NEAS[.]2023-09-25_9ac0452196891bf5be16fdc458275dee_icedid_ramnit_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-25_9ac0452196891bf5be16fdc458275dee_icedid_ramnit_JC.exe
Size

3.6MB
MD5

9ac0452196891bf5be16fdc458275dee
SHA1

9287bc4349e32646ada6d5ad8bbe7ca61da9fe84
SHA256

9d39b8365c97686c3caecc34e938235d611411455eba49cb4519fd77e7d52c06
SHA512

ead55060817ebc292da42f9f12f217711bda993a359654a002f7f51969d0eb291be14e2f40893bbd0d6c44ea72619018a48ef8a74a89c9bc95477887f3cb5ca3
SSDEEP

49152:2UTTtMKkIOLVKQCNdPJTRwJgIKr8VRSPkbJXu4J+:RtMWOBfCdPpRmgIKr8VRSPkbR1I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-25_9ac0452196891bf5be16fdc458275dee_icedid_ramnit_JC.exe

Files

NEAS.2023-09-25_9ac0452196891bf5be16fdc458275dee_icedid_ramnit_JC.exe
.exe windows:4 windows x86

6231d6f47b20d5b7993b4df99f9ae014

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW

winmm

waveOutClose
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutOpen
waveOutGetDevCapsW
mixerGetDevCapsW
mixerOpen
mixerGetNumDevs
mixerClose
mixerGetLineControlsW
mixerGetLineInfoW
mixerGetControlDetailsW
mixerSetControlDetails

rpcrt4

UuidFromStringW

kernel32

HeapFree
GetSystemTimeAsFileTime
TerminateProcess
RtlUnwind
RaiseException
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
IsBadWritePtr
LCMapStringA
SetUnhandledExceptionFilter
IsValidLocale
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetDriveTypeA
GetStringTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
GetOEMCP
SetEnvironmentVariableA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
GetCurrentProcessId
FindResourceA
GlobalAddAtomA
GetProfileStringA
FindClose
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
WaitForSingleObject
ReadFile
SetLastError
ExitProcess
ResumeThread
SuspendThread
CreateThread
GetTickCount
LocalFree
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetCurrentDirectoryA
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
SetErrorMode
UnlockFile
LockFile
DuplicateHandle
GlobalSize
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
TlsAlloc
GetProcessVersion
GlobalFlags
DeviceIoControl
CloseHandle
GetLastError
LockResource
SizeofResource
LoadResource
GetACP
lstrcmpiA
GetCurrentThread
lstrcmpA
GetModuleHandleA
GlobalDeleteAtom
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetSystemDefaultLangID
SetThreadExecutionState
CreateEventA
GetOverlappedResult
SetFilePointer
MapViewOfFile
UnmapViewOfFile
GetThreadPriority
ExitThread
GetExitCodeProcess
SetEndOfFile
GetCurrentProcess
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetThreadPriority
GetFileTime
GlobalHandle
GetVersion
GetCurrentThreadId
GetSystemTime
DefineDosDeviceW
GetLogicalDrives
GlobalAlloc
SetFileTime
ResetEvent
GetFileSize
WriteFile
FlushFileBuffers
FreeLibrary

user32

GetDCEx
ValidateRect
ShowOwnedPopups
PostQuitMessage
MapDialogRect
GetAsyncKeyState
SetParent
IsRectEmpty
DestroyCursor
SetCursorPos
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
DestroyMenu
SetRectEmpty
TranslateMessage
EndPaint
BeginPaint
IsDlgButtonChecked
CheckRadioButton
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
ScrollWindow
GetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetMenu
TrackPopupMenu
GetMessageTime
GetForegroundWindow
GetWindow
GetLastActivePopup
GetMenuCheckMarkDimensions
GetMenuState
EnableMenuItem
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
DestroyWindow
IsWindowEnabled
MessageBoxA
CheckMenuItem
DrawEdge
CreateIconIndirect
ShowWindow
SetFocus
IsWindow
GetWindowPlacement
MoveWindow
GetDlgItem
GetSysColorBrush
FrameRect
DrawFocusRect
InvalidateRgn
CreatePopupMenu
CheckMenuRadioItem
SetMenuDefaultItem
SetMenuItemBitmaps
GetCursorPos
MessageBeep
IsWindowVisible
DrawIcon
EnumChildWindows
EqualRect
BeginDeferWindowPos
GetWindowTextLengthA
HideCaret
EndDeferWindowPos
GetCursor
IsChild
GetSystemMetrics
SetRect
DrawFrameControl
IsIconic
FillRect
SetMenu
GetCapture
ReleaseCapture
SetCapture
GetMessagePos
InflateRect
IsZoomed
GetIconInfo
DestroyIcon
ClientToScreen
SetCursor
RemoveMenu
GetMenuItemID
GetDC
PtInRect
GetWindowDC
ReleaseDC
GetMenuItemCount
ScreenToClient
WindowFromPoint
UpdateWindow
GetDesktopWindow
IntersectRect
TrackPopupMenuEx
UnhookWindowsHookEx
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
SetWindowsHookExA
SendMessageA
GetClassNameA
KillTimer
SetTimer
InvalidateRect
ShowScrollBar
LockWindowUpdate
GetParent
SetForegroundWindow
GetWindowRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
BroadcastSystemMessage
GetCaretPos
GetClientRect
GetSysColor
OffsetRect
CopyRect
GetFocus
GetKeyState
GetSubMenu
RedrawWindow
SetWindowPos
GetDlgCtrlID
CallNextHookEx
SetScrollInfo

gdi32

GetBkColor
CreateRectRgn
PtVisible
RectVisible
Escape
StretchBlt
GetDeviceCaps
SetDIBits
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
SetBkColor
CreatePatternBrush
StretchDIBits
SetRectRgn
CombineRgn
DPtoLP
LPtoDP
SetTextColor
Ellipse
PatBlt
GetStockObject
MoveToEx
LineTo
DeleteDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetDIBits
GetTextColor
CreatePen
DeleteObject
Rectangle
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
BitBlt
GetPixel
SetPixel
SetStretchBltMode
ExtTextOutA
GetTextExtentPointA
CreateBitmap
CreateDIBitmap
SelectObject

winspool.drv

ClosePrinter

advapi32

RegCloseKey
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
GetTokenInformation

shell32

SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
DragAcceptFiles
DragFinish

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Add
ImageList_AddMasked
ord17
PropertySheetW
DestroyPropertySheetPage
_TrackMouseEvent
CreatePropertySheetPageW

ole32

CoLockObjectExternal
RevokeDragDrop
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
OleDuplicateData
CoTaskMemAlloc
RegisterDragDrop
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleSetClipboard
DoDragDrop
OleGetClipboard
CoTaskMemFree
PropVariantClear
CoCreateGuid
CoCreateInstance
CoUninitialize
ReleaseStgMedium
CoInitialize
OleIsCurrentClipboard

wininet

InternetConnectW
InternetOpenW
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
InternetReadFile
InternetAttemptConnect

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6231d6f47b20d5b7993b4df99f9ae014

Headers

File Characteristics

Imports

shlwapi

winmm

rpcrt4

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

wininet

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 504KB - Virtual size: 1.4MB

.rsrc Size: 376KB - Virtual size: 372KB

.text Size: 232KB - Virtual size: 232KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 504KB - Virtual size: 1.4MB

.rsrc
Size: 376KB - Virtual size: 372KB

.text
Size: 232KB - Virtual size: 232KB