2024-05-16_d8adca4e5fa430fcba55aa7ac71162b1_icedid_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-16_d8adca4e5fa430fcba55aa7ac71162b1_icedid_ramnit
Size

6.7MB
MD5

d8adca4e5fa430fcba55aa7ac71162b1
SHA1

f178449013dc7de8eadba1d84c45e4fa16e7970a
SHA256

d469c44f7f296752001e6913f30a1d4f0a1fa9187177dae0fe73849e865f5267
SHA512

23502b719ae91bdff2709d1ec6da9a1678436dbf2e8bbad6583280ec046a98204e5383d778942a45d6624f8e825119e82844fa8cc91d4dd142827e853e250709
SSDEEP

196608:k3jnDof0EGWJ6l3yWu8f3ojD390brVwpg:Ajtl3ywfKDzg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-16_d8adca4e5fa430fcba55aa7ac71162b1_icedid_ramnit

Files

2024-05-16_d8adca4e5fa430fcba55aa7ac71162b1_icedid_ramnit
.exe windows:5 windows x86 arch:x86

4d23728e140273e85734af65c0851763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua5.1

lua_isnumber
lua_tonumber
lua_pushnil
lua_pushboolean
lua_pushstring
lua_setfield
lua_toboolean
lua_close
lua_getfield
lua_type
lua_pushnumber
lua_remove
lua_pcall
lua_tolstring
lua_settop
lua_getinfo
lua_sethook
luaL_openlibs
luaL_newstate
lua_concat
lua_pushfstring
lua_getstack
lua_pushlstring
lua_gettop
lua_tointeger
lua_isstring
lua_insert
lua_pushcclosure
luaL_loadbuffer
lua_settable
lua_createtable
lua_gettable
lua_error
lua_next
lua_pushvalue
luaL_openlib
lua_tothread

winmm

mixerOpen
mixerSetControlDetails
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetNumDevs
waveInGetDevCapsA
waveInUnprepareHeader
mixerGetNumDevs
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveOutGetDevCapsA
mciGetErrorStringA
mciSendCommandA
PlaySoundA
waveInPrepareHeader
mixerClose
timeGetTime
timeGetDevCaps
sndPlaySoundA
timeEndPeriod
timeKillEvent
timeBeginPeriod
timeSetEvent

wsock32

WSACancelAsyncRequest
connect
socket
WSAAsyncGetHostByName
WSACleanup
__WSAFDIsSet
WSAGetLastError
htons
ioctlsocket
inet_addr
send
inet_ntoa
WSAStartup
closesocket
recv
select

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msacm32

acmStreamOpen
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmStreamSize
acmStreamPrepareHeader
acmFormatSuggest

kernel32

IsDBCSLeadByte
LocalUnlock
LocalLock
LocalAlloc
lstrcmpiA
FileTimeToDosDateTime
IsBadStringPtrA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetVolumeLabelA
GetLocalTime
FlushFileBuffers
MoveFileA
VirtualUnlock
FreeResource
VirtualFree
VirtualAlloc
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleFileNameW
GetThreadLocale
ResumeThread
LocalReAlloc
EnumResourceLanguagesA
ConvertDefaultLocale
GetFileTime
GetStringTypeExA
LockFile
UnlockFile
DuplicateHandle
GetFileAttributesExA
GetFileSizeEx
GetProfileIntA
GlobalFlags
GetCPInfo
GetOEMCP
GetModuleHandleW
SearchPathA
FindResourceExA
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
ExitProcess
GetTimeFormatA
GetDateFormatA
HeapReAlloc
RaiseException
GetCommandLineA
GetStartupInfoA
VirtualQuery
ExitThread
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
GetStdHandle
CompareStringW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
TlsFree
GlobalHandle
TlsAlloc
GetProcessAffinityMask
VirtualProtect
VirtualLock
OpenFile
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
GetCurrentThreadId
GetSystemDefaultLangID
DeviceIoControl
SetErrorMode
GetLogicalDriveStringsA
lstrcmpA
GetFileSize
SetEndOfFile
GetDriveTypeA
GetComputerNameA
GetSystemInfo
GlobalMemoryStatus
ExpandEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentProcessId
GetLocaleInfoA
GlobalSize
CreateThread
TerminateThread
CreateEventA
SetEvent
WaitForSingleObject
GetExitCodeThread
GetThreadPriority
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetCurrentProcess
LoadLibraryExA
GetTickCount
OpenProcess
TerminateProcess
GetTempPathA
MoveFileExA
GetShortPathNameA
GetWindowsDirectoryA
CopyFileA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
MulDiv
GetTempFileNameA
CreateProcessA
GetDiskFreeSpaceA
CreateDirectoryA
SystemTimeToFileTime
SetFileTime
DeleteFileA
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
SetFilePointer
ReadFile
CloseHandle
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
SetFileAttributesA
Sleep
lstrcpynA
SetEnvironmentVariableA
GetSystemDirectoryA
GetEnvironmentVariableA
lstrlenW
InterlockedIncrement
GetFileAttributesA
GetModuleFileNameA
SetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetExitCodeProcess
GetLastError
FreeLibrary
FormatMessageA
LocalFree
CompareStringA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
lstrcatA
TlsGetValue
WriteFile
IsBadReadPtr
EnumResourceNamesA
EnumResourceTypesA
LoadLibraryW
LoadLibraryExW
LocalSize
IsBadWritePtr
TlsSetValue

user32

ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableA
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
PostThreadMessageA
SubtractRect
GetTabbedTextExtentA
DestroyCursor
DrawIcon
GetDCEx
IsCharLowerA
MapVirtualKeyExA
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DestroyAcceleratorTable
NotifyWinEvent
GetMessageA
ValidateRect
DestroyMenu
MapVirtualKeyA
GetKeyNameTextA
GetMenuStringA
EndPaint
BeginPaint
IsDialogMessageA
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
ScrollWindow
TrackPopupMenuEx
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
GetMenu
IsIconic
GetWindowPlacement
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
CharToOemA
OemToCharBuffA
CharLowerA
WaitForInputIdle
SetDlgItemTextA
SetWindowTextA
EndDialog
DialogBoxParamA
GetActiveWindow
OemToCharA
CharNextA
CharPrevA
CharUpperBuffA
CharLowerBuffA
UnregisterClassA
ExitWindowsEx
DrawMenuBar
RemoveMenu
RegisterClassA
CreateWindowExA
DestroyWindow
GetAsyncKeyState
GetNextDlgTabItem
GetDoubleClickTime
WindowFromPoint
ClipCursor
IsClipboardFormatAvailable
GetClassInfoA
InvertRect
DrawEdge
FrameRect
FillRect
TrackMouseEvent
EnableScrollBar
InsertMenuA
DrawFrameControl
MapWindowPoints
CopyIcon
CreatePopupMenu
CreateMenu
GetWindowRgn
EqualRect
GetForegroundWindow
GetWindow
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
wsprintfA
DrawIconEx
LoadBitmapA
CharUpperA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MessageBeep
RegisterWindowMessageA
IsChild
SetCursor
ShowWindow
MoveWindow
SetWindowRgn
UnionRect
SetRectEmpty
DefWindowProcA
SetCapture
GetCapture
SetFocus
SetWindowPos
CallWindowProcA
GetFocus
InvalidateRgn
UpdateWindow
IntersectRect
PostQuitMessage
GetWindowDC
GetSystemMenu
GetMenuState
EnableMenuItem
DeleteMenu
MessageBoxA
GetMessagePos
DrawFocusRect
TrackPopupMenu
DrawAnimatedRects
FindWindowA
EnumChildWindows
GetClassNameA
SetMenuDefaultItem
DestroyIcon
SetParent
SetActiveWindow
LoadMenuA
GetSubMenu
GetMenuItemID
MsgWaitForMultipleObjects
TranslateMessage
SetRect
GetIconInfo
GetSystemMetrics
SystemParametersInfoA
GetMenuItemInfoA
AppendMenuA
InflateRect
CopyRect
DrawStateA
PeekMessageA
DispatchMessageA
ReleaseCapture
CloseWindow
GetParent
PostMessageA
GetSysColor
GetKeyState
GetCursorPos
RedrawWindow
IsWindowVisible
InvalidateRect
ScreenToClient
PtInRect
IsWindow
LoadIconA
SendMessageA
OffsetRect
KillTimer
SetTimer
GetWindowLongA
SetWindowLongA
GetDC
UpdateLayeredWindow
ReleaseDC
LoadImageA
EnableWindow
SetForegroundWindow
GetDesktopWindow
ClientToScreen
GetClientRect
GetWindowRect
IsRectEmpty
SetWindowLongW
GetWindowLongW
IsWindowUnicode
CreateIconIndirect
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
GetMenuStringW
SetCursorPos
GetMenuDefaultItem
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
WaitMessage
ShowOwnedPopups
SetClassLongA
LockWindowUpdate
GetUpdateRect
CallWindowProcW
DefWindowProcW
DefFrameProcW
DefDlgProcA
DefDlgProcW
DefMDIChildProcW
RegisterClassW
SendMessageTimeoutA
HideCaret
ShowCaret
RegisterClipboardFormatA
GetNextDlgGroupItem
CopyAcceleratorTableA
SetWindowContextHelpId
MapDialogRect
GetSysColorBrush
GetMenuItemCount
IsMenu
GetCursor
GetKeyboardLayoutList
LoadCursorA

gdi32

SetMapMode
ExcludeClipRect
GetTextExtentPoint32A
GetStockObject
AddFontResourceA
RemoveFontResourceA
CreateHalftonePalette
CreateFontIndirectA
GetTextColor
Polygon
RealizePalette
SelectPalette
CreateRectRgnIndirect
CombineRgn
GetWindowOrgEx
GetWindowExtEx
IntersectClipRect
GetDeviceCaps
GetMapMode
GetViewportExtEx
DPtoLP
LPtoDP
ExtCreateRegion
BitBlt
CreateRectRgn
CreateRoundRectRgn
GetPaletteEntries
GetBkColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GdiFlush
CreateFontA
CreateScalableFontResourceA
EnumFontFamiliesExA
CreatePalette
CreateBitmap
PatBlt
CreatePatternBrush
LineTo
MoveToEx
RestoreDC
GetPixel
SetViewportExtEx
SetStretchBltMode
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
GetObjectType
SaveDC
CreateHatchBrush
CopyMetaFileA
CreateDCA
SetRectRgn
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
GetRgnBox
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetCharWidthA
StretchDIBits
StartPage
OffsetRgn
SetDIBColorTable
GetDIBits
SetPixel
RoundRect
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextAlign
GetTextFaceA
GetNearestPaletteIndex
GetSystemPaletteEntries
DeleteMetaFile
SetPixelV
StartDocA
GetCurrentObject
OffsetViewportOrgEx
SetROP2
ScaleViewportExtEx
SetPolyFillMode
SetViewportOrgEx
GetClipRgn
SelectClipRgn
GetBkMode
GetTextMetricsA
CreateCompatibleBitmap
PtInRegion
SetTextColor
GetClipBox
GetDCOrgEx
Rectangle
CreateSolidBrush
CreatePen
CreateDIBSection
StretchBlt
SetBrushOrgEx
GetBitmapBits
GetTextExtentPoint32W
ExtTextOutW
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
SetWinMetaFileBits
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetMetaFileBitsEx
GetMetaFileA
GetEnhMetaFileA
PlayEnhMetaFile
SetBkColor
SetBkMode
GetStretchBltMode
EndDoc
AbortDoc
DeleteObject
GetObjectA
SelectObject
DeleteDC
SetTextAlign
EndPage
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
GetUserNameA
GetServiceDisplayNameA
QueryServiceStatus
ControlService
StartServiceA
DeleteService
CreateServiceA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
UnlockServiceDatabase
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegConnectRegistryA
EnumServicesStatusA
OpenThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
GetTokenInformation
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
LookupAccountSidA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetValueA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA

shell32

ShellExecuteExA
SHAppBarMessage
ExtractIconA
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
DragFinish
Shell_NotifyIconA
SHGetFileInfoA
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawIndirect
ImageList_GetImageInfo
ImageList_GetBkColor
FlatSB_GetScrollProp
_TrackMouseEvent
ImageList_DrawEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecW

oledlg

ord1
ord8

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium

oleaut32

VarUdateFromDate
RegisterTypeLi
LoadTypeLi
VariantClear
VariantChangeType
SysStringLen
SysStringByteLen
OleCreateFontIndirect
SafeArrayDestroy
SysAllocStringByteLen
VariantCopy
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantInit
SysFreeString
OleLoadPicturePath

urlmon

URLDownloadToFileA

gdiplus

GdipFree
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdiplusShutdown

netapi32

Netbios

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d23728e140273e85734af65c0851763

Headers

DLL Characteristics

File Characteristics

Imports

lua5.1

winmm

wsock32

version

msacm32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

netapi32

imm32

imagehlp

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 856KB - Virtual size: 855KB

.data Size: 144KB - Virtual size: 474KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 856KB - Virtual size: 855KB

.data
Size: 144KB - Virtual size: 474KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 108KB - Virtual size: 108KB