85fe19e6176533bee8c8faf1394cc6c4_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

85fe19e6176533bee8c8faf1394cc6c4_icedid_JC.exe
Size

3.4MB
MD5

85fe19e6176533bee8c8faf1394cc6c4
SHA1

7112fb0f9a52e0998013f317181f52c1b7390124
SHA256

1dd7111c19103ee53379d0b775971ba3c689bf59541c79677c40c2ee34baa513
SHA512

68753ba67c48a081f87e3e258a5e684542c48afad1c6d0a91b57ebd318e39c079d955ad92b640d3dd3230d41e94acfb38be5f7a7377a30dc546e860cec1c1713
SSDEEP

49152:Tfebh7eOKFEzTIp9mAb9SPf1bAYaXa2Cu7AsZjaHJu:TQGEEb9U9AYaXfCu7AxHJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85fe19e6176533bee8c8faf1394cc6c4_icedid_JC.exe

Files

85fe19e6176533bee8c8faf1394cc6c4_icedid_JC.exe
.exe windows x86

a41a8fc5d166cf2ed10785e9881e8fd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GetProcAddress
GetModuleHandleW
GetCurrentProcess
Sleep
FlushFileBuffers
GetCurrentProcessId
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
RaiseException
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSize
HeapAlloc
HeapFree
WaitForSingleObject
DeleteFileW
WriteFile
CreateFileA
GetCurrentThreadId
SetFilePointer
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetTickCount
CreateDirectoryW
GetTempFileNameW
LoadLibraryA
GetTempPathW
CreateFileW
SetLastError
FormatMessageW
CloseHandle
RemoveDirectoryW
GetLastError
SetCurrentDirectoryW
RtlUnwind
GetCurrentDirectoryW

user32

SetWindowTextW
DispatchMessageW
IsDialogMessageW
GetMessageW
ShowWindow
CreateDialogParamW
SetDlgItemTextW
TranslateMessage
SendMessageW
GetDlgItem
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
IsWindowVisible
MessageBoxW
LoadStringW
WaitForInputIdle
DestroyWindow
PostMessageW
SetFocus
GetDlgItemTextW
SetCursor
LoadCursorW
UpdateWindow

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

shlwapi

PathFileExistsW

Sections

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a41a8fc5d166cf2ed10785e9881e8fd9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

shlwapi

Sections

.text Size: 90KB - Virtual size: 92KB

.rdata Size: 29KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 26KB - Virtual size: 28KB

.mdata Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 90KB - Virtual size: 92KB

.rdata
Size: 29KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 26KB - Virtual size: 28KB

.mdata
Size: 3.3MB - Virtual size: 3.3MB