2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit
Size

475KB
MD5

8f4dd5ca9a4a562957a3db2bd8137ff1
SHA1

a7afbcaa1b4019bbc0d1d689255446d2b9b5c804
SHA256

d6043b2dfaf5353a6c3b0182798d7c46bc43e6ca8a23f928889b1332e373a79e
SHA512

69904ef398b229d3c3c024e69bb04aef14bd97016bbcd941a656d0a8a139226e04c6b326a5f402c1e7e90e2c974aee6abf63ad0b19b33dc89eeba6f3e7e299fa
SSDEEP

6144:3aGlIYUIrf3M1Nnpfx58Mc+WOcclEaPRiZ2UC73OAOM+h7xmy8fBgFb4tz+QGWw:3ryP1zfMeZnO23ay+hUBg5wz+QC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit

Files

2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit
.exe windows:5 windows x86 arch:x86

16ece673f79986a117723d210970fa89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Realtek Source\RTL DHCP Server\RTLDHCP\v1.0.0.14B\Release\RTLDHCP.pdb

Imports

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA

kernel32

FreeLibrary
GlobalGetAtomNameA
lstrcmpA
GetCurrentProcessId
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
CompareStringA
GetModuleHandleW
InterlockedIncrement
ResumeThread
GetCurrentThreadId
MoveFileA
LoadLibraryA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
CreateFileA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GetLocaleInfoA
GetCPInfo
InterlockedDecrement
ExitThread
CreateThread
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineA
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
GetACP
IsValidCodePage
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GlobalLock
GlobalUnlock
LocalFree
SetLastError
MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetProcAddress
GetOEMCP
DeleteFileA
CloseHandle
WinExec
GetVersionExA
GetModuleFileNameA
LockResource
WritePrivateProfileStringA
GlobalFree
lstrcmpiA
GetLastError
TerminateProcess
CreateEventA
SizeofResource
Sleep
WideCharToMultiByte
GlobalAlloc
OpenProcess
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
LoadResource
FindResourceA
GetModuleFileNameW
GlobalFlags

user32

GetMessageTime
DestroyWindow
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
RegisterWindowMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
DestroyMenu
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessagePos
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetWindowTextA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MapWindowPoints
SetMenu
SetForegroundWindow
wsprintfA
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx

advapi32

RegOpenKeyExA
CloseServiceHandle
RegCloseKey
RegOpenKeyA
ControlService
OpenSCManagerA
SetServiceStatus
QueryServiceStatus
StartServiceCtrlDispatcherA
RegQueryValueExA
RegisterServiceCtrlHandlerA
OpenServiceA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantChangeType
SysFreeString
SysStringLen
SysAllocString
VariantInit

ws2_32

WSACloseEvent
WSAIoctl
connect
inet_ntoa
WSAStartup
recvfrom
ntohl
inet_addr
htonl
WSAGetLastError
htons
ntohs
setsockopt
sendto
WSACleanup
recv
bind
socket
WSACreateEvent
__WSAFDIsSet
closesocket
send
WSASocketA
listen
accept
select

iphlpapi

GetAdaptersInfo
GetNetworkParams
NotifyAddrChange

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
SetTextColor
SetMapMode
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16ece673f79986a117723d210970fa89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

setupapi

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

iphlpapi

oleacc

gdi32

winspool.drv

Sections

.text Size: 287KB - Virtual size: 286KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 8KB - Virtual size: 263KB

.rsrc Size: 1KB - Virtual size: 1KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 287KB - Virtual size: 286KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 8KB - Virtual size: 263KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 108KB - Virtual size: 108KB