NEAS[.]2023-09-28_bdbd45ff3baa11327d3cab34fd2956c2_icedid[.]exe

General

Target

NEAS.2023-09-28_bdbd45ff3baa11327d3cab34fd2956c2_icedid.exe
Size

4.3MB
MD5

bdbd45ff3baa11327d3cab34fd2956c2
SHA1

560edbee7d23a2881608799a443335ae384744a1
SHA256

07a86ab3d78ff6b15d8b490b9109e15256be7e87a4691cdeadae2718d7511a64
SHA512

b3aa14aff08f77b22817c7e607b11c4bb860333989118f4035eb34caa60a31e72a5d10fc874604b7e9e7825c868998fef358bf16830682f9f8b66bf1a844a78f
SSDEEP

98304:Wm5Q/EQNUiOLasq6Mw4gkrgrnZga/dHu0fhvnvFGEn7pp:WYQBUiOLqN0Fg90VNGW7pp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-28_bdbd45ff3baa11327d3cab34fd2956c2_icedid.exe

Files

NEAS.2023-09-28_bdbd45ff3baa11327d3cab34fd2956c2_icedid.exe
.exe windows:4 windows x86

c1f09e9d01f44568b1b00e4c2065f9d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetFileAttributesA
CloseHandle
SetFileTime
CreateFileA
CreateDirectoryA
LockResource
LoadResource
SizeofResource
FindResourceA
DeleteFileA
CreateProcessA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
WideCharToMultiByte
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WriteFile
FlushFileBuffers
GetFileAttributesA
SetFilePointer
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
SetStdHandle
GetExitCodeProcess
WaitForSingleObject
ReadFile
GetACP
GetOEMCP
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1f09e9d01f44568b1b00e4c2065f9d2

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB