icedid | icedid_first[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

icedid_first.dll
Size

16KB
MD5

c1dd6f3d2c3ee21ebb4d3e93b74cab74
SHA1

2fc6f0c1003d03f3fe8cab1a4c617e9bbb0eb18c
SHA256

9ff5c9ce0d1536ce8b043b10758453e3349a82cc31195ca57250a272e65b4da4
SHA512

799b3a71badf2eea132ab362c97df93273c65fc536b498702387c158826358939b88b340f4fda536272ce547d7cfba8a9bc8d964b99b86594c63d539377ee9c9
SSDEEP

192:4prWb8lpaJmJVM1z506jA3VHp7YBFT/gssU3mg28IFUlH:Qrhl0JYK1z506jWlYVND3MFqH

Score

10^/10

loader 380132461 icedid

Malware Config

Extracted

Family

icedid

Campaign

380132461

revedanstvy.bid

Signatures

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
icedid_first.dll

Files

icedid_first.dll
.dll regsvr32 windows x64

Password: infected

0f24f65b67a09b3f0ada8560d4be1247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winhttp

WinHttpSendRequest
WinHttpQueryOption
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpSetStatusCallback

shell32

SHGetFolderPathA

kernel32

HeapFree
GetComputerNameExA
VirtualProtect
VirtualAlloc
lstrcatA
lstrcpyA
GetTempPathA
CreateDirectoryA
LoadLibraryA
GetProcAddress
GetComputerNameExW
GetTickCount64
Sleep
ExitProcess
CreateThread
CreateFileA
WriteFile
CloseHandle
HeapAlloc
HeapReAlloc
SwitchToThread
GetProcessHeap
GetLastError

advapi32

GetUserNameA
LookupAccountNameW

user32

wsprintfW
wsprintfA

msvcrt

memset

Exports

Exports

DllGetClassObject
DllRegisterServer
PluginInit

Sections

.c
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

0f24f65b67a09b3f0ada8560d4be1247

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

shell32

kernel32

advapi32

user32

msvcrt

Exports

Exports

Sections

.c Size: 7KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 8B

.pdata Size: 512B - Virtual size: 432B

.r Size: 512B - Virtual size: 434B

.d Size: 512B - Virtual size: 128B

.c
Size: 7KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 8B

.pdata
Size: 512B - Virtual size: 432B

.r
Size: 512B - Virtual size: 434B

.d
Size: 512B - Virtual size: 128B