2024-10-13_dd2d3b363c3b58d279ed73585cb67421_icedid_strictor_webshell-shell

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-13_dd2d3b363c3b58d279ed73585cb67421_icedid_strictor_webshell-shell
Size

18.3MB
MD5

dd2d3b363c3b58d279ed73585cb67421
SHA1

5fd1567bc590506c88cd79a734c1937b0c53cf9f
SHA256

72647f0f408912df82d9939cb87b33ffa47aeaf8b89dfdabf072406e759592ad
SHA512

cf203d93ab4883f1f4151d11c383b319cadcd6ddd2e9f90c0302686c64e700ff90dff01e994b48b8fce4f40792ea0bbf22820b399ca5b6c117f9d6e0c2a03b96
SSDEEP

196608:BrBBhC+qoNDeSVmOr57udJ8NpL84jN1eFLOyomFHKnPAupSBXhqb2CIBELwn63V:ptC+tReIAJ8jzneFNxq6CIBFn63

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-13_dd2d3b363c3b58d279ed73585cb67421_icedid_strictor_webshell-shell

Files

2024-10-13_dd2d3b363c3b58d279ed73585cb67421_icedid_strictor_webshell-shell
.exe windows:4 windows x86 arch:x86

44b2fa47f957e972af72d923db23ebb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

shlwapi

SHDeleteKeyW

mfc42u

ord2294
ord4229
ord800
ord4197
ord538
ord4847
ord537
ord6211
ord3087
ord4704
ord2371
ord6330
ord6195
ord5647
ord3122
ord3611
ord3658
ord1971
ord858
ord922
ord2810
ord940
ord6381
ord5438
ord3313
ord665
ord5180
ord861
ord540
ord350
ord354
ord535
ord4155
ord6874
ord5857
ord925
ord942
ord2910
ord4667
ord541
ord801
ord4269
ord6371
ord4480
ord2546
ord2504
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord536
ord656
ord609
ord2613
ord1131
ord4124
ord6654
ord3605
ord2567
ord4390
ord3569
ord1569
ord1165
ord2362
ord668
ord1972
ord3173
ord4053
ord2773
ord2762
ord356
ord5679
ord6139
ord1197
ord860
ord4273
ord2755
ord5706
ord2858
ord2634
ord755
ord470
ord3871
ord1155
ord2606
ord6279
ord6278
ord6865
ord2281
ord324
ord567
ord641
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord1768
ord4073
ord6051
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord4370
ord5261
ord823
ord825
ord5727
ord1143

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__CxxFrameHandler
wcsncmp
wcslen
_waccess
wcscmp
swprintf
wcsncpy
wcscpy
wcsstr
exit
wcscat
__wgetmainargs
_wcmdln
_XcptFilter
_exit

kernel32

CreateDirectoryW
FindResourceW
LoadResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
WritePrivateProfileStringW
GetProcAddress
TerminateProcess
OpenProcess
CloseHandle
lstrlenA
WinExec
GetCurrentProcess
GetShortPathNameW
GetCurrentDirectoryW
SetFileAttributesW
GetVersion
DeviceIoControl
GetVolumeInformationW
GetComputerNameW
GetStartupInfoW
GetModuleHandleW
GetVersionExW
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
GetTempPathW
GetModuleFileNameW
GetSystemDirectoryW
SetCurrentDirectoryW
GetCommandLineW
WriteFile
SizeofResource
CreateFileW
CopyFileW
GetLastError
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
Sleep
WTSGetActiveConsoleSessionId

user32

EnableWindow
AppendMenuW
LoadIconW
SendMessageW
PostMessageW
FindWindowW
SetWindowPos
GetSystemMetrics
GetSystemMenu
DrawIcon
GetClientRect
IsIconic
ExitWindowsEx
GetWindowRect

advapi32

ImpersonateLoggedOnUser
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
StartServiceW
CreateProcessAsUserW
RevertToSelf
CreateServiceW
OpenSCManagerW
OpenServiceW
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyW
RegCloseKey
DuplicateTokenEx

shell32

SHGetFolderPathW

ole32

CoInitialize

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.2MB - Virtual size: 18.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44b2fa47f957e972af72d923db23ebb6

Headers

File Characteristics

Imports

psapi

shlwapi

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 18.2MB - Virtual size: 18.2MB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 18.2MB - Virtual size: 18.2MB