2024-09-26_197b5bd6ca4707d3e70658efb89b1c78_icedid_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-26_197b5bd6ca4707d3e70658efb89b1c78_icedid_ramnit
Size

4.9MB
MD5

197b5bd6ca4707d3e70658efb89b1c78
SHA1

c22ad0aad8ab40f4c2c1eda077c74615bd4481e7
SHA256

2fd536868511ce5431c14618f4fe2e682dc45a9e129cc5a03ab86b54f20ae77f
SHA512

8b79e4fa7414caa132b2d7fa065a26e41b66275e3c6c048ce1cfa8eda9fd9e3fe93619bb479e6c97b58ac7da0f11ec2321485b68ea3dfef2bb9c538d2b0a7154
SSDEEP

98304:sdeqEvJQMW7DXP/yoCUOJyoKMXaeu3xazyMB2OpZbSSsQ:k9nn3yoZiLu3xazcOpZbSi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-26_197b5bd6ca4707d3e70658efb89b1c78_icedid_ramnit

Files

2024-09-26_197b5bd6ca4707d3e70658efb89b1c78_icedid_ramnit
.exe windows:6 windows x86 arch:x86

cd0940c7f18640a367a0c016353205ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Download\Download_Trunk\Win\ResearchDownload\Source\DLoader\UpgradeDownload_Release\UpgradeDownload.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

processflow

WriteDataToFlow
DisconnectDB
ConnectDB
ExitProcessFlow
CheckProcessEnable
InitProcessFlow

porthound

ReleaseDevHound
CreateDevHound

sprdmesapp

MES_GetBatchInfo
MES_WriteTestResult
MES_Release
MES_Disconnect
MES_EnableCheck
MES_GetBatchName
MES_GetLastError
MES_Create

secbinpack9

CreateSecPacParse

liveupdatesdll

CheckToolVerUpdate

wininet

InternetGetConnectedState

dlframe

CreateDLObj

kernel32

SetErrorMode
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
LocalLock
LocalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoW
IsDebuggerPresent
GetStartupInfoW
GlobalFlags
GetAtomNameW
LocalReAlloc
LocalAlloc
LocalFileTimeToFileTime
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GlobalGetAtomNameW
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetOEMCP
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
GetFileAttributesExW
FindResourceExW
GetUserDefaultUILanguage
GlobalHandle
OutputDebugStringW
SwitchToThread
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
GetCommandLineW
ExitProcess
GetModuleHandleExW
FindFirstFileExW
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFileTime
GetTempFileNameW
GetFullPathNameW
GetDiskFreeSpaceW
CompareStringA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
lstrcmpA
GetVersionExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
VirtualProtect
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
FreeResource
GetCurrentThreadId
EncodePointer
OutputDebugStringA
SetFilePointerEx
ReadConsoleW
GetDriveTypeW
IsValidCodePage
GetACP
CopyFileW
FormatMessageW
MulDiv
GetSystemDefaultUILanguage
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
GetComputerNameExW
lstrcpynW
lstrlenW
lstrcatW
lstrcpyW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
RemoveDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
QueryDosDeviceW
CreateNamedPipeW
ConnectNamedPipe
FlushFileBuffers
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
GetModuleFileNameA
GetFileTime
UnmapViewOfFile
GetSystemDirectoryW
GetLocalTime
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetTempPathW
WriteFile
SetFilePointer
ReadFile
GetFileSizeEx
GetFileSize
FindNextFileW
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
FindFirstFileW
FindClose
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetLastError
WritePrivateProfileStringW
SetFileAttributesW
GetFileAttributesW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
SetCurrentDirectoryW
InitializeSListHead
WriteConsoleW

user32

EnumDisplayMonitors
SetLayeredWindowAttributes
GetMenuDefaultItem
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
UnionRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
SetParent
DeleteMenu
CopyImage
TrackMouseEvent
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
GetDialogBaseUnits
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
DestroyIcon
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetMenuItemInfoW
DestroyMenu
CharUpperW
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetMessageW
IntersectRect
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
WindowFromPoint
GetCursorPos
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
GetWindowThreadProcessId
LoadMenuW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
CloseClipboard
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
RegisterWindowMessageW
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
DrawEdge
SetCursorPos
CopyIcon
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SetRectEmpty
SendDlgItemMessageA
GetWindowLongW
GetWindowTextLengthW
GetScrollPos
SetScrollPos
SetFocus
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetDesktopWindow
DrawIcon
PtInRect
OffsetRect
DrawFocusRect
MapWindowPoints
ScreenToClient
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
GetMessagePos
DrawFrameControl
UnregisterClassW
GetWindow
GetClassNameW
ReleaseDC
GetDC
LoadImageW
IsRectEmpty
FrameRect
IsWindow
EnumWindows
GetWindowTextW
EnableMenuItem
GetSystemMenu
PeekMessageW
GetKeyState
MessageBeep
SetRect
GetCaretPos
keybd_event
InflateRect
SubtractRect
KillTimer
SetTimer
UpdateWindow
PostMessageW
GetFocus
FillRect
CopyRect
IsZoomed
LoadBitmapW
GetClientRect
GetSysColor
DrawTextW
GetParent
DispatchMessageW
TranslateMessage
GetWindowRect
LoadIconW
InvalidateRect
EnableWindow
SendMessageW
SetMenuDefaultItem
GetDoubleClickTime
OpenClipboard
ModifyMenuW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
SendNotifyMessageW
MonitorFromRect
InSendMessage
DefMDIChildProcW
CreateMenu
WindowFromDC
GetWindowRgn
GetTabbedTextExtentW
GetForegroundWindow
DestroyCursor
SystemParametersInfoW

gdi32

PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
SetGraphicsMode
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetTextJustification
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetBkColor
GetCharWidthW
StretchDIBits
EnumFontFamiliesExW
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
OffsetViewportOrgEx
GetDIBits
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetMapperFlags
SelectPalette
ExtSelectClipRgn
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateDIBSection
CreateFontW
ExtTextOutW
Rectangle
CreatePen
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
GetTextColor
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
SetROP2
SetPolyFillMode
GetLayout
SelectClipRgn
SaveDC
RestoreDC
GetTextCharsetInfo
SetMapMode
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateDIBPatternBrushPt
SetBkColor
CreateBitmap
SetLayout

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
GetJobW
DocumentPropertiesW
OpenPrinterW

advapi32

SetFileSecurityW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumKeyExW
RegEnumValueW
CryptAcquireContextW
GetFileSecurityW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteExW
ShellExecuteW

comctl32

ImageList_AddMasked
ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock

shlwapi

PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripToRootW
StrFormatKBSizeW
PathFindFileNameW

uxtheme

DrawThemeBackground
OpenThemeData
GetThemeSysColor
GetWindowTheme
GetThemePartSize
CloseThemeData
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent

ole32

StgCreateDocfileOnILockBytes
GetRunningObjectTable
OleIsRunning
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleRun
CoFreeUnusedLibraries
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
PropVariantCopy
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
OleRegGetMiscStatus
OleRegEnumVerbs
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CoGetMalloc
OleQueryCreateFromData
OleQueryLinkFromData
CreateOleAdviseHolder

oleaut32

VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
VarDecFromStr
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
OleCreateFontIndirect
VarBstrFromDec
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString

oledlg

OleUIBusyW

config

Config_GetInstance

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

[ms��u{
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 357KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd0940c7f18640a367a0c016353205ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

processflow

porthound

sprdmesapp

secbinpack9

liveupdatesdll

wininet

dlframe

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

config

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 814KB - Virtual size: 813KB

.data Size: 40KB - Virtual size: 65KB

.rsrc Size: 754KB - Virtual size: 754KB

[ms��u{ Size: 16KB - Virtual size: 20KB

.text Size: 357KB - Virtual size: 360KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 814KB - Virtual size: 813KB

.data
Size: 40KB - Virtual size: 65KB

.rsrc
Size: 754KB - Virtual size: 754KB

[ms��u{
Size: 16KB - Virtual size: 20KB

.text
Size: 357KB - Virtual size: 360KB