2024-12-28_5ea9a8aaeff68c407705de9949086125_icedid_smoke-loader_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-28_5ea9a8aaeff68c407705de9949086125_icedid_smoke-loader_wapomi
Size

1.4MB
MD5

5ea9a8aaeff68c407705de9949086125
SHA1

5f5c2ef9d00cd6db329579b0233ae611ca4a60e3
SHA256

b3a004531619eb2f9aa592b4dede339d24e5ae542ff35d29a9e5fd2f3e4a2147
SHA512

2b4d7adf467f2a3dd31e27b5e2ea7237c50bcd4cc37b1c492dff923cf1b8d74038d9f1ba2c02400458b2f591f53093df2a6a6d7b58820835914e28e89d753187
SSDEEP

24576:jbati2A+N8tFzN9tZ9E5QC7uo0p1VW6D:jb9B+NIptZ9ygj86D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-28_5ea9a8aaeff68c407705de9949086125_icedid_smoke-loader_wapomi

Files

2024-12-28_5ea9a8aaeff68c407705de9949086125_icedid_smoke-loader_wapomi
.exe windows:4 windows x86 arch:x86

9cdb53529869576a277e30aa6c39ed10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\8219mark\Mark版PageMode量产工具\Release\UdTools.pdb

Imports

kernel32

LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
FindResourceExW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
HeapSize
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
SuspendThread
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
CompareStringA
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
DeleteFileW
MoveFileW
lstrlenA
lstrcmpA
GetVersionExW
VirtualProtect
FindNextFileW
GlobalSize
FormatMessageW
LocalFree
GetCurrentProcessId
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
InterlockedDecrement
GetModuleFileNameW
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetSystemDefaultLangID
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
GetLogicalDrives
DeleteCriticalSection
WaitForMultipleObjects
GetCurrentThreadId
FindClose
CreateEventW
FindFirstFileW
InitializeCriticalSection
GetSystemInfo
GetLocalTime
SetVolumeLabelW
SetErrorMode
GetVolumeInformationW
VirtualFree
FileTimeToLocalFileTime
SystemTimeToFileTime
GetTickCount
CreateThread
ResetEvent
WaitForSingleObject
SetEvent
SetCurrentDirectoryW
DeviceIoControl
FileTimeToSystemTime
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
Sleep
CreateDirectoryW
WriteFile
SetFilePointer
GetSystemTime
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
CreateFileW
CopyFileW
SetVolumeMountPointW
DeleteVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GetCurrentDirectoryW
GetPrivateProfileIntW
GetDriveTypeW
GlobalFree
GlobalAlloc
GetLocaleInfoW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FreeEnvironmentStringsW
FindResourceW

user32

LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetParent
UnionRect
GetDCEx
LockWindowUpdate
CharUpperW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
MapDialogRect
GetAsyncKeyState
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuStringW
InsertMenuW
RemoveMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetWindowThreadProcessId
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
DestroyIcon
GetCapture
SetWindowsHookExW
LoadAcceleratorsW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
DeleteMenu
GetDialogBaseUnits
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
RegisterClipboardFormatW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorW
MessageBeep
IsIconic
GetWindowPlacement
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
WaitMessage
CallNextHookEx
WindowFromPoint
ShowOwnedPopups
GetMessageW
TranslateMessage
IsChild
ValidateRect
GetWindow
UnregisterDeviceNotification
UnregisterHotKey
RegisterDeviceNotificationW
LoadIconW
AppendMenuW
GetSystemMenu
OffsetRect
RegisterHotKey
PostQuitMessage
PostMessageW
DestroyCursor
SetCapture
SetTimer
InflateRect
LoadCursorW
KillTimer
DrawEdge
EqualRect
ReleaseCapture
SetCursor
GetCursorPos
GetKeyState
wsprintfW
GetDesktopWindow
SetWindowLongW
CallWindowProcW
PtInRect
GetWindowLongW
GetParent
SendMessageW
CallWindowProcA
DrawFocusRect
DrawTextW
DrawFrameControl
SetRectEmpty
UpdateWindow
InvalidateRect
EnableWindow
GetSysColor
GetWindowRect
GetSystemMetrics
CopyRect
GetClientRect
GetWindowTextLengthW
UnregisterClassA

gdi32

SelectClipPath
ScaleWindowExtEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
SetWindowExtEx
CreatePen
ExtCreatePen
CreateHatchBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CopyMetaFileW
CreateDCW
EnumFontFamiliesExW
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
StretchDIBits
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetDeviceCaps
CreateBitmap
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetObjectW
GetClipBox
GetDCOrgEx
GetCurrentPositionEx
CreateFontW
BitBlt
CreateFontIndirectW
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
ExtTextOutW
GetTextMetricsW
CreateSolidBrush
GetTextExtentPoint32W
PatBlt
UnrealizeObject
CreatePatternBrush
GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

shell32

ShellExecuteW
ExtractIconW
DragFinish
DragQueryFileW
SHGetFileInfoW

comctl32

InitCommonControlsEx

shlwapi

StrCmpNIW
StrStrW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
StrCpyW
StrCmpIW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleRun
CreateStreamOnHGlobal
OleUninitialize

oleaut32

LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

setupapi

CM_Locate_DevNodeW
CM_Get_Child
CM_Get_Sibling
CM_Get_Parent
SetupDiGetClassDevsW
CM_Request_Device_EjectW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Registry_PropertyW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

3�ߣu�
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9cdb53529869576a277e30aa6c39ed10

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

mpr

setupapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 128KB - Virtual size: 156KB

.rsrc Size: 60KB - Virtual size: 56KB

3�ߣu� Size: 20KB - Virtual size: 20KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 128KB - Virtual size: 156KB

.rsrc
Size: 60KB - Virtual size: 56KB

3�ߣu�
Size: 20KB - Virtual size: 20KB