IcedID[.]zip | Triage

Resubmissions

03-04-2023 19:53

230403-ymdegaaf4s 1

03-04-2023 19:45

230403-ygc7hsgg86 1

03-04-2023 19:40

230403-ydzaksae8w 1

Sharing

Copy URL

Twitter E-mail

General

Target

IcedID.zip
Size

160KB
MD5

c961868dcc98e6da3ac177f855651f73
SHA1

5f1e8bfcd694e17b2b7d4d05b9e44bd498e32bdd
SHA256

d3bb4f3a0277dde7271f8f76e9aa80ea6d502cf5a29d9870d23dd2064c74a5e4
SHA512

5457d3436bf27fc93b450830b8cfbd2dfb29a057cc0ca0b8efe34821345f97261ad41ea653a63c11b99cd3eb50b291615c121ad414042083c2f4b35fcd91d793
SSDEEP

3072:2VhaLhdrZoqz0AynZ8udASNHt/+zy5X1OOlozcabRWjVYk3D3zw:2VkvvHsZ8SDGzuX1OOlRabRiM

Score

1^/10

Malware Config

Signatures

Files

IcedID.zip
.zip

Password: infected
2bfcc54113417a6fa37c20bcdd944d5955c13681f50a176f9b47a14206fd1744
.dll windows x64

Password: infected

04176b340a5c16b5775696c3d4857c6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

Exports

Exports

cIFFAccessTagMethods
cIFFCIELabToRGBInit
cIFFCIELabToXYZ
cIFFCheckTile
cIFFCheckpointDirectory
cIFFCleanup
cIFFClientOpen
cIFFClientdata
cIFFClose
cIFFComputeStrip
cIFFComputeTile
cIFFCreateCustomDirectory
cIFFCreateDirectory
cIFFCreateEXIFDirectory
cIFFCurrentDirOffset
cIFFCurrentDirectory
cIFFCurrentRow
cIFFCurrentStrip
cIFFCurrentTile
cIFFDataWidth
cIFFDefaultStripSize
cIFFDefaultTileSize
cIFFError
cIFFErrorExt
cIFFFdOpen
cIFFFieldDataType
cIFFFieldName
cIFFFieldPassCount
cIFFFieldReadCount
cIFFFieldTag
cIFFFieldWithName
cIFFFieldWithTag
cIFFFieldWriteCount
cIFFFileName
cIFFFileno
cIFFFindCODEC
cIFFFindField
cIFFFlush
cIFFFlushData
cIFFFreeDirectory
cIFFGetBitRevTable
cIFFGetClientInfo
cIFFGetCloseProc
cIFFGetConfiguredCODECs
cIFFGetField
cIFFGetFieldDefaulted
cIFFGetMapFileProc
cIFFGetMode
cIFFGetReadProc
cIFFGetSeekProc
cIFFGetSizeProc
cIFFGetTagListCount
cIFFGetTagListEntry
cIFFGetUnmapFileProc
cIFFGetVersion
cIFFGetWriteProc
cIFFIsBigEndian
cIFFIsByteSwapped
cIFFIsCODECConfigured
cIFFIsMSB2LSB
cIFFIsTiled
cIFFIsUpSampled
cIFFLastDirectory
cIFFMergeFieldInfo
cIFFNumberOfDirectories
cIFFNumberOfStrips
cIFFNumberOfTiles
cIFFOpen
cIFFOpenW
cIFFPrintDirectory
cIFFRGBAImageBegin
cIFFRGBAImageEnd
cIFFRGBAImageGet
cIFFRGBAImageOK
cIFFRasterScanlineSize
cIFFRasterScanlineSize64
cIFFRawStripSize
cIFFRawStripSize64
cIFFReadBufferSetup
cIFFReadCustomDirectory
cIFFReadDirectory
cIFFReadEXIFDirectory
cIFFReadEncodedStrip
cIFFReadEncodedTile
cIFFReadRGBAImage
cIFFReadRGBAImageOriented
cIFFReadRGBAStrip
cIFFReadRGBATile
cIFFReadRawStrip
cIFFReadRawTile
cIFFReadScanline
cIFFReadTile
cIFFRegisterCODEC
cIFFReverseBits
cIFFRewriteDirectory
cIFFScanlineSize
cIFFScanlineSize64
cIFFSetClientInfo
cIFFSetClientdata
cIFFSetCompressionScheme
cIFFSetDirectory
cIFFSetErrorHandler
cIFFSetErrorHandlerExt
cIFFSetField
cIFFSetFileName
cIFFSetFileno
cIFFSetMode
cIFFSetSubDirectory
cIFFSetTagExtender
cIFFSetWarningHandler
cIFFSetWarningHandlerExt
cIFFSetWriteOffset
cIFFSetupStrips
cIFFStripSize
cIFFStripSize64
cIFFSwabArrayOfDouble
cIFFSwabArrayOfFloat
cIFFSwabArrayOfLong
cIFFSwabArrayOfLong8
cIFFSwabArrayOfShort
cIFFSwabArrayOfTriples
cIFFSwabDouble
cIFFSwabFloat
cIFFSwabLong
cIFFSwabLong8
cIFFSwabShort
cIFFTileRowSize
cIFFTileRowSize64
cIFFTileSize
cIFFTileSize64
cIFFUnRegisterCODEC
cIFFUnlinkDirectory
cIFFUnsetField
cIFFVGetField
cIFFVGetFieldDefaulted
cIFFVSetField
cIFFVStripSize
cIFFVStripSize64
cIFFVTileSize
cIFFVTileSize64
cIFFWarning
cIFFWarningExt
cIFFWriteBufferSetup
cIFFWriteCheck
cIFFWriteCustomDirectory
cIFFWriteDirectory
cIFFWriteEncodedStrip
cIFFWriteEncodedTile
cIFFWriteRawStrip
cIFFWriteRawTile
cIFFWriteScanline
cIFFWriteTile
cIFFXYZToRGB
cIFFYCbCrToRGBInit
cIFFYCbCrtoRGB
cTIFFCheckMalloc
cTIFFCheckRealloc
cTIFFRewriteField
cTIFFfree
cTIFFmalloc
cTIFFmemcmp
cTIFFmemcpy
cTIFFmemset
init

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

04176b340a5c16b5775696c3d4857c6d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 217KB - Virtual size: 216KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 12KB - Virtual size: 13KB

.pdata Size: 12KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 24B

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 684B

.text
Size: 217KB - Virtual size: 216KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 12KB - Virtual size: 13KB

.pdata
Size: 12KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 24B

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 684B