2024-10-13_972c0e988973e9b18d6ad5e02aa46c26_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-13_972c0e988973e9b18d6ad5e02aa46c26_icedid
Size

380KB
MD5

972c0e988973e9b18d6ad5e02aa46c26
SHA1

ad0a64aa71bdb6c0e05a61749e5cd3c8db2750b9
SHA256

69e0178f99e65522a9a925df41c48c5b67868e70a420555629b0278bfc6f9dd9
SHA512

4358f6957695e3318eee1a32e6a25ea128181d0307e050970cc9f9362b95022ce4d62d9137ec9b333c541cf3aa14c318f3c3a42c1166355d213d20282a5ff1e3
SSDEEP

6144:2+3gwrTUnEgURM+xf1LG3rB7UTON8ayhOWHPyvKjLsYQrqzf/3:p3g6wEgUu+tRG7FUTQy5HKvKjLMuv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-13_972c0e988973e9b18d6ad5e02aa46c26_icedid

Files

2024-10-13_972c0e988973e9b18d6ad5e02aa46c26_icedid
.exe windows:4 windows x86 arch:x86

ec3a3d9551457f375688a9be838da4b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\sanguo\program\Bin\Unins\Release\Unins.pdb

Imports

kernel32

SetLastError
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
lstrcpyA
LoadLibraryA
EnumResourceLanguagesA
ConvertDefaultLocale
GetProcAddress
lstrcmpA
GlobalDeleteAtom
FreeLibrary
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomA
CloseHandle
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
GlobalFree
WritePrivateProfileStringA
InterlockedDecrement
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesA
GetFileTime
GetTickCount
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GlobalMemoryStatus
GetSystemInfo
GetCurrentDirectoryA
GetPrivateProfileStringA
MoveFileExA
CopyFileA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
FreeResource
InterlockedExchange

user32

GetForegroundWindow
IsChild
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
GetSysColorBrush
LoadCursorA
SetCapture
ReleaseCapture
CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
PtInRect
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
GetTopWindow
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfA
CopyRect
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
PostQuitMessage
PostMessageA
GetMenuState
UpdateWindow
InvalidateRect
SendMessageA
CharUpperA
MessageBoxA
GetClientRect
GetDesktopWindow
LoadBitmapA
GetDC
ReleaseDC
SetTimer
GetMenuItemID
GetMenuItemCount
GetSubMenu
KillTimer
EnableWindow
GetMessageTime
GetMessagePos
MapWindowPoints
LoadIconA
UnregisterClassA
SetForegroundWindow
SendDlgItemMessageA
GetMenu

gdi32

GetBkColor
GetTextColor
GetRgnBox
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
CreateFontA
CreateCompatibleDC
BitBlt
GetStockObject
CreateBitmap
GetMapMode
CreateRectRgnIndirect
DeleteObject
GetObjectA
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
DeleteDC
ExtSelectClipRgn
ScaleViewportExtEx
SetWindowExtEx
CreateCompatibleBitmap
GetDeviceCaps
ScaleWindowExtEx

advapi32

RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ddraw

DirectDrawCreate

netapi32

Netbios

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comdlg32

GetFileTitleA

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
OleUninitialize

oleaut32

SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
VariantCopy
SysFreeString
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec3a3d9551457f375688a9be838da4b1

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oledlg

ddraw

netapi32

wininet

ws2_32

oleacc

winspool.drv

comdlg32

ole32

oleaut32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 108KB - Virtual size: 105KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 108KB - Virtual size: 105KB