blackmoon | ea176d0a6a76fd934b14845cefc9d414_icedid_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ea176d0a6a76fd934b14845cefc9d414_icedid_JC.exe
Size

3.4MB
MD5

ea176d0a6a76fd934b14845cefc9d414
SHA1

6124e3401fd4209980eb4d261f2a4c5f330a8bcd
SHA256

0e2aa1d15d308f6fc39b74f7310183c33333740caf86f7b61d6a72522553599f
SHA512

da43b6b37abcfd0d60d168e20896411228418e81d6aa8de0224c8c776f87dc0bb6329cb8428890764b462c453d12e55596c0f0ae3fddb3149ec99277cc55e8d1
SSDEEP

49152:zILcd+s8KuqGaX0ToIBAUZLYxHHFd3ZiVLwiq39Un:fWJBAUZLmHTyo2

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea176d0a6a76fd934b14845cefc9d414_icedid_JC.exe

Files

ea176d0a6a76fd934b14845cefc9d414_icedid_JC.exe
.exe windows x86

ba67fa8c795eba64b21b5aea2b94d4a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
FlushFileBuffers
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
OpenFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrlenA
GetTickCount
FreeLibrary
GetCommandLineA
GetVersionExA
CreateFileA
WriteFile
DeleteFileA
LCMapStringA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
VirtualFreeEx
VirtualAllocEx
SetProcessWorkingSetSize
GetCurrentProcess
GetProcAddress
LoadLibraryA
OpenProcess
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
RtlMoveMemory
MapViewOfFile
SetFilePointer

shlwapi

PathFileExistsA

ws2_32

WSAStartup

user32

SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
SetWindowLongA
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetActiveWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
CallWindowProcA
MessageBoxTimeoutA
MessageBoxA
GetClassNameA
GetWindowTextA
IsWindowVisible
GetDlgItem
SetForegroundWindow
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
GetClipBox
SetBkColor
SelectObject
RestoreDC
SaveDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetStockObject
DeleteDC
DeleteObject
GetDeviceCaps
CreateBitmap

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba67fa8c795eba64b21b5aea2b94d4a0

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

winspool.drv

shell32

comctl32

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 3.3MB - Virtual size: 3.4MB

.rsrc Size: 4KB - Virtual size: 612B

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 3.3MB - Virtual size: 3.4MB

.rsrc
Size: 4KB - Virtual size: 612B