2024-04-30_99c954f3e238904d1b7f5a3b940110ee_icedid_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-30_99c954f3e238904d1b7f5a3b940110ee_icedid_ramnit
Size

2.0MB
MD5

99c954f3e238904d1b7f5a3b940110ee
SHA1

2e2b8ed0c8d5ba9398aabfa87b901fa083d9b09a
SHA256

82b2712ef54e1a5e2d37170eb4088377d30ae1f62f9b9ddb5895daa798817503
SHA512

97738c73aebc9cc59dff4a833c67a13b5fc9049e56e9cbe578a5bfc7d5df45a0e46e92dab11eddbe76e115111e2d9b43132bfc42ceb5c9206f105e9073899d1d
SSDEEP

24576:Yelp+4MJQPAfHrKsWZOtlDdpdoXLpL2GuboHmZi35Q:Ysp+4MJVXiXwYmi3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-30_99c954f3e238904d1b7f5a3b940110ee_icedid_ramnit

Files

2024-04-30_99c954f3e238904d1b7f5a3b940110ee_icedid_ramnit
.exe windows:4 windows x86 arch:x86

2a316eb9e963a38c5e9ec3db34574760

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Azalia\770\HDAudioCPL(20091204) d\release\VDeck.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dsound

ord11
ord3
ord6
ord8

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInterfaceData

winmm

mixerGetDevCapsW
mixerClose
mixerGetNumDevs
mixerOpen
mmioOpenW
mmioDescend
mmioClose
mmioRead
mmioAscend
mixerGetLineInfoW

kernel32

InterlockedDecrement
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
GetCurrentProcessId
GlobalAddAtomW
GlobalFree
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
lstrlenA
lstrlenW
lstrcmpA
SetLastError
GlobalFlags
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
CreateFileA
GetLocaleInfoA
Sleep
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FindResourceW
LoadResource
SizeofResource
LockResource
CloseHandle
CreateMutexW
GetLastError
TerminateThread
CreateThread
LoadLibraryW
CreateEventW
SetEvent
WaitForSingleObject
GetCurrentProcess
SetPriorityClass
GetCommandLineW
FreeLibrary
SleepEx
GetModuleHandleW
GetSystemDefaultLangID
lstrcmpiW
GetVersionExW
MultiByteToWideChar
WritePrivateProfileStringW
WaitForMultipleObjects
GetProcAddress
InterlockedIncrement
TlsFree
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemInfo
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
CreateFileW
OutputDebugStringW
DeviceIoControl
SetCurrentDirectoryW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP

qsapoapi

ord12
ord9
ord4
ord7
ord3
ord6
ord8

msdmo

MoInitMediaType
MoFreeMediaType

dts2apoapi

?Dt2RetrieveSysFXState@@YGJPAUIMMDevice@@PAH@Z
?SetDts2DialogConfig@@YGJPAUIMMDevice@@U_DTSDialogConfig@@@Z
?SetDts2BassConfig@@YGJPAUIMMDevice@@U_DTSBassConfig@@@Z
?SetDTS2State@@YGJPAUIMMDevice@@U_DTSHeadpSpkConfig@@@Z
?RetrieveDTS2State@@YGJPAUIMMDevice@@PAU_DTSHeadpSpkConfig@@@Z
?RetrieveDts2DialogConfig@@YGJPAUIMMDevice@@PAU_DTSDialogConfig@@@Z
?RetrieveDts2BassConfig@@YGJPAUIMMDevice@@PAU_DTSBassConfig@@@Z
?UnRegisterDts2PropertyChangeNotify@@YGJPAX@Z
?Dts2SetSysFXState@@YGJPAUIMMDevice@@H@Z

user32

CharNextW
CharUpperW
WindowFromPoint
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CopyAcceleratorTableW
RegisterClipboardFormatW
PostThreadMessageW
IsRectEmpty
GetNextDlgGroupItem
UnregisterClassW
MessageBeep
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ReleaseCapture
SetCapture
PtInRect
GetParent
SetCursor
OffsetRect
ReleaseDC
GetDC
SetRect
InvalidateRect
UnregisterDeviceNotification
DrawIcon
PostMessageW
GetClientRect
LoadIconW
GetWindowRgn
CallNextHookEx
GetSystemMetrics
LoadBitmapW
RedrawWindow
GetWindowRect
IsIconic
ModifyMenuW
SetWindowsHookExW
GetSubMenu
KillTimer
LoadMenuW
LoadCursorW
PeekMessageW
EnumDisplaySettingsW
FindWindowW
UnregisterClassA
SendMessageW
MessageBoxW
SetWindowRgn
SetTimer
UnhookWindowsHookEx
InvalidateRgn
EnableWindow
GetCursorPos
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
DestroyMenu
GetMenuItemID
GetMenuItemCount
GetWindowThreadProcessId
GetLastActivePopup
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetMenuState
EnableMenuItem
SystemParametersInfoW
GetSysColorBrush
DrawTextW
MsgWaitForMultipleObjects
ChangeWindowMessageFilter
CheckMenuItem
CopyRect
DrawEdge
SetParent
FrameRect
GetWindowDC
GetSysColor

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetStockObject
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetClipBox
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetDIBits
GetDIBits
SetTextColor
SetBkColor
GetTextMetricsW
GetTextExtentPoint32W
PtInRegion
CreateSolidBrush
CreateFontIndirectW
CreateFontW
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
SetRectRgn
CreateCompatibleDC
OffsetRgn
GetObjectW
CreateRectRgn
GetRgnBox
BitBlt
DeleteObject
CombineRgn

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegQueryValueW
RegOpenKeyW
RegEnumKeyExW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
OleFlushClipboard
CoTaskMemFree
CoInitialize
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

LoadTypeLi
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysStringLen
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocString
VariantCopy
VariantChangeType

vmicapi

?GetVMicPropValueRootStr@@YGHPAX0K@Z
?GetInputDeviceList@@YGHPAUVMIC_INPUT_DEVICE_SET@@K@Z
?IsVMicReady@@YGHXZ
?RegisterVMicSettingChangeNotify@@YGHPAUHWND__@@K@Z
?UnRegisterVMicSettingChangeNotify@@YGHPAUHWND__@@@Z
?GetVMicSettings@@YGHPAUVMIC_SETTINGS@@KPAX@Z
?SetVMicSettings@@YGHPAUVMIC_SETTINGS@@K@Z

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 458KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 357KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a316eb9e963a38c5e9ec3db34574760

Headers

File Characteristics

PDB Paths

Imports

version

dsound

setupapi

winmm

kernel32

qsapoapi

msdmo

dts2apoapi

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

vmicapi

Sections

.text Size: 812KB - Virtual size: 812KB

.rdata Size: 363KB - Virtual size: 362KB

.data Size: 458KB - Virtual size: 481KB

.rsrc Size: 53KB - Virtual size: 52KB

.text Size: 357KB - Virtual size: 360KB

.text
Size: 812KB - Virtual size: 812KB

.rdata
Size: 363KB - Virtual size: 362KB

.data
Size: 458KB - Virtual size: 481KB

.rsrc
Size: 53KB - Virtual size: 52KB

.text
Size: 357KB - Virtual size: 360KB