icedid | e52127986ec369f2224831b50d090a772f56f49dcdf58770156871dcb7f9598f

Sharing

Copy URL

Twitter E-mail

General

Target

e52127986ec369f2224831b50d090a772f56f49dcdf58770156871dcb7f9598f
Size

356KB
MD5

9e1908357516a6b3bb816a208b24bd4f
SHA1

02a12b62492f7370a9b7beac4c410b21b7003167
SHA256

e52127986ec369f2224831b50d090a772f56f49dcdf58770156871dcb7f9598f
SHA512

c4e51ba9609c4c5879a799d429bc778e218676200fd8ed2bc8df2e6473a77294c9fc1ab04184a45119056db101a8547f06777cb3260fd1f64cf26da7a15fd182
SSDEEP

6144:b1MinTILHCvmE0tCdZodfjlzQ53lPHMo7GBcKKrRsZau/4Nn5Z8QhnUGSIcMt:BMiTWHCvpjdZMS532o7GmK0rZ8ySRC

Score

10^/10

core_payload icedid

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Signatures

Icedid family
icedid

Files

e52127986ec369f2224831b50d090a772f56f49dcdf58770156871dcb7f9598f
.exe windows x64

7c3763124f9e21ab559e65c053b0fed2

Headers

Imports

crypt32

CryptUnprotectData
CertStrToNameA
CryptExportPublicKeyInfoEx
CryptEncodeObject
CryptSignAndEncodeCertificate
CertGetCertificateContextProperty
CertCreateSelfSignCertificate
CertGetNameStringA
CertGetIntendedKeyUsage
CertControlStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateContext

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpOpen

ntdll

RtlGetVersion
ZwQuerySystemInformation
NtAllocateVirtualMemory
NtWriteVirtualMemory
NtProtectVirtualMemory
RtlTimeToSecondsSince1970
RtlDecompressBuffer

shell32

SHGetFolderPathW
SHGetFolderPathA
ShellExecuteExA

ws2_32

WSAStartup
setsockopt
select
send
inet_ntoa
closesocket
shutdown
WSASetLastError
gethostbyname
inet_addr
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
socket
recv
listen
ioctlsocket
connect
bind
accept
WSAGetLastError

secur32

InitSecurityInterfaceA

netapi32

NetGetJoinInformation
NetWkstaGetInfo
NetApiBufferFree

user32

wsprintfW
wsprintfA
CharLowerA
GetForegroundWindow
GetDesktopWindow
GetWindowDC
ReleaseDC
GetWindowRect
GetCursorPos

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIA
PathFindFileNameA
SHSetValueA
StrCmpIW
StrToIntExA
StrCmpNIA
StrToIntA
StrCmpNIW
StrStrIW
StrChrW
StrChrA
StrStrA

rpcrt4

UuidFromStringA
UuidFromStringW

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetUserNameA
GetUserNameW
OpenProcessToken
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountNameW
ConvertSidToStringSidA
RegCreateKeyA
CryptAcquireContextA
CredFree
CredEnumerateW
RegQueryValueExW
RegEnumKeyExA
RegCreateKeyExA
CryptGenKey
CryptVerifySignatureA
InitiateSystemShutdownExA
CryptImportKey
CryptDestroyKey
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegCloseKey

gdiplus

GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile

msvcrt

_vsnprintf
memcpy
memset

kernel32

CreateFileW
ExpandEnvironmentStringsA
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueueUserAPC
SleepEx
FindClose
CreateFileA
OpenProcess
TerminateThread
CreateThread
OpenEventA
CreateEventA
SetEvent
CopyFileA
lstrcmpiA
FindFirstFileA
CreateEventW
DeleteFileA
GetTickCount64
WideCharToMultiByte
IsWow64Process
CreateProcessA
TerminateProcess
WaitForSingleObject
HeapReAlloc
PeekNamedPipe
CreatePipe
GetFileSize
ReadFile
LocalFree
GetNativeSystemInfo
GetComputerNameExW
GetTickCount
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenW
lstrcatW
lstrcatA
GetTempPathA
GetTempPathW
CreateDirectoryW
CreateDirectoryA
FindNextFileA
CreateRemoteThread
RegisterWaitForSingleObject
UnregisterWait
ResumeThread
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
lstrlenA
GetLocalTime
GetCurrentProcessId
lstrcpyA
GetProductInfo
ExitProcess
CreateMutexA
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
Sleep
WaitForMultipleObjects
GetModuleHandleA
SystemTimeToFileTime
GetProcAddress
SetErrorMode
WriteFile
FreeLibrary
LoadLibraryA
SetFilePointer
LocalAlloc
DeleteFileW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
DeleteDC
DeleteObject
Ellipse
GetStockObject
SelectObject
BitBlt

ole32

CoInitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

Sections

Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 178KB - Virtual size: 184KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 256B - Virtual size: 256B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

7c3763124f9e21ab559e65c053b0fed2

Headers

Imports

crypt32

oleaut32

winhttp

ntdll

shell32

ws2_32

secur32

netapi32

user32

iphlpapi

shlwapi

rpcrt4

advapi32

gdiplus

msvcrt

kernel32

gdi32

ole32

Sections

Size: 123KB - Virtual size: 123KB

Size: 24KB - Virtual size: 24KB

Size: 178KB - Virtual size: 184KB

Size: 6KB - Virtual size: 6KB

Size: 256B - Virtual size: 256B