DllMain
Static task
static1
Behavioral task
behavioral1
Sample
031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.dll
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.dll
Resource
win10v2004-20220331-en
General
-
Target
031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.zip
-
Size
3KB
-
MD5
74c16e55cb10770f41ef741a38486b33
-
SHA1
795acd324fb8b33feee978399c1dd28a4c8bf852
-
SHA256
d17810e45ff1c9b40a98273f63287c26780710764262ed23e52dba48584f010e
-
SHA512
d768b8504bb4190db21e7943e10b9dfe82246a720a7cc7ad5cf1705e1152c775223b08568181bc4589b36e3813f1b3012b3eeabac0c3423cca9cb693ce61a1dd
Malware Config
Extracted
icedid
1287668524
greshman.xyz
vopnoz.com
bleizcarsgood.com
-
auth_var
3
-
url_path
/news/
Signatures
-
Icedid family
Files
-
031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.zip.zip
Password: infected
-
031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.dll.dll windows x64
85ac0c1907b9e6e445f0962af21556f5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
shlwapi
StrStrIA
StrChrA
kernel32
lstrcpyA
GetModuleFileNameA
GetLastError
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
GetFileSize
ReadFile
CreateThread
lstrcatA
GetCommandLineA
Sleep
ExitProcess
CloseHandle
shell32
SHGetFolderPathA
msvcrt
memset
Exports
Exports
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ