file | Triage

Submit
Reports

Overview

overview

Static

static

core.bat

windows7_x64

core.bat

windows10-2004_x64

health-x64.dll

windows7_x64

health-x64.dll

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

core.bat

Resource

win7-20220311-en

icedid 3036889562 banker core_loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

core.bat

Resource

win10v2004-en-20220113

icedid 3036889562 banker core_loader trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

health-x64.dll

Resource

win7-20220311-en

icedid 3036889562 banker core_loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

health-x64.dll

Resource

win10v2004-en-20220113

icedid 3036889562 banker core_loader trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

file
Size

363KB
MD5

1eea61d74ac2d0230e6b55218cedf87c
SHA1

aa1f238656bcf1a83e93e5aabfbb05f6a92817d0
SHA256

869e8b742394a505f495ce94d01782d58b9afc7327940a2accf2042fc0972b83
SHA512

a6c74bf6d1657c51cb3c0590a5b94b9ccc11976c7305b36aa925c39f5afaff0bdd861cf5f4ed6b5a980b93c495ef637af9fcdd2c43dfbc330377202d545556be

Score

N/A

Malware Config

Signatures

Files

file
.zip
core.bat
health-x64.dat
.dll windows x64

0dff77dc5b7078ad1784685b3697f596

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

CreateDIBPatternBrushPt
CreateRectRgnIndirect
DrawEscape
GetCharABCWidthsA
GetCurrentPositionEx
GetPixelFormat
AnimatePalette

uxtheme

SetThemeAppProperties
GetThemeAppProperties
GetThemeSysString
GetThemeSysBool
GetThemePropertyOrigin
BufferedPaintRenderAnimation

rasapi32

RasDeleteSubEntryW
RasSetCustomAuthDataW
RasSetCustomAuthDataA
RasSetEapUserDataW
RasClearLinkStatistics
RasGetEntryPropertiesW
RasConnectionNotificationW
RasHangUpA
RasCreatePhonebookEntryW
RasValidateEntryNameA

Exports

Exports

DllMain
EtbglgUnX
GkhZaTeoc
IErmglYz
JQmHsJ
KVRuH
NPvkvBV
PATkPxSe
ZdJQF
bejRwfWAPT
cbcpysqBE
eUwGD
gjxEb
iXNVuDrLiQ
qGaDYENmK
vqKEffHVPN
wtYoGn

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
license.dat

© 2018-2024

Terms | Privacy