icedid | f40d5de29f60ca2317e834e576151201847d645ceeb9fbdb7e092a6dbf7ef635[.]exe | Triage

Sharing

Reason

config extraction: CfgExtr crashed: 'IcedidFirstLoader' runtime error: slice bounds out of range [256:0]

General

Target

f40d5de29f60ca2317e834e576151201847d645ceeb9fbdb7e092a6dbf7ef635.exe
Size

10KB
MD5

ed8b31f189b814ff688e2f9de987d180
SHA1

9737a2cbe4440344bbf2d6df27483c4928b74c5c
SHA256

f40d5de29f60ca2317e834e576151201847d645ceeb9fbdb7e092a6dbf7ef635
SHA512

a36f73b1a982bbd6f1520ea563319ad4e03c7c57174178a32148c3671769477107b921430df96d1065bb550d3fd32b1571a5b67aa8a6718625c8057e43b5db0c
SSDEEP

192:5piF7hWH0iI8jKWE2uNB+PEwtDtfSEdSrRJCfbpfSbxNPDt:KNh8q8joRmPEi5SV6sbxNP

Score

10^/10

loader icedid

Malware Config

Signatures

IcedID First Stage Loader 1 IoCs
loader

Processes:

resource yara_rule

sample IcedidFirstLoader
Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f40d5de29f60ca2317e834e576151201847d645ceeb9fbdb7e092a6dbf7ef635.exe

Files

f40d5de29f60ca2317e834e576151201847d645ceeb9fbdb7e092a6dbf7ef635.exe
.exe windows:5 windows x86 arch:x86

5a8049d632f4eb2fc4735faed7b61978

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
LookupAccountNameW

shlwapi

StrToIntA
StrStrIA
StrChrA

kernel32

GetComputerNameExA
SwitchToThread
GetLastError
GetTickCount64
GetComputerNameExW
HeapReAlloc
GetModuleFileNameA
HeapFree
WaitForSingleObject
GetCommandLineA
Sleep
GetTempPathA
LoadLibraryA
GetProcAddress
ExitProcess
GetProcessHeap
GetTickCount
ReadFile
WriteFile
CreateFileA
CloseHandle
HeapAlloc
GetFileSize
lstrlenA

user32

wsprintfW
wsprintfA

winhttp

WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetStatusCallback

msvcrt

memset

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ