2024-10-13_71e2756b297cd691c16861c861fd2abf_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-13_71e2756b297cd691c16861c861fd2abf_icedid
Size

1.7MB
MD5

71e2756b297cd691c16861c861fd2abf
SHA1

984a0e8355501f1b54ebdfe0bc2d24b21669da10
SHA256

ebe68a20d27877e11f0e06058856948df54e422d570198ec65a5fc15fddf61df
SHA512

b49fbab4387c3dc920da7b17750214eb7e7c47cc08014334175c87b080353e7a7e132574a6b86964bc1a1de609b36c0efcd45761230b266e9613482e4ab6a18f
SSDEEP

24576:5yZp5hLQm5b0xofxpUIfIWCGOId3EmV0UCABILuF7Hijq:5yrLq2fxpr9d3kaIyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-13_71e2756b297cd691c16861c861fd2abf_icedid

Files

2024-10-13_71e2756b297cd691c16861c861fd2abf_icedid
.exe windows:4 windows x86 arch:x86

a17c766421a0b8d950e29af481eab222

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\ttssh2-release\teraterm-4_84\teraterm\Release\ttermpro.pdb

Imports

ws2_32

gethostbyname
WSAGetLastError
htonl
inet_addr
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
getservbyname
inet_ntoa
closesocket

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmGetCompositionStringA

ttpfile

ord11
ord12

ttpcmn

ord44
ord45
ord5
ord1
ord2
ord37
ord60
ord56
ord57
ord58
ord54
ord16
ord52
ord59
ord33
ord34
ord15
ord10
ord61
ord11
ord14
ord12
ord26
ord27
ord24
ord25
ord22
ord21
ord4
ord23
ord20
ord40
ord41
ord32
ord35
ord36

ttpdlg

ord12

kernel32

PurgeComm
SetupComm
ClearCommError
PeekNamedPipe
OpenEventA
WaitCommEvent
CreateEventA
EscapeCommFunction
SetEvent
GetOverlappedResult
ClearCommBreak
SetCommBreak
BuildCommDCBA
GetCommState
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
OutputDebugStringA
GetLocalTime
IsDBCSLeadByte
FindClose
FindNextFileA
FindFirstFileA
GetFullPathNameA
ExpandEnvironmentStringsA
GetFileSize
HeapFree
HeapAlloc
GetProcessHeap
GetPrivateProfileIntA
DeleteFileA
LocalFree
LocalUnlock
LocalLock
ResumeThread
SetLastError
MulDiv
GetPrivateProfileStringA
GlobalSize
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
GetModuleFileNameW
InterlockedDecrement
GetCurrentProcessId
lstrcmpA
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
SetThreadPriority
SuspendThread
FindResourceExA
GetAtomNameA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
MoveFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetShortPathNameA
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTimeFormatA
SetCommTimeouts
ExitThread
CreateThread
GetDriveTypeA
RaiseException
ExitProcess
CopyFileA
TerminateProcess
UnhandledExceptionFilter
GetTimeZoneInformation
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
SetHandleCount
GetFileType
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStartupInfoA
CreateProcessA
GetFileAttributesA
WritePrivateProfileStringA
GetCurrentProcess
GetCurrentThread
GetModuleHandleA
GetSystemDirectoryA
GlobalLock
Sleep
GetVersionExA
VirtualProtect
_lwrite
_lread
GetTempPathA
GetTempFileNameA
_llseek
SetFilePointer
_lcreat
_lopen
ReadFile
_lclose
GlobalUnlock
GlobalFree
GlobalAlloc
CreateFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
CloseHandle
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetCommState
SetCommMask
WinExec
SetUnhandledExceptionFilter
GetDateFormatA
GetCommandLineA
FormatMessageA
HeapSize

gdi32

SetMapperFlags
SetTextCharacterExtra
SetTextJustification
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
SetArcDirection
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
SetColorAdjustment
PlayMetaFile
SelectClipRgn
ExtCreatePen
CreateHatchBrush
EnumFontFamiliesExA
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetCharWidthA
CreateFontA
StretchDIBits
GetCurrentPositionEx
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetROP2
SetPolyFillMode
CreateBitmap
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
CreatePen
Polyline
GetTextColor
GetBkColor
GetNearestColor
SetBkMode
CreateRectRgnIndirect
SetWindowOrgEx
SetStretchBltMode
StretchBlt
GetDIBits
BitBlt
GetCurrentObject
RestoreDC
SaveDC
CreateDIBSection
CreateCompatibleBitmap
GetStockObject
CreateSolidBrush
Rectangle
TextOutA
CreateCompatibleDC
GetTextExtentPoint32A
GetDeviceCaps
CreateFontIndirectA
GetTextMetricsA
SetAbortProc
StartDocA
EndPage
StartPage
ExtTextOutA
SelectObject
SetTextColor
SetBkColor
EndDoc
DeleteDC
GetObjectA
DeleteObject
CreateRectRgn
GetClipRgn

comdlg32

GetFileTitleA
PrintDlgA
GetOpenFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA

comctl32

ord6
ord17

shlwapi

PathFindFileNameA
PathRemoveExtensionA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

ole32

OleDuplicateData
CLSIDFromString
StringFromGUID2
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
CoDisconnectObject

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate

Sections

.text
Size: 636KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 980KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a17c766421a0b8d950e29af481eab222

Headers

File Characteristics

PDB Paths

Imports

ws2_32

imm32

ttpfile

ttpcmn

ttpdlg

kernel32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 636KB - Virtual size: 632KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 52KB - Virtual size: 92KB

.rsrc Size: 980KB - Virtual size: 1.5MB

.text
Size: 636KB - Virtual size: 632KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 52KB - Virtual size: 92KB

.rsrc
Size: 980KB - Virtual size: 1.5MB