2024-05-28_36fb7c68da3fc11162409029bb5539b8_icedid_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-28_36fb7c68da3fc11162409029bb5539b8_icedid_ramnit
Size

1.9MB
MD5

36fb7c68da3fc11162409029bb5539b8
SHA1

5405ee370a56219ef379fe1906495bb833dcc43d
SHA256

220b52976ed6f0bf0cfed381f4c66dcd5ce983745232b947a763cd7bb798dbd2
SHA512

b5da27f82bec973a0cfef5284b2d413091bb69d5ab67d5244e96fd23930549f80c82c44cc470d5da508be8a315186459218e710ff57dc9d11c3998b4ae9e6050
SSDEEP

49152:itgF4vrxgeRwblCvQ3g7c39j1AX/ECZViEJk/:i2FAgn8I3g7cNjSPXZVE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-28_36fb7c68da3fc11162409029bb5539b8_icedid_ramnit

Files

2024-05-28_36fb7c68da3fc11162409029bb5539b8_icedid_ramnit
.exe windows:4 windows x86 arch:x86

7e5d92c195591245b1657b681ba47f97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupFindFirstLineA
SetupDefaultQueueCallbackA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

waveOutClose
waveOutOpen

shell32

ShellExecuteExA
ord680
ShellExecuteA

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCompareCertificate
CertFreeCertificateContext
CertCloseStore

kernel32

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSize
GetFileTime
GetCurrentThread
SetErrorMode
GetCurrentDirectoryA
RtlUnwind
GetLocalTime
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
CreateThread
ExitThread
SetStdHandle
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetACP
MoveFileA
GlobalGetAtomNameA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
FreeLibrary
Sleep
CreateEventA
WaitForSingleObject
CreateSemaphoreA
GetModuleFileNameA
GetLastError
CreateDirectoryA
lstrcpyA
lstrcatA
FindFirstFileA
FindNextFileA
GetVolumeInformationA
LockFile
SetEndOfFile
UnlockFile
WriteFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
ReadFile
GetCurrentProcess
SuspendThread
lstrcpynA
MulDiv
GetCurrentThreadId
SetThreadPriority
ResumeThread
CompareStringA
CompareStringW
lstrcmpiA
FindClose
DeleteFileA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalLock
GlobalUnlock
LockResource
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
GetExitCodeProcess
GlobalFree
WaitForMultipleObjects
SetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
WritePrivateProfileStringA
FormatMessageA
GetProcessHeap
HeapAlloc
HeapFree
FindResourceA
SizeofResource
LoadResource
GetFullPathNameA
GetCommState
SetCommState
SetCommTimeouts
SetupComm
EscapeCommFunction
CreateFileA
GetTempPathA
GetCurrentProcessId
GlobalAlloc
OpenEventA
SetEvent
lstrlenA
LocalAlloc
LocalFree
OpenProcess
TerminateProcess
GetVersionExA
CreateProcessA
CloseHandle
GetVersion
MoveFileExA
GetShortPathNameA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
CopyFileA
GetFileAttributesExA
SetFileAttributesA
GetSystemDirectoryA
lstrcmpA
LCMapStringA
GetFileType
RemoveDirectoryA

user32

ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
PostQuitMessage
SetCursor
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
GetMenuCheckMarkDimensions
GetCursorPos
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
LoadBitmapA
CheckMenuItem
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowTextA
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetWindowRect
LoadIconA
ShowWindow
GetSystemMetrics
SetWindowPos
MessageBoxA
KillTimer
SetTimer
InvalidateRect
InflateRect
IsRectEmpty
GetClientRect
GetSysColor
GetWindowThreadProcessId
wsprintfA
LoadStringA
EnumWindows
GetWindowTextA
GetFocus
SetFocus
SendMessageA
IsWindow
EnableWindow
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetClassInfoA
IsDialogMessageA
GetCapture
WinHelpA
GetMessagePos
EndDialog
GetNextDlgTabItem
SetWindowLongA
UnregisterClassA

gdi32

BitBlt
CreateCompatibleDC
CreateSolidBrush
CreatePen
Rectangle
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
GetViewportExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA
GetMapMode
GetWindowExtEx
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetSecurityDescriptorDacl
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
QueryServiceStatus
ControlService
RegSetKeySecurity
FreeSid
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle

comctl32

ord17

olepro32

ord251

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jyntogr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jekqlfa
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e5d92c195591245b1657b681ba47f97

Headers

File Characteristics

Imports

setupapi

version

winmm

shell32

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

olepro32

Sections

.text Size: 480KB - Virtual size: 480KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 56KB - Virtual size: 68KB

.rsrc Size: 196KB - Virtual size: 196KB

jyntogr Size: - Virtual size: 4KB

.text Size: 548KB - Virtual size: 548KB

jekqlfa Size: 72KB - Virtual size: 72KB

.text Size: 548KB - Virtual size: 548KB

.text
Size: 480KB - Virtual size: 480KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 56KB - Virtual size: 68KB

.rsrc
Size: 196KB - Virtual size: 196KB

jyntogr
Size: - Virtual size: 4KB

.text
Size: 548KB - Virtual size: 548KB

jekqlfa
Size: 72KB - Virtual size: 72KB

.text
Size: 548KB - Virtual size: 548KB