2024-05-20_d5959c9212a0d1d20e97020a58462d1f_icedid_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-20_d5959c9212a0d1d20e97020a58462d1f_icedid_ramnit
Size

3.8MB
MD5

d5959c9212a0d1d20e97020a58462d1f
SHA1

1cf1efd67425b0b51d737365920211889eb2efea
SHA256

b127ac60d44d75e2ed3db8bc62c28e403f8de0b27990bfa62ecc9aaa72b5182a
SHA512

831397133eed585e457ca448d44c8509dd88317b5dd5c7c332a9faa58a2e41b822195500ebc7e320ac4762d9c8fe7890642e3b22028d70226a5a017d2ae96f85
SSDEEP

49152:+3Nu/HDxdyizt74uIhWrHsuUTpHPc8tsuBQ18byASge:+3E/HldyizKtsuBLle

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-20_d5959c9212a0d1d20e97020a58462d1f_icedid_ramnit

Files

2024-05-20_d5959c9212a0d1d20e97020a58462d1f_icedid_ramnit
.exe windows:4 windows x86 arch:x86

926525955b4ec0edd933513aab07169b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\git\gxtools\win32\GXDownloader_boot\Release\GXDownloader_boot.pdb

Imports

kernel32

SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
HeapReAlloc
GetCommandLineA
GetCurrentDirectoryA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapAlloc
HeapFree
ExitProcess
RtlUnwind
GetTickCount
SetErrorMode
GetOEMCP
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FindNextFileA
GetFileTime
GetFileSize
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
SetLastError
MulDiv
lstrcpynA
LocalFree
WritePrivateProfileStringA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryA
FreeLibrary
lstrcatA
lstrcpyA
FreeResource
GetCPInfo
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
MultiByteToWideChar
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
WaitForSingleObject
TerminateProcess
GetLastError
FormatMessageA
GetVersion
GetFileAttributesA
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
VirtualAlloc
VirtualFree
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
DeleteFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetHandleCount

user32

PostThreadMessageA
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetForegroundWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
IntersectRect
GetWindowPlacement
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
CallNextHookEx
GetMessageA
IsWindowVisible
GetCursorPos
ValidateRect
MessageBoxA
GetLastActivePopup
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
PostQuitMessage
GetWindowTextA
ReleaseCapture
SetCapture
GetCapture
UpdateWindow
TranslateMessage
DispatchMessageA
SetWindowLongA
LoadCursorA
IsWindow
GetMessagePos
GetFocus
PtInRect
MessageBeep
PostMessageA
SetCursor
GetWindowLongA
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
DrawFocusRect
OffsetRect
InflateRect
DrawStateA
RegisterClipboardFormatA
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
SetWindowsHookExA
GetNextDlgGroupItem
LoadBitmapA
GetSysColorBrush
FillRect
GetSysColor
CopyRect
SetRect
CharUpperA
PeekMessageA
wsprintfA
GetKeyState
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
SetMenuItemBitmaps

gdi32

CreateRectRgnIndirect
GetBkColor
GetMapMode
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetClipBox
RoundRect
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
GetDeviceCaps
GetObjectA
CreatePen
SelectObject
DeleteObject
DeleteDC
SetMapMode

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA

comctl32

ord17
_TrackMouseEvent
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

SysFreeString
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocStringLen

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

htonl
inet_addr
inet_ntoa

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ddgqsdz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vozahkz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fotepcn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qnjuwpo
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vpmgwby
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

926525955b4ec0edd933513aab07169b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

netapi32

version

ws2_32

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 2.0MB - Virtual size: 2.1MB

.text Size: 204KB - Virtual size: 204KB

.text Size: 204KB - Virtual size: 204KB

ddgqsdz Size: - Virtual size: 4KB

.text Size: 204KB - Virtual size: 204KB

vozahkz Size: - Virtual size: 4KB

.text Size: 204KB - Virtual size: 204KB

fotepcn Size: - Virtual size: 4KB

.text Size: 204KB - Virtual size: 204KB

qnjuwpo Size: - Virtual size: 4KB

.text Size: 204KB - Virtual size: 204KB

vpmgwby Size: - Virtual size: 4KB

.text Size: 204KB - Virtual size: 204KB

.text Size: 176KB - Virtual size: 176KB

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 2.0MB - Virtual size: 2.1MB

.text
Size: 204KB - Virtual size: 204KB

.text
Size: 204KB - Virtual size: 204KB

ddgqsdz
Size: - Virtual size: 4KB

.text
Size: 204KB - Virtual size: 204KB

vozahkz
Size: - Virtual size: 4KB

.text
Size: 204KB - Virtual size: 204KB

fotepcn
Size: - Virtual size: 4KB

.text
Size: 204KB - Virtual size: 204KB

qnjuwpo
Size: - Virtual size: 4KB

.text
Size: 204KB - Virtual size: 204KB

vpmgwby
Size: - Virtual size: 4KB

.text
Size: 204KB - Virtual size: 204KB

.text
Size: 176KB - Virtual size: 176KB