2024-12-15_61fb0420e4b1760d8f8be0fd074d3d6a_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-15_61fb0420e4b1760d8f8be0fd074d3d6a_icedid
Size

1.1MB
MD5

61fb0420e4b1760d8f8be0fd074d3d6a
SHA1

894b6d05b180d024fb538623071c806d766d1fac
SHA256

e2d0cd5a3a2b2df6bfb1a89fea0783fab489f052e446e172e0dec739a25740dd
SHA512

e746f80b04d9bf752582f61729eda0553413c40286abec2ba66a88604753be24c12e5b1e3c57e668ea32d1b317357c8a123eef3868ea5beebefc7a86f74de73e
SSDEEP

24576:sZT2K+zRJiT1DQzICqs4DJcahFVpdCX/xXubMy:A27RJ4DQzICqLJcEVdCX/x/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-15_61fb0420e4b1760d8f8be0fd074d3d6a_icedid

Files

2024-12-15_61fb0420e4b1760d8f8be0fd074d3d6a_icedid
.exe windows:4 windows x86 arch:x86

3b007ddc88e548c9c2960a37f5aac2af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\New_Login\GuaGua\trunk\Client\OnlineSetupV2\GirlsShow_lastdefine\SmallStationRelease\SetupTool.pdb

Imports

kernel32

LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileTime
SetErrorMode
HeapAlloc
RtlUnwind
HeapFree
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
OutputDebugStringA
FatalExit
DebugBreak
SystemTimeToFileTime
SetFileTime
WaitForMultipleObjects
MoveFileA
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
OpenProcess
TerminateProcess
Sleep
FindNextFileA
RemoveDirectoryA
Module32First
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateDirectoryA
RaiseException
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
GetVersion
CreateProcessA
WaitForSingleObject
DeleteFileA
GetTickCount
CreateMutexA
GetLastError
MultiByteToWideChar
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindFirstFileA
FindClose
GetLocalTime
GetModuleFileNameA
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryA
GetProcAddress
CloseHandle

user32

CharNextA
ReleaseCapture
SetCapture
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
GetCursorPos
WindowFromPoint
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
IsRectEmpty
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
MessageBoxA
ReleaseDC
GetDC
RegisterClipboardFormatA
GetPropA
LoadCursorA
SetCursor
UnregisterClassA
CharUpperA
LoadIconA
KillTimer
SetTimer
UpdateWindow
ScreenToClient
GetSystemMenu
EnableMenuItem
DrawIcon
PtInRect
GetSystemMetrics
IsIconic
PostMessageA
InvalidateRect
GetWindowRect
CopyRect
SetLayeredWindowAttributes
EnableWindow
GetParent
GetClientRect
SendMessageA
GetClassNameA

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
DeleteObject
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
SetBkMode
CreateFontA
SetPixel
GetPixel
Rectangle
BitBlt
DPtoLP
GetMapMode
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveBackslashA
PathAddBackslashA
PathQuoteSpacesA
PathCanonicalizeA
PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitialize
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleUninitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantClear
SafeArrayCopy
SafeArrayGetVartype
VariantInit
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysFreeString

wininet

InternetSetOptionExA
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetGetCookieExA

gdiplus

GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusShutdown

ws2_32

WSAStartup

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3b007ddc88e548c9c2960a37f5aac2af

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

ws2_32

Sections

.text Size: 320KB - Virtual size: 316KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 696KB - Virtual size: 696KB

.text
Size: 320KB - Virtual size: 316KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 696KB - Virtual size: 696KB