b67dfcd07742cba19487a03a6e8bd3cf_hacktools_icedid_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b67dfcd07742cba19487a03a6e8bd3cf_hacktools_icedid_JC.exe
Size

25.9MB
MD5

b67dfcd07742cba19487a03a6e8bd3cf
SHA1

2cca24d3382d0685485df6bde4635b4e945be5cc
SHA256

9ff4092834b71a26e02f939017e0e6bfdd49d51fe5a393d10ec90152dc8d41d4
SHA512

eb2741d51295d325fd040d3f40e91d47ce3c2d32405bb24233c8448a6f0ba784d413a184c3372dcb2385dcf81bded5c73551b8157b8229b9cd0f5721647c3716
SSDEEP

393216:ERjyu0E/t01igdgTlvwzXhIwUNXanMERCEZ:uGes8lvahIbNmMEXZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b67dfcd07742cba19487a03a6e8bd3cf_hacktools_icedid_JC.exe

Files

b67dfcd07742cba19487a03a6e8bd3cf_hacktools_icedid_JC.exe
.exe windows x86

f71740f4179c919a89f65b1c8083274d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
ExitProcess
CreateFileA
GetCurrentProcess
CloseHandle

user32

CharLowerBuffA
CloseWindow
wsprintfA
SetWindowLongA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegSetValueA

ole32

CoRegisterClassObject
CoMarshalInterface
CoInitializeEx

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 959KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.adata
Size: 68KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE