2024-01-28_546a852ab48f72719c335324c2c45b02_icedid_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_546a852ab48f72719c335324c2c45b02_icedid_ramnit
Size

2.4MB
MD5

546a852ab48f72719c335324c2c45b02
SHA1

97621ad6011f44a2a59d68e94ded2a3d8b0cb647
SHA256

3cc588752a1337090743c6bd720bfae67c4b3a26c1b5108352c7e57dfa6f434c
SHA512

4c699c88be67f1f99f8e77344d108e5c466058ed18abf47950ea26b8b9e197c88ccebcb8d02f3cfa6a0eada4e97f024a04044c0692e59708c1ecfe179e481d79
SSDEEP

49152:tH2BHlLfYcpvmE0SukeNfiAD03yy/cP7jjwV/YnDnHW/I8E6qp1aLcDRu:tAFLYcv0vfD03yy/cP/FnHW/I8EVaLuY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_546a852ab48f72719c335324c2c45b02_icedid_ramnit

Files

2024-01-28_546a852ab48f72719c335324c2c45b02_icedid_ramnit
.exe windows:4 windows x86 arch:x86

0f3a6fc847e94ff8dc4fa05ad68da0ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluOrtho2D

opengl32

wglGetProcAddress
wglGetCurrentDC
wglDeleteContext
wglMakeCurrent
wglGetCurrentContext
wglShareLists
wglCreateContext
glReadBuffer
glDrawBuffer
glEnd
glVertex2i
glTexCoord2f
glColor3ub
glBegin
glEnable
glAlphaFunc
glViewport
glLoadIdentity
glMatrixMode
glCopyTexSubImage2D
glBindTexture
glTexParameteri
glDisable
glRecti
glTexSubImage2D
glTexCoord2d
glGetTexImage
glBlendFunc
glTexImage2D
glGenTextures
glDeleteTextures
glGetString

ddraw

DirectDrawCreate

winmm

timeGetTime

kernel32

GlobalFlags
GetCPInfo
GetOEMCP
MoveFileA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
CreateFileA
GetFileAttributesA
WritePrivateProfileStringA
SetErrorMode
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
TlsFree
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
CreateThread
CreateDirectoryA
ExitProcess
TerminateProcess
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
lstrcmpiA
lstrlenA
RaiseException
CloseHandle
GetCurrentThread
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
InterlockedDecrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
FormatMessageA
lstrcpynA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalMemoryStatus
GetModuleHandleA
GetSystemInfo
GlobalAlloc
GlobalSize
CompareStringA
GlobalLock
GlobalUnlock
SetLastError
FreeLibrary
OutputDebugStringA
LoadLibraryA
GetProcAddress
CreateMutexA
GetCurrentDirectoryA
Sleep
CompareStringW

user32

GetWindowDC
InflateRect
GetMenuItemInfoA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
AdjustWindowRectEx
DeferWindowPos
RegisterClassA
UnregisterClassA
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
UnhookWindowsHookEx
RegisterWindowMessageA
wsprintfA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetClassNameA
GetSysColor
SetWindowPos
WinHelpA
SetFocus
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetMessageA
GetDlgCtrlID
GetMenu
GetClassInfoA
PeekMessageA
GetCapture
LoadAcceleratorsA
SetActiveWindow
GrayStringA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
EnableWindow
TranslateAcceleratorA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
ReleaseDC
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetRect
GetDC
MessageBoxA
LoadIconA
SendMessageA
UpdateWindow
GetKeyboardLayout
MapVirtualKeyExA
ReleaseCapture
GetCursorPos
PtInRect
SetCursor
DestroyCursor
GetSystemMetrics
LoadCursorA
SetCapture
KillTimer
SetTimer
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
IsZoomed
IsIconic
PostMessageA
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MoveWindow
SetWindowTextA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
IsWindowVisible
GetSysColorBrush
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetKeyState
GetParent

gdi32

RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
DeleteObject
CreateBitmap
SetBkMode
SetMapMode
BitBlt
GetPixel
GetClipBox
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SwapBuffers
SetPixelFormat
ChoosePixelFormat
PtVisible
DescribePixelFormat

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

inet_addr
bind
WSASetLastError
connect
sendto
htons
WSAAsyncSelect
htonl
gethostbyname
select
socket
recv
WSACancelAsyncRequest
inet_ntoa
WSAAsyncGetHostByName
shutdown
WSAGetLastError
accept
closesocket
WSACleanup
WSAStartup
recvfrom
send

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f3a6fc847e94ff8dc4fa05ad68da0ea

Headers

File Characteristics

Imports

glu32

opengl32

ddraw

winmm

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 516KB - Virtual size: 512KB

.data Size: 20KB - Virtual size: 1.7MB

.rsrc Size: 80KB - Virtual size: 76KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 516KB - Virtual size: 512KB

.data
Size: 20KB - Virtual size: 1.7MB

.rsrc
Size: 80KB - Virtual size: 76KB

.rmnet
Size: 60KB - Virtual size: 60KB