2024-03-08_d983f27c90f72e240643cb8b2ec0c896_icedid | Triage

Sharing

General

Target

2024-03-08_d983f27c90f72e240643cb8b2ec0c896_icedid
Size

756KB
MD5

d983f27c90f72e240643cb8b2ec0c896
SHA1

c6fc9a212c6ed19bd1c6164581a40cf50f53370a
SHA256

e6faf5075834cd465ea3ac490581af3f4a64592b861847ecbbe106d07bad7e79
SHA512

4cc8402d86437bce554ac4175d17587aee713f00d6f1d11e5f1a5d3c45471dd83979f96ff7a1dcf45b02ff7bb9a2db3d76ecc9d780036c7d9e1740eab5d25222
SSDEEP

12288:w9Sn4JjLCaGVTqPVr9rB8qWPEivO9kAYuAYH:w9Sn2Lf8qWPRW9b

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-08_d983f27c90f72e240643cb8b2ec0c896_icedid

Files

2024-03-08_d983f27c90f72e240643cb8b2ec0c896_icedid
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\OneDrive\Work\POSHMARK\Poshmark tools Monthlies\27_february_2021_kinsta\Poshmarktools\WindowsFormsApplication1\obj\Debug\Poshmark_tools.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 710KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ