icedid | 7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a[.]dll | Triage

Sharing

General

Target

7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a.dll
Size

24KB
MD5

2671d6be0ffbd9a25416ae575502a529
SHA1

f1afc35e9c22c348116037d24949099cc55397f9
SHA256

7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a
SHA512

07e0a8f163874224d6981614e06970e8eb8b453952ae07ef118c222c1f96b844c934d51eef3058377a331b2f3a9658c11d28885b5c146c391c793b12638b1417
SSDEEP

192:Ho7irdwgJUdvrVmUh0KTb+NWkugbcl2YPg:HoA9sh0LNUf2YP

Score

10^/10

loader icedid

Malware Config

Extracted

Family

icedid

Signatures

IcedID Second Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidSecondLoader
Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a.dll

Files

7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c29800d2953bf84237661551eac60318

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winhttp

WinHttpReadData
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetOption
WinHttpQueryDataAvailable

advapi32

GetUserNameA

user32

wsprintfA

kernel32

CreateFileA
HeapReAlloc
MultiByteToWideChar
ExitProcess
CreateThread
HeapAlloc
Sleep
VirtualAlloc
VirtualProtect
GetModuleFileNameA
CreateDirectoryA
lstrcpyA
CloseHandle
lstrcatA
lstrlenA
HeapFree
GetProcessHeap
ReadFile
WriteFile
GetFileSize

shell32

SHGetFolderPathA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ