Behavioral task
behavioral1
Sample
59bab4719a295a14fb9f8b6217032f6fb3e113369e6fd5db4a885027c6c08006.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
59bab4719a295a14fb9f8b6217032f6fb3e113369e6fd5db4a885027c6c08006.exe
Resource
win10v2004-20220812-en
General
-
Target
59bab4719a295a14fb9f8b6217032f6fb3e113369e6fd5db4a885027c6c08006.exe
-
Size
13KB
-
MD5
78d2a8c3ab9f26a62f77a33a60ccf0f5
-
SHA1
60684cabd258229dbc0fd57dddd195ea8a8fdf4d
-
SHA256
59bab4719a295a14fb9f8b6217032f6fb3e113369e6fd5db4a885027c6c08006
-
SHA512
0fe30e879950dd4176c728c51c41d118a545756228c2b3097c8fba7a3a1c085f7a6c54aa117a0cc2cc58fed7335496164557ec81492d26e6127e732f1122e6ec
-
SSDEEP
192:7KbCHpfVTIFyzPDufy2yz7ZBKUFf636yXXVXZ5PM6E6329E:7KbCHFHzmy1z1896yJA6E632
Malware Config
Extracted
icedid
4040403069
sajimadurop.com
Signatures
-
Icedid family
Files
-
59bab4719a295a14fb9f8b6217032f6fb3e113369e6fd5db4a885027c6c08006.exe.exe windows x64
64073750f54905ba99204d8fcc786d0d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
wsprintfW
kernel32
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
WriteFile
CloseHandle
HeapReAlloc
GetLastError
ExitProcess
GetTickCount64
GetComputerNameExW
GetProcAddress
LoadLibraryA
CreateDirectoryA
GetTempPathA
Sleep
lstrcpyA
lstrcatA
VirtualAlloc
SwitchToThread
lstrlenW
WideCharToMultiByte
VirtualProtect
advapi32
GetUserNameW
LookupAccountNameW
msvcrt
memset
winhttp
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
shell32
SHGetFolderPathA
Sections
.c Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.r Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.d Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE