icedid | f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13

General

Target

f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13
Size

24KB
MD5

1cd4217604139e1a874ddfb8216c2adf
SHA1

8749006e14481dee76767da58f0347fc1a9e1eea
SHA256

f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13
SHA512

7a3b96f2bd1711e13f03c755235b7226decf583c5a4be155f0d05292015fa0b1a71ccff031dd29e47dad8d3391f3ae67e00e6ea9f8fe40b22d496e2cdd84ccde
SSDEEP

192:iSpTHu+xRv0dZyD79CJhcD9I+2WhhkTfuzWr5U2ko9c:ZTACDH2mhAfPC2D9c

Score

10^/10

loader icedid icedid

Malware Config

Extracted

Family

icedid

Signatures

IcedID First Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidFirstLoader
Icedid family
icedid

resource	yara_rule
sample	IcedidFirstLoader

Unpacked IcedID was Detected 1 IoCs

This rule detects samples from the IcedID family unpacked in memory, identifying code reuse of key functions.

icedid

Processes:

resource	yara_rule
sample	Icedid_Unpacked_in_Memory

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13

Files

f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13
.dll windows:5 windows x86 arch:x86

f80c63d7ae09be74c0c57947fba53025

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winhttp

WinHttpAddRequestHeaders
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpConnect
WinHttpQueryDataAvailable

shell32

SHGetFolderPathA

shlwapi

StrStrIA
StrToIntA
StrChrA

user32

wsprintfW
MessageBoxA
wsprintfA

kernel32

GetModuleFileNameA
HeapFree
lstrcatA
GetTickCount
SwitchToThread
GetLastError
GetTickCount64
GetComputerNameExW
HeapReAlloc
lstrlenA
GetFileSize
HeapAlloc
CloseHandle
CreateFileA
WriteFile
ReadFile
GetProcessHeap
GetProcAddress
LoadLibraryA
GetTempPathA
Sleep
GetCommandLineA
WaitForSingleObject

advapi32

GetUserNameW
LookupAccountNameW

msvcrt

memset

Exports

Exports

FemaleCaution
HurtCommon32
InformFork32
RelyRidgeStock
SaltFantasy32
ShowDialogA
ViolinAlmost32
WorthMonitorImpulse32

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f80c63d7ae09be74c0c57947fba53025

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

shell32

shlwapi

user32

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

bss Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

bss
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB