2024-10-13_189a61066674fad1632be3d26b3d13e9_bkransomware_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-13_189a61066674fad1632be3d26b3d13e9_bkransomware_icedid
Size

6.0MB
MD5

189a61066674fad1632be3d26b3d13e9
SHA1

a5cd931af721be19847c3430121670d81309f209
SHA256

9fee79ea3a5833e89b1077cbb50bb256eeae331dcf1f9975deb2e098e7cecf58
SHA512

8ef2bc354fad5dd0368514e1fa225500525e16f0dacbf7f581be21038b16ab068621bfd340f4dc03a66af06ade317388605438091484a8fd7836988d4dd79be3
SSDEEP

49152:d9AxOi+lRLj8xM16KTwneU1Plq7Pw2eyRrI89D+uYQ8BV7m8XX/1MSVuy3lfg3JQ:dex5+RLjMM8bNlqbSo8dX0GzT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-13_189a61066674fad1632be3d26b3d13e9_bkransomware_icedid

Files

2024-10-13_189a61066674fad1632be3d26b3d13e9_bkransomware_icedid
.exe windows:5 windows x86 arch:x86

ac591e4899b8929372acc64de79f9299

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\Uninstall Tool\Ready\geek.pdb

Imports

kernel32

SetErrorMode
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
ExitProcess
GetModuleHandleExW
HeapQueryInformation
SetStdHandle
GetFileType
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetFileAttributesW
GetCPInfo
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetConsoleCP
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
FreeResource
GetSystemDirectoryW
EncodePointer
GetThreadLocale
LoadLibraryA
lstrcmpiW
LoadLibraryExW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FormatMessageW
GlobalFree
GetModuleHandleA
SetLastError
GetACP
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetPrivateProfileSectionNamesW
TerminateThread
lstrlenA
VirtualUnlock
VirtualLock
OutputDebugStringW
OutputDebugStringA
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
WriteFileEx
SignalObjectAndWait
WaitForMultipleObjectsEx
GetSystemInfo
GetSystemTimeAsFileTime
SetFilePointerEx
GetFileSizeEx
InterlockedIncrement
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
MoveFileExW
GetComputerNameW
SetFilePointer
lstrcmpW
ReadFile
ResetEvent
InterlockedExchangeAdd
InterlockedExchange
GetTickCount
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
HeapReAlloc
DecodePointer
lstrcpynW
DeleteCriticalSection
InitializeCriticalSection
DeleteFileW
GetLocalTime
WriteFile
GetVersionExW
LocalUnlock
LocalLock
LocalAlloc
InterlockedDecrement
VerifyVersionInfoW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
VerSetConditionMask
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
SetEvent
SearchPathW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
Sleep
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
LeaveCriticalSection
EnterCriticalSection
GetLastError
OpenProcess
LocalFree
WideCharToMultiByte
GetExitCodeThread
MultiByteToWideChar
CreateProcessW
GetUserDefaultLCID
GetUserDefaultUILanguage
FindNextFileW
FindFirstFileW
GetFileAttributesExW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
FindResourceW
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
FreeLibrary
FindClose
GetFileSize
SizeofResource
LoadResource
WaitForSingleObject
GetLongPathNameW
LockResource
CreateFileW
GetCurrentDirectoryW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
lstrcatW
lstrcpyW
GetNativeSystemInfo
GetSystemTime
CloseHandle
GetCurrentThreadId
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
VirtualProtect
GetVersion
GetProcAddress
GetOEMCP

user32

MessageBoxA
CopyIcon
ClientToScreen
GetMenuDefaultItem
TrackPopupMenu
IsWindowVisible
UnregisterClassW
EqualRect
SetClassLongW
CopyRect
AppendMenuW
CreatePopupMenu
EnumWindows
InflateRect
WinHelpW
IsDialogMessageW
LoadStringW
LoadIconW
GetLastActivePopup
GetClassNameW
MessageBeep
GetWindowTextW
SetWindowTextW
EndPaint
SetActiveWindow
ValidateRect
SetScrollRange
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
KillTimer
SetTimer
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
GetDlgItem
CreateDialogIndirectParamW
SetWindowPos
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
TranslateMessage
SystemParametersInfoW
GetWindow
SetWindowLongW
GetWindowLongW
IsRectEmpty
GetWindowRect
RedrawWindow
InsertMenuW
SendDlgItemMessageA
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
CharUpperW
ReleaseDC
GetForegroundWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadMenuW
UnhookWindowsHookEx
DrawTextExW
UpdateWindow
GrayStringW
TabbedTextOutW
GetWindowDC
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageTime
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsChild
SetPropW
GetActiveWindow
RegisterWindowMessageW
SendMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
EnableWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
GetCapture
GetMenu
SetMenu
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
DestroyIcon
LoadImageW
DrawIconEx
GetIconInfo
GetDC
CreateIconIndirect
SetRectEmpty
GetMessageW
DefWindowProcW
CreateWindowExW
GetPropW
RemovePropW
GetWindowTextLengthW
AdjustWindowRectEx
GetClassLongW
GetTopWindow
SetWindowsHookExW
CallNextHookEx
MonitorFromWindow
GetMonitorInfoW
IsWindowEnabled
GetDesktopWindow
IntersectRect
GetKeyNameTextW
PostThreadMessageW
MapVirtualKeyW
RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
IsIconic
DeleteMenu
RealChildWindowFromPoint
GetSysColorBrush
SetWindowContextHelpId
WindowFromPoint
GetMenuItemInfoW
DestroyMenu
CharNextW
MapDialogRect
ShowWindow
GetSystemMetrics
WaitForInputIdle
SetFocus
SetForegroundWindow
CharLowerW
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
DispatchMessageW
MessageBoxW
FindWindowW
FindWindowExW
GetWindowThreadProcessId
EnumDisplaySettingsW
DrawStateW
FillRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateMDISysAccel
DefFrameProcW
DrawMenuBar
GetCursor
GetTabbedTextExtentA
SendMessageTimeoutW
GetDoubleClickTime
DrawEdge
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SetCursorPos
LookupIconIdFromDirectoryEx
SetWindowRgn
IsClipboardFormatAvailable
IsZoomed
MapVirtualKeyExW
MoveWindow
AttachThreadInput
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
MapWindowPoints
GetMessagePos
DrawFrameControl
CharLowerBuffW
GetDCEx
LockWindowUpdate
InvertRect
wsprintfW
SetParent
DrawFocusRect
UnionRect
CreateIconFromResourceEx
IsMenu
GetWindowRgn
HideCaret
ShowCaret
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
IsCharLowerW
GetKeyboardState

gdi32

SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetStretchBltMode
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
GetMapMode
RestoreDC
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetTextMetricsW
EnumFontFamiliesExW
GetRgnBox
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateBitmap
BitBlt
GetBitmapBits
CreateDIBSection
RoundRect
Rectangle
GetStockObject
CreatePen
SetTextColor
SetBkColor
GetTextExtentPoint32W
DeleteDC
SetPixel
Polygon
GetCurrentObject
StretchBlt
GetDIBits
PtInRegion
CreateFontW
Polyline
GetViewportOrgEx
StretchDIBits
ExtCreateRegion
Ellipse
GetCharWidthW
GetTextAlign
GetTextExtentPoint32A
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
CreatePolygonRgn
GetWindowOrgEx
RealizePalette
SetDIBitsToDevice
CreateDCW
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
PatBlt
Escape
CreateSolidBrush

msimg32

GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
LookupPrivilegeValueW
ConvertSidToStringSidW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
ExtractIconExW
SHGetFileInfoW
ShellExecuteW

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Draw
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetIconSize

shlwapi

StrFormatByteSizeW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathFileExistsW
PathStripPathW
PathAddBackslashW
PathRemoveArgsW
ord487
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathParseIconLocationW
PathIsDirectoryW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
IsAppThemed

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal

oleaut32

VarBstrFromDate
VarDateFromStr
VariantCopy
SafeArrayGetElemsize
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
VarUdateFromDate
OleLoadPicturePath

oledlg

OleUIBusyW
OleUIAddVerbMenuW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetGetLastResponseInfoW
InternetSetOptionExW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetStatusCallbackW

winmm

PlaySoundW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac591e4899b8929372acc64de79f9299

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

version

psapi

oleacc

wininet

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 499KB - Virtual size: 498KB

.data Size: 38KB - Virtual size: 60KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 499KB - Virtual size: 498KB

.data
Size: 38KB - Virtual size: 60KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB