icedid | 2024-08-16_5f43ce9a9d7b15cb0d89a329b9306156_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-16_5f43ce9a9d7b15cb0d89a329b9306156_icedid
Size

14KB
MD5

5f43ce9a9d7b15cb0d89a329b9306156
SHA1

8fc8232c063abec979ad5fb1e9746d9c649a297d
SHA256

01f3e99933685ba1ed9b205da08c98294711ec2f39a9028fc4e9e94d4d372424
SHA512

8c798ec92ed732c168de9720c81e8b7e701754eb5008069a8c1cf2b21a486bf91f641128cc1e35244815b61cbc368e089aac4362ff352608563d828d0b91e413
SSDEEP

384:jev6UbqZ1K7zX+3q7PEe/7Vd227E0lMIU:yC71K/X+iPEOJdHJU

Score

10^/10

loader icedid

Malware Config

Extracted

Family

icedid

Signatures

Icedid family
icedid

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-16_5f43ce9a9d7b15cb0d89a329b9306156_icedid

Files

2024-08-16_5f43ce9a9d7b15cb0d89a329b9306156_icedid
.exe windows:6 windows x64 arch:x64

3a0cfb574e9f4ca8db6893e099e2d5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW
LookupAccountNameW

winhttp

WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect

kernel32

WideCharToMultiByte
lstrlenW
VirtualProtect
VirtualAlloc
lstrcatA
lstrcpyA
Sleep
GetTempPathA
CreateDirectoryA
LoadLibraryA
GetProcAddress
GetComputerNameExW
ExitProcess
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
WriteFile
CloseHandle
HeapReAlloc
GetLastError
SwitchToThread
GetTickCount64

shell32

SHGetFolderPathA

msvcrt

memset

user32

wsprintfW

Sections

.c
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.r
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsuarch
Size: 495B - Virtual size: 495B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

3a0cfb574e9f4ca8db6893e099e2d5bb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

winhttp

kernel32

shell32

msvcrt

user32

Sections

.c Size: 7KB - Virtual size: 7KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 396B

.r Size: 512B - Virtual size: 416B

.d Size: 512B - Virtual size: 128B

.tsuarch Size: 495B - Virtual size: 495B

.c
Size: 7KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 396B

.r
Size: 512B - Virtual size: 416B

.d
Size: 512B - Virtual size: 128B

.tsuarch
Size: 495B - Virtual size: 495B