icedid | 031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd[.]zip

General

Target

031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.zip
Size

3KB
MD5

74c16e55cb10770f41ef741a38486b33
SHA1

795acd324fb8b33feee978399c1dd28a4c8bf852
SHA256

d17810e45ff1c9b40a98273f63287c26780710764262ed23e52dba48584f010e
SHA512

d768b8504bb4190db21e7943e10b9dfe82246a720a7cc7ad5cf1705e1152c775223b08568181bc4589b36e3813f1b3012b3eeabac0c3423cca9cb693ce61a1dd

Score

10^/10

Family

icedid

Botnet

1287668524

C2

greshman.xyz

vopnoz.com

bleizcarsgood.com

Attributes

031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.zip
.zip

Password: infected
031e1e5ba948b6b5e7b9c1f5fda934bec63815d2861de942ee131013126a1afd.dll
.dll windows x64

85ac0c1907b9e6e445f0962af21556f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrStrIA
StrChrA

kernel32

lstrcpyA
GetModuleFileNameA
GetLastError
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
GetFileSize
ReadFile
CreateThread
lstrcatA
GetCommandLineA
Sleep
ExitProcess
CloseHandle

shell32

SHGetFolderPathA

msvcrt

memset

Exports

Exports

DllMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ