icedid | e82bade1258a56f6f6850665759a682ffeeaaf57d62200687ebcb110deea75b9[.]zip

General

Target

e82bade1258a56f6f6850665759a682ffeeaaf57d62200687ebcb110deea75b9.zip
Size

10KB
MD5

e6e079e49fa0ae4d805b88a6a4c13ae7
SHA1

cd01b2a443ff8ff3e5b752822e99ba5c0781c58f
SHA256

2480a62d9ff1d7c1a64ae9a86005ef6d41c8ce634dfac2b4ff49db6d5a7304dd
SHA512

94343927fd179128bb66520326252b9c015b6a04e96b8a2f032f8cdb1e43d7c35dc83a8909066558ed719b6121ff3c360c2d6b865f8983bff5205fa70c4ee755

Score

10^/10

loader icedid

Family

icedid

e82bade1258a56f6f6850665759a682ffeeaaf57d62200687ebcb110deea75b9.zip
.zip

Password: infected
e82bade1258a56f6f6850665759a682ffeeaaf57d62200687ebcb110deea75b9
.dll regsvr32 windows x64

83f22083623bd7bf013895291b81ae25

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
HeapReAlloc
HeapAlloc

msvcrt

memset

Exports

Exports

DllGetClassObject
DllRegisterServer
EntryFunct
EntryFunct1
PluginInit

Sections

.c
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE