e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText
Behavioral task
behavioral1
Sample
2024-06-29_7c7e490dd055d4b1a9c200d2203be31d_icedid.exe
Resource
win7-20240611-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-29_7c7e490dd055d4b1a9c200d2203be31d_icedid.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
2024-06-29_7c7e490dd055d4b1a9c200d2203be31d_icedid
-
Size
8.8MB
-
MD5
7c7e490dd055d4b1a9c200d2203be31d
-
SHA1
0e211d10f1cd9407e9585890271d921fd3b0159f
-
SHA256
83f55cfaf4076b74842bd75ecfc70d4a383aa4b396d85fbdb71812845827db29
-
SHA512
9b73d795035680f944dfa63f8173803dbd32b9029ddd5dc51c32098ddaa4a23efabe65895592aca3f65ed631443e61116cc90101daa3273d3f1ae66aaf7b0755
-
SSDEEP
98304:Yqzc68TpwMmtw7jGfU5RZTs96wMrgDBJF4ghsqry116Zlh8QZcVzArOSqeDalc6q:KpMtw7PTs97sn16Xh72c9BDalVC
Score
10/10
Malware Config
Signatures
-
Detects executables packed with Agile.NET / CliSecure 1 IoCs
Processes:
resource yara_rule sample INDICATOR_EXE_Packed_AgileDotNet -
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-06-29_7c7e490dd055d4b1a9c200d2203be31d_icedid
Files
-
2024-06-29_7c7e490dd055d4b1a9c200d2203be31d_icedid.exe windows:4 windows x86 arch:x86
69a370217ac9a133e4eb3ee2e9ad2577
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
iphlpapi
SendARP
GetAdaptersInfo
shlwapi
StrToIntExW
StrToIntExA
PathAppendA
PathFileExistsA
SHDeleteValueA
SHDeleteKeyA
mpr
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection2A
WNetCancelConnection2A
winmm
midiOutShortMsg
midiStreamOut
midiOutPrepareHeader
waveOutUnprepareHeader
timeKillEvent
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutPrepareHeader
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamPause
timeSetEvent
mciSendStringA
waveOutGetDevCapsA
waveOutRestart
ws2_32
socket
htonl
bind
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
setsockopt
gethostbyname
inet_ntoa
inet_addr
gethostbyaddr
gethostname
ntohs
getsockname
WSASetLastError
ntohl
sendto
recvfrom
ioctlsocket
connect
recv
listen
getpeername
accept
WSAGetLastError
__WSAFDIsSet
WSAStartup
getsockopt
version
VerLanguageNameA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
rasapi32
RasHangUpA
RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetConnectStatusA
RasDialA
kernel32
VirtualAlloc
VirtualFree
IsBadReadPtr
GetSystemInfo
SetLastError
VirtualProtect
GetThreadLocale
LoadLibraryExA
FormatMessageA
GetSystemDirectoryA
GetWindowsDirectoryA
SetSystemPowerState
GetCurrentProcess
IsDBCSLeadByte
lstrcmpA
lstrcmpiA
lstrcpynA
FileTimeToSystemTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetFilePointer
GetCurrentProcessId
GetFileInformationByHandle
GetFileType
MapViewOfFile
CreateFileMappingA
DuplicateHandle
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
DosDateTimeToFileTime
SetFileTime
TerminateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
Module32Next
Module32First
GlobalMemoryStatus
EnumResourceNamesA
WriteProfileStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeZoneInformation
GetSystemDefaultLangID
GetLocaleInfoA
GetVersion
LocalFree
WriteProcessMemory
ReadProcessMemory
MapViewOfFileEx
GetCurrentThread
GetSystemTime
CreateMutexA
ReleaseMutex
SuspendThread
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
HeapCreate
FatalAppExitA
SetEnvironmentVariableW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
IsBadWritePtr
SetConsoleCtrlHandler
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
SetUnhandledExceptionFilter
WriteConsoleA
IsBadCodePtr
GetLocaleInfoW
InterlockedExchange
GetEnvironmentVariableA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
SetCommTimeouts
SetCommMask
GetCommState
SetCommState
WriteFile
PurgeComm
WaitCommEvent
ClearCommError
WaitForMultipleObjects
GetOverlappedResult
GetCommModemStatus
CreateFileA
DeviceIoControl
SetEvent
FindResourceA
LoadResource
LockResource
SizeofResource
ReadFile
PeekNamedPipe
CreatePipe
GetExitCodeProcess
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
EscapeCommFunction
CreateThread
CreateEventA
ResetEvent
Sleep
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
MoveFileA
DeleteFileA
HeapDestroy
CopyFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetVolumeLabelA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
SetLocalTime
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
GetStringTypeExA
GetShortPathNameA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
LocalFileTimeToFileTime
SetThreadPriority
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetStartupInfoA
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
RaiseException
HeapSize
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetACP
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileSize
user32
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
DrawFrameControl
TranslateMessage
GetDialogBaseUnits
RemoveMenu
InsertMenuA
LoadStringA
WaitMessage
ShowOwnedPopups
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
AdjustWindowRect
EnableMenuItem
GetSubMenu
LoadIconA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetForegroundWindow
ExitWindowsEx
CharUpperA
CharLowerA
GetKeyboardLayout
VkKeyScanExA
GetDesktopWindow
GetClassNameA
keybd_event
mouse_event
GetWindowThreadProcessId
FindWindowA
GetKeyboardState
SendMessageTimeoutA
GetDlgItem
FindWindowExA
GetWindowTextA
GetDlgCtrlID
ChangeDisplaySettingsA
GetCursor
DrawTextA
SetPropA
CallWindowProcA
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
InvertRect
IsRectEmpty
ScrollDC
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollPos
RegisterClassA
SetWindowPlacement
GetClassLongA
RemovePropA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
EndPaint
BeginPaint
GetWindowTextLengthA
OemToCharA
CharToOemA
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
GetSysColorBrush
CreateIconFromResourceEx
MoveWindow
GetPropA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
UnregisterClassA
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
SetWindowTextA
wvsprintfA
MsgWaitForMultipleObjects
DestroyWindow
SetDlgItemTextA
CreateWindowExA
RegisterClipboardFormatA
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
EnumWindows
DrawEdge
SetDlgItemInt
SetRectEmpty
gdi32
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
SetColorAdjustment
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
ExtCreateRegion
SetPixel
CreateDIBSection
CreateRectRgnIndirect
SetBkColor
EnumFontFamiliesExA
AddFontResourceA
RemoveFontResourceA
GdiFlush
SetDIBColorTable
GetPaletteEntries
CreateHalftonePalette
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetNearestPaletteIndex
PolyBezierTo
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
ExtCreatePen
CreateDIBPatternBrushPt
GetDCOrgEx
GetTextMetricsA
GetMapMode
SetRectRgn
CopyMetaFileA
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Pie
Chord
GetDeviceCaps
GetTextExtentPoint32A
Polygon
GetWindowOrgEx
EndPage
Arc
msimg32
GradientFill
winspool.drv
GetFormA
GetPrinterA
SetPrinterA
EnumPrintersA
AddFormA
SetFormA
DeleteFormA
EnumFormsA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
advapi32
InitializeAcl
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
CopySid
RegSetValueA
GetLengthSid
GetTokenInformation
GetSidSubAuthority
RegCreateKeyExA
GetUserNameA
RegOpenKeyA
RegGetKeySecurity
AllocateAndInitializeSid
RegCloseKey
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
shell32
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
Shell_NotifyIconA
DragAcceptFiles
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderPathA
SHAppBarMessage
SHChangeNotify
SHEmptyRecycleBinA
SHFileOperationA
ole32
ReleaseStgMedium
CoDisconnectObject
CLSIDFromProgID
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
CoCreateGuid
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
oleaut32
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayRedim
SafeArrayGetElemsize
SysStringLen
UnRegisterTypeLi
OleCreateFontIndirect
OleCreatePictureIndirect
GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SysAllocStringLen
SysReAllocStringLen
comctl32
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ord17
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ImageList_DrawIndirect
ImageList_Duplicate
wininet
HttpAddRequestHeadersA
InternetErrorDlg
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpOpenFileA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FtpFindFirstFileA
InternetFindNextFileA
FtpGetFileA
HttpEndRequestA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
HttpSendRequestExA
GopherFindFirstFileA
InternetGetLastResponseInfoA
FtpPutFileA
comdlg32
ChooseFontA
ChooseColorA
CommDlgExtendedError
GetFileTitleA
PageSetupDlgA
PrintDlgA
GetSaveFileNameA
GetOpenFileNameA
Exports
Exports
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 436KB - Virtual size: 929KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ