ec8eaaffc8334aefa842f6ccdbcfdcd8_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ec8eaaffc8334aefa842f6ccdbcfdcd8_icedid_JC.exe
Size

1.2MB
MD5

ec8eaaffc8334aefa842f6ccdbcfdcd8
SHA1

34dfc3ad1cba0f550be916fbd806d06ab32131f4
SHA256

5a69b88c0ef57df04bcc487f5649309ec26c7a59ce24124a02876af6860cb824
SHA512

5d438132d720752defa9fb8d8999fd5aeb6eea3ae58a2c616a8f630eb3f09949047d3835040d89f00e9e8fed48f61ac5ac52e8413eec09b9142c2afdfe0038d9
SSDEEP

24576:VXtt3ZvP0EK75Njj5OUS4L0HfZjS0HLb:ZCZ1Zj5OUS4LMdXHLb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec8eaaffc8334aefa842f6ccdbcfdcd8_icedid_JC.exe

Files

ec8eaaffc8334aefa842f6ccdbcfdcd8_icedid_JC.exe
.exe windows x86

0632b58da4d4b27272fb0204696b409c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
OpenProcess
GetCurrentDirectoryA
CreateProcessA
GetShortPathNameA
TerminateProcess
FreeLibrary
ReadProcessMemory
LoadLibraryA
SetCurrentDirectoryA
GetCurrentProcessId
lstrcatA
lstrcpyA
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
GetFileTime
SetFileTime
WaitForSingleObject
Sleep
GetLastError
DeleteFileA
GetFileSize
CloseHandle
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetStartupInfoA
ConnectNamedPipe
DisconnectNamedPipe
TerminateThread
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrlenA
lstrcpynA
CreateThread
CreateNamedPipeA
lstrlenW

user32

PostMessageA
EndDialog
BeginPaint
EndPaint
KillTimer
PostQuitMessage
DestroyWindow
DefWindowProcA
DialogBoxParamA
SetTimer
CreateWindowExA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
FindWindowA
RegisterWindowMessageA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetForegroundWindow
SetForegroundWindow
MessageBoxA
IsWindowVisible
IsWindowEnabled
EnumWindows
ShowWindow
EnableWindow
GetWindowThreadProcessId
wsprintfA

shell32

ShellExecuteA

msvcrt

memmove
strstr
_mbsnbcpy
_strdup
_mbsinc
time
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strtoul
strchr
_beginthread
_splitpath
_makepath
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
malloc
realloc
free
strncmp

mfc42

ord1200

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegQueryValueExA

ole32

CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0632b58da4d4b27272fb0204696b409c

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

mfc42

version

advapi32

ole32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 242KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 242KB

.rsrc
Size: 4KB - Virtual size: 3KB