2024-04-04_b19ea6b593cf2ce6ea04cf1dad9c0f5f_icedid_ramnit | Triage

Sharing

General

Target

2024-04-04_b19ea6b593cf2ce6ea04cf1dad9c0f5f_icedid_ramnit
Size

2.4MB
MD5

b19ea6b593cf2ce6ea04cf1dad9c0f5f
SHA1

3fab6499be93c9d3880376676c537341e7c21a5e
SHA256

098bb98481318c0872382d2de784c2dc201378cd47b9ee57919dd790458298ad
SHA512

fb3ff9930dcb447b27d31b5b879070d1683f8a6ea3dcd5c1f54c8989774039af9f9b636f8349e3763f648484e60b0ec32128823ceccf80667ffdb1601fed6946
SSDEEP

24576:9X/eO4qDtDC6jUoEAyjX/eO4qDAxqdaP+hH0F1tGrqnjlr6c0L:0O4kLPyKO4OUPM0FGOVl0L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-04_b19ea6b593cf2ce6ea04cf1dad9c0f5f_icedid_ramnit

Files

2024-04-04_b19ea6b593cf2ce6ea04cf1dad9c0f5f_icedid_ramnit
.exe windows:4 windows x86 arch:x86

7da8e63a2dd9bc86f69e3483be65cc73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
FindClose
LoadLibraryA
GetModuleHandleA
GetCommandLineA
GetStringTypeA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
MultiByteToWideChar
GetStringTypeW

user32

GetGUIThreadInfo
OpenIcon

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ