2024-03-12_38dbe3cfb507c88341ce22ffa7e3f049_icedid_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-12_38dbe3cfb507c88341ce22ffa7e3f049_icedid_ramnit
Size

377KB
MD5

38dbe3cfb507c88341ce22ffa7e3f049
SHA1

cb20d4ac51a8c213b393bf4074c368813b928c86
SHA256

03088dd355f192a2ff3bdd5992f1b211b7804bc281a6091d96fd68d2723607b9
SHA512

6ed00c39dffc89b0b64c40ccfb56049b339ce3d49dd53333a9c670e975dee2fa79f77848e7967ea114a07423e8561f4659e821527904b22002af827841832684
SSDEEP

6144:2OlYdALZtjjqecMkHz5OlgvYQ4yWIENLvM64t:2Ejjq/Mk9OlFIENLI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-12_38dbe3cfb507c88341ce22ffa7e3f049_icedid_ramnit

Files

2024-03-12_38dbe3cfb507c88341ce22ffa7e3f049_icedid_ramnit
.exe windows:5 windows x86 arch:x86

4caf3b0c4cf701533baebf0d766b1d5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
SetCursor
PtInRect
InflateRect
UnregisterClassA
GetSysColorBrush
GetMenuItemInfoA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
GetWindowRect
GetDC
ReleaseDC
InvalidateRect
RedrawWindow
SetCapture
GetParent
ReleaseCapture
IsWindow
GetSysColor
MessageBeep
CopyIcon
LoadCursorA
SetWindowLongA
SetTimer
SendInput
GetAsyncKeyState
FindWindowA
RegisterWindowMessageA
SystemParametersInfoA
GetMenuItemID
GetSubMenu
LoadMenuA
PostMessageA
KillTimer
SetActiveWindow
SetForegroundWindow
SetMenuDefaultItem
TrackPopupMenu
GetCursorPos
ModifyMenuA
GetClassNameA
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
ShowOwnedPopups
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
UnhookWindowsHookEx
GetWindow
GetWindowPlacement
IntersectRect
OffsetRect
SetWindowPos
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
CopyRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemCount
UpdateWindow
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
ShowWindow
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
WindowFromPoint
TranslateAcceleratorA

kernel32

GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
CreateFileA
GetCPInfo
GetOEMCP
GetModuleHandleW
SetErrorMode
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
Sleep
ExitProcess
RaiseException
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
WritePrivateProfileStringA
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
lstrlenA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
MultiByteToWideChar
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetProcAddress
GetVersion
GetVersionExA
SetThreadExecutionState
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary

gdi32

CreateCompatibleBitmap
CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

DragQueryFileA
DragFinish
Shell_NotifyIconA
ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4caf3b0c4cf701533baebf0d766b1d5f

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 9KB - Virtual size: 23KB

.rsrc Size: 49KB - Virtual size: 48KB

.rmnet Size: 96KB - Virtual size: 96KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 9KB - Virtual size: 23KB

.rsrc
Size: 49KB - Virtual size: 48KB

.rmnet
Size: 96KB - Virtual size: 96KB