icedid | youyou_unpacked[.]dll

Resubmissions

12-03-2022 04:45

220312-fde8laafhm 10

Sharing

Copy URL

Twitter E-mail

General

Target

youyou_unpacked.dll
Size

16KB
MD5

43f4f42d604409c862db1f4ac30efbf1
SHA1

16a4535ce8a884b14a629c467e15d33b3a6caf6a
SHA256

1a2a8f604b8e4917a7e5a2a8994f748b59ca435c8aabc6d3ed211c696b883bc4
SHA512

08355d0c797fa9eba2f79d6ab880c7e231500ed3c610d7eceb51d8128aa94486cba94075748564ca16fc3eab75191d68eafcb730398b022f7a9af7416e5f102a

Score

10^/10

icedid

Malware Config

Signatures

Icedid family
icedid

Files

youyou_unpacked.dll
.dll regsvr32 windows x64

302670fa6280530d095990145000dc98

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfW
wsprintfA

advapi32

GetUserNameA
LookupAccountNameW

kernel32

VirtualProtect
GetComputerNameExA
GetTempPathA
Sleep
ExitProcess
CreateThread
CreateFileA
WriteFile
CloseHandle
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetLastError
SwitchToThread
GetTickCount64
GetComputerNameExW
GetProcAddress
LoadLibraryA
CreateDirectoryA
VirtualAlloc
lstrcpyA
lstrcatA

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpOpen
WinHttpSetStatusCallback

shell32

SHGetFolderPathA

msvcrt

memset

Exports

Exports

DllGetClassObject
DllRegisterServer
PluginInit

Sections

.c
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

302670fa6280530d095990145000dc98

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

winhttp

shell32

msvcrt

Exports

Exports

Sections

.c Size: 7KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 8B

.pdata Size: 512B - Virtual size: 432B

.r Size: 512B - Virtual size: 442B

.d Size: 512B - Virtual size: 128B

.c
Size: 7KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 8B

.pdata
Size: 512B - Virtual size: 432B

.r
Size: 512B - Virtual size: 442B

.d
Size: 512B - Virtual size: 128B