection
TS_SetPtzAdvance
TS_InviteCloseDeviceVideo
TS_InviteReplayPause
TS_InviteReplayStop
TS_InviteModuleReplayPause
TS_InviteModulePeplayContinue
TS_InviteReplaySpeed
TS_InviteReplayPre
TS_InviteReplayNext
TS_InviteReplaySeek
TS_ReportReplayData
TS_NotifyReplayStop
TS_NotifyReplayStopByDate
TS_ReportReplayDataByDate
TS_CloseDeviceVideo
TS_ReportAVData
TS_RspInvitePreset
TS_SetPtzPreset
TS_Login
TS_InvitePreset
TS_LoginOut
TS_SetMsgWnd
TS_SetGetUserIdCallback
TS_SetRealReplayCallback
TS_SetDownloadRealDataCallback
TS_SetReplayByDateCallback
TS_RspReplayStart
TS_RspReplaySearch
TS_RspReplaySearchByDate
TS_InviteDeviceList
TS_RspDeviceVideo
TS_IsInnerIp
TS_Delete
TS_RspDeviceList
TS_Init
TS_Release
TS_ModifyChannelCount
TS_StartTS
TS_StopTS
TS_RspDloadStart
TS_ReportDloadData
TS_NotifyDloadStop
TS_NotifyUpdateDeviceList
TS_ReportDeviceState
TS_InviteDeviceVideo
TS_ReportAlarmInfo
TS_InviteReplaySeekByDate

dsound

ord1

ws2_32

setsockopt
recv
send
shutdown
WSAStartup
WSACleanup
gethostname
sendto
__WSAFDIsSet
recvfrom
inet_ntoa
socket
htons
inet_addr
gethostbyname
ioctlsocket
WSAGetLastError
closesocket
connect
WSASetLastError
select
getsockopt
ntohl

nvrconfig

?NC_ShowConfigByUc@@YAHPAD0GPAVCWnd@@@Z
?NC_LoadLanguage@@YAHW4Language_Code@@@Z
?NC_HideConfigByUc@@YAHXZ

ucremoteconfig

CFG_UC_Init
CFG_UC_ShowModelessDlg
CFG_UC_UnInit

onvif

OVF_GetSearchCount
OVF_GetSearchInfo
OVF_SetNetworkInterface
OVF_GetAddrByIP
OVF_PTZ_RemovePreset
OVF_PTZ_AddPreset
OVF_PTZ_GotoPreset
OVF_PTZ_ContinuousMove
OVF_StartSearch
OVF_PTZ_StopZoom
OVF_PTZ_GetPresets
OVF_GetDevInfo
OVF_Search
OVF_SetCallBackAlarmInfo
OVF_GetCapabilities
OVF_UnSetCallBackAlarmInfo
OVF_PTZ_StopMove
OVF_StopSearch
OVF_PTZ_Zoom

nvr4config

?NVR4_ConfigInitUc@@YAJPADH00@Z
?NVR4_ShowConfigByUc@@YAHJPAVCWnd@@UtagRECT@@@Z
?NVR4_MoveWindow@@YAHH@Z
?NVR4_LoadLanguage@@YAHW4NVR4Language_Code@@@Z
?NVR4_CloseDlgByUc@@YAHXZ
?DllPreTranslateMessage@@YAHPAUtagMSG@@@Z

kernel32

CreateFileW
SetCurrentDirectoryA
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
IsValidLocale
MultiByteToWideChar
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetLastError
GetModuleFileNameA
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
lstrlenA
InterlockedDecrement
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
lstrlenW
GetLocalTime
SetLastError
GetModuleHandleA
CreateThread
SuspendThread
ResumeThread
SetThreadPriority
GetExitCodeThread
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetCommandLineA
OutputDebugStringA
FindClose
FindFirstFileA
GetVersionExA
GetCurrentProcess
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
RaiseException
CreateMutexA
ReleaseMutex
TerminateThread
SetUnhandledExceptionFilter
SetErrorMode
SetFilePointer
CreateFileA
FormatMessageA
VirtualQuery
IsBadWritePtr
WriteFile
CreateEventA
SetEvent
SetCommState
GetCommState
SetCommTimeouts
SetupComm
SetCommMask
GetOverlappedResult
ReadFile
PurgeComm
ClearCommError
GetCurrentThreadId
InterlockedIncrement
GetTimeZoneInformation
WinExec
GetEnvironmentVariableW
GetVersion
GetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
GlobalSize
ExitProcess
FreeResource
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
MulDiv
LocalFree
CopyFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetThreadLocale
SystemTimeToFileTime
GetModuleFileNameW
MoveFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
GetAtomNameA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
GetCurrentDirectoryA
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
GetStartupInfoA
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA

user32

IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
GetMenuState
ModifyMenuA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
ScrollWindowEx
InsertMenuA
AppendMenuA
GetMenuStringA
GetKeyNameTextA
MapVirtualKeyA
BeginPaint
EndPaint
GetMenuItemInfoA
DestroyMenu
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetDialogBaseUnits
GetSysColorBrush
CopyAcceleratorTableA
InvalidateRgn
UnregisterClassA
DeleteMenu
WaitMessage
DestroyIcon
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
TranslateAcceleratorA
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
GetSystemMenu
GetWindowThreadProcessId
GetDCEx
SystemParametersInfoA
GetWindow
GetPropA
IsIconic
ShowWindow
SetForegroundWindow
GetWindowTextLengthA
GetCapture
DrawTextExA
DrawTextA
TabbedTextOutA
EqualRect
FillRect
LoadBitmapA
SetRect
GetWindowLongA
SetWindowLongA
CallWindowProcA
GetWindowDC
ReleaseDC
SetRectEmpty
DrawTextW
WindowFromPoint
GetParent
SetCapture
ClientToScreen
LoadMenuA
GetSubMenu
ModifyMenuW
LoadCursorA
SetCursor
ClipCursor
ReleaseCapture
IsWindow
MessageBoxW
SetParent
InvalidateRect
CopyRect
GetSystemMetrics
EnumDisplaySettingsA
ChangeDisplaySettingsA
SetWindowPos
KillTimer
SetTimer
GetClientRect
GetWindowRect
PostMessageA
ScreenToClient
GetCursorPos
SendMessageW
SendMessageA
EnableWindow
SetWindowTextW
GetDC
CopyIcon
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
PtInRect
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetClassLongA
GetClassNameA
GrayStringA
GetFocus
GetMenu
GetMenuItemID
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
IntersectRect
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CreateIconIndirect
GetIconInfo
RemoveMenu
SetSystemCursor
LoadCursorFromFileA
DestroyCursor
GetMenuItemCount
FindWindowExA
DrawStateA
CharUpperA
CharUpperW
CharLowerA
CharLowerW
ShowScrollBar
SetFocus
InflateRect
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowTextW
RedrawWindow
LockWindowUpdate
GetSysColor
UpdateWindow
SetWindowRgn
OffsetRect
IsRectEmpty
LoadIconA
FindWindowA
IsWindowVisible
EnableMenuItem
CheckMenuItem
DrawIcon
PostThreadMessageA
RemovePropA
GetMonitorInfoA
SetPropA
GetDesktopWindow
GetLastActivePopup
wvsprintfA
PeekMessageA
UnionRect
CharNextA

gdi32

Rectangle
PatBlt
SelectObject
SetBrushOrgEx
CreateDIBPatternBrushPt
DeleteDC
CreateDIBSection
GetDIBits
RealizePalette
RestoreDC
SetDIBitsToDevice
StretchDIBits
SetStretchBltMode
ExtSelectClipRgn
CreatePen
GetClipBox
SaveDC
SetBkColor
SetBkMode
SetTextColor
CombineRgn
CreateRectRgn
GetDCOrgEx
GetDeviceCaps
CopyMetaFileA
CreateDCA
SetPolyFillMode
SetROP2
SetGraphicsMode
SetWorldTransform
GetTextMetricsW
GetTextExtentPoint32W
CreateSolidBrush
DeleteObject
CreateFontA
CreateRoundRectRgn
GetStockObject
GetTextMetricsA
GetTextExtentPoint32A
Escape
CreateFontIndirectA
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
StretchBlt
BitBlt
ExcludeClipRect
CreateCompatibleDC
GetObjectA
CreateBitmap
CreateRectRgnIndirect
GetCharWidthA
GetRgnBox
DPtoLP
GetMapMode
SetRectRgn
GetTextColor
GetBkColor
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
ModifyWorldTransform
IntersectClipRect
OffsetClipRgn
LineTo
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegCreateKeyA
RegQueryValueA
RegSetValueExA
RegQueryInfoKeyA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueA
RegOpenKeyA
RegEnumKeyA

shell32

DragQueryFileA
DragFinish
ExtractIconA
SHGetFileInfoA
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationA
ShellExecuteA
ord680
ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathRemoveExtensionA

oledlg

ord8

ole32

WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
WriteFmtUserTypeStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
SetConvertStg
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoTreatAsClass
OleDuplicateData
OleRun
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleInitialize
CoFreeUnusedLibraries

oleaut32

VarUdateFromDate
VarDateFromStr
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
DispCallFunc
VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
VarBstrFromDate
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp
SystemTimeToVariantTime
VariantChangeType
OleCreateFontIndirect
SafeArrayUnaccessData
VariantTimeToSystemTime
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
GetErrorInfo
SetErrorInfo
SafeArrayAccessData
VariantCopy
CreateErrorInfo

mp4v2dll

?OpenRead@CMP4Writer@@QAEHPBDPAX1@Z
??1CMP4Writer@@QAE@XZ
?GetAllTime@CMP4Writer@@QAEHXZ
?CloseFile@CMP4Writer@@QAEHXZ
?OpenWrite@CMP4Writer@@QAEHPBDPAX1@Z
?WriteOneFrame@CMP4Writer@@QAEHHHPBXH_JH@Z
??0CMP4Writer@@QAE@XZ

gdiplus

GdipSaveImageToFile
GdipGetImageHeight
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCloneImage
GdipGetImageWidth
GdipCreateBitmapFromStreamICM
GdipDrawImageRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipAlloc
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageI
GdipDrawImageRectRect
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown

psapi

GetProcessMemoryInfo

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a516208e5706d498de3bed1d923b3629

Headers

File Characteristics

PDB Paths

Imports

netapi32

winmm

ddraw

ts

dsound

ws2_32

nvrconfig

ucremoteconfig

onvif

nvr4config

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

mp4v2dll

gdiplus

psapi

imagehlp

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 436KB - Virtual size: 435KB

.data Size: 24KB - Virtual size: 129KB

.rsrc Size: 248KB - Virtual size: 245KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 436KB - Virtual size: 435KB

.data
Size: 24KB - Virtual size: 129KB

.rsrc
Size: 248KB - Virtual size: 245KB