2024-03-13_b36f7649b2f71805e6b6bb110cf834b8_icedid | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_b36f7649b2f71805e6b6bb110cf834b8_icedid
Size

404KB
MD5

b36f7649b2f71805e6b6bb110cf834b8
SHA1

4b976359757f6c0b810686070eaaea7d097b48e0
SHA256

667315c51ddcef40a5f4ea99eda1a028f4ce11178fc6d1671ca5b1ec7c81e360
SHA512

96af6ff2f49d918f3f347246cfc74e6fb781e03f00a8bf5eaea09d9d2b1417ca779cfb434b95e36c6cc8634a10fb4742876b6f187513bf39cf493b87ec4da57c
SSDEEP

12288:mplrVbDdQaqdS/AfraFErH8uB2Wm0lXdPr5FU:CxRo+Fucuvm0dd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_b36f7649b2f71805e6b6bb110cf834b8_icedid

Files

2024-03-13_b36f7649b2f71805e6b6bb110cf834b8_icedid
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?EngineProc@@YGJHIJ@Z
?process1@@YAHHHHPAD@Z
?process2@@YAHXZ
?process3@@YAHH@Z
?process5@@YAHH@Z

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE