2024-12-28_b48a87f10183f3b48882662e07c2e53d_icedid_smoke-loader_wapomi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-28_b48a87f10183f3b48882662e07c2e53d_icedid_smoke-loader_wapomi
Size

1008KB
MD5

b48a87f10183f3b48882662e07c2e53d
SHA1

52baf4eecc40f320c0b2578e1053f145c3dc8a70
SHA256

4be3942a64e4c9d87c967e7e16e0110077b71fda614cc690ecd322c28d35f49f
SHA512

1530049ee22299021be638c5bb56ee915e138568bacf6a09b823cd1beef32ac4412a02a41085488e3df87a4b8cddaef0da1b9238b4f6fa86535135f34fee85e1
SSDEEP

12288:mPl9ecQnnkPAMz90FRzEv083cRLdPLTtruTi9+ka7gjhcrHs9ZW7Es6j6EP:oQne0FRzA0scRJPPBuTiErwcrM98D6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-28_b48a87f10183f3b48882662e07c2e53d_icedid_smoke-loader_wapomi

Files

2024-12-28_b48a87f10183f3b48882662e07c2e53d_icedid_smoke-loader_wapomi
.exe windows:4 windows x86 arch:x86

fb1446d98044a4bb8e41d8bafd319ac3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NOR\NorUtoolV21_8bit\NorUtoolV21_8bit\Release\UdTools.pdb

Imports

kernel32

GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
FindResourceExW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapReAlloc
ExitProcess
ExitThread
HeapSize
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SuspendThread
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
FatalAppExitA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
CompareStringA
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
DeleteFileW
MoveFileW
lstrlenA
lstrcmpA
GetVersionExW
VirtualProtect
GetCurrentProcessId
FindNextFileW
GlobalSize
FormatMessageW
LocalFree
InterlockedDecrement
GetModuleFileNameW
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetSystemDefaultLangID
DeleteCriticalSection
FindClose
FindFirstFileW
GetLocalTime
VirtualFree
SetVolumeLabelW
GetVolumeInformationW
FileTimeToLocalFileTime
SystemTimeToFileTime
GetTickCount
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
WaitForMultipleObjects
GetCurrentThreadId
SetErrorMode
GetLogicalDrives
CreateEventW
InitializeCriticalSection
GetSystemInfo
CreateThread
ResetEvent
WaitForSingleObject
SetEvent
SetCurrentDirectoryW
DeviceIoControl
FileTimeToSystemTime
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
Sleep
CreateDirectoryW
SetFilePointer
WriteFile
GetSystemTime
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
CreateFileW
CopyFileW
SetVolumeMountPointW
DeleteVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GetPrivateProfileIntW
GetCurrentDirectoryW
GlobalFree
GlobalAlloc
GetDriveTypeW
GetLocaleInfoW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetCommandLineW
SizeofResource

user32

LoadAcceleratorsW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
CharUpperW
MapDialogRect
GetAsyncKeyState
GetWindowThreadProcessId
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringW
InsertMenuW
RemoveMenu
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
MapVirtualKeyW
GetKeyNameTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
WaitMessage
IsWindow
SetFocus
InsertMenuItemW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
WindowFromPoint
GetDialogBaseUnits
UnregisterClassW
GetSysColorBrush
ShowOwnedPopups
GetMessageW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorW
DestroyIcon
DrawTextExW
TabbedTextOutW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
GetWindowTextLengthW
DeleteMenu
TranslateMessage
ValidateRect
SetWindowContextHelpId
GetFocus
RegisterClipboardFormatW
FillRect
UnregisterHotKey
LoadIconW
AppendMenuW
GetSystemMenu
UnregisterDeviceNotification
RegisterDeviceNotificationW
OffsetRect
RegisterHotKey
PostQuitMessage
PostMessageW
SetCapture
SetTimer
KillTimer
EqualRect
ReleaseCapture
SetCursor
GetCursorPos
InflateRect
DrawEdge
DestroyCursor
LoadCursorW
GetKeyState
wsprintfW
GetDesktopWindow
DrawFocusRect
DrawTextW
DrawFrameControl
SetWindowLongW
CallWindowProcW
PtInRect
GetWindowLongW
GetParent
SendMessageW
CallWindowProcA
EnableWindow
CopyRect
UpdateWindow
InvalidateRect
GetWindowRect
GetSystemMetrics
GetClientRect
SetRectEmpty
GetSysColor
DestroyWindow
UnregisterClassA

gdi32

GetWindowExtEx
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
CreatePen
ArcTo
CreateHatchBrush
GetDCOrgEx
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CopyMetaFileW
CreateDCW
EnumFontFamiliesExW
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
StretchDIBits
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
ExtCreatePen
CreateSolidBrush
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetCurrentPositionEx
CreateFontW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
ExtTextOutW
SetTextColor
SetBkColor
GetTextExtentPoint32W
PatBlt
UnrealizeObject
GetTextMetricsW
CreatePatternBrush
CreateBitmap
GetPixel

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyW
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

shell32

SHGetFileInfoW
DragFinish
DragQueryFileW
ExtractIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
StrCpyW
StrStrW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
StrCmpIW
StrCmpNIW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleRun
CreateStreamOnHGlobal
OleUninitialize

oleaut32

LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

setupapi

CM_Locate_DevNodeW
CM_Get_Child
CM_Get_Sibling
CM_Get_Parent
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Request_Device_EjectW
CM_Get_DevNode_Registry_PropertyW

Sections

.text
Size: 672KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�9�ңuP
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb1446d98044a4bb8e41d8bafd319ac3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

mpr

setupapi

Sections

.text Size: 672KB - Virtual size: 670KB

.rdata Size: 140KB - Virtual size: 138KB

.data Size: 116KB - Virtual size: 144KB

.rsrc Size: 56KB - Virtual size: 54KB

�9�ңuP Size: 20KB - Virtual size: 20KB

.text
Size: 672KB - Virtual size: 670KB

.rdata
Size: 140KB - Virtual size: 138KB

.data
Size: 116KB - Virtual size: 144KB

.rsrc
Size: 56KB - Virtual size: 54KB

�9�ңuP
Size: 20KB - Virtual size: 20KB