2024-11-24_03325e4d0d45668ab4e0602d4aed4113_icedid_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-24_03325e4d0d45668ab4e0602d4aed4113_icedid_ramnit
Size

500KB
MD5

03325e4d0d45668ab4e0602d4aed4113
SHA1

d90ac82a694395c06d5f10adaeaf72419f1b513e
SHA256

6cf21e8ffb4aa0223cc5ff71e1ba525dfea857eed8f1193170289da6adec05ef
SHA512

2b333c5cdd176edd3b789ea626845a8d43d995cc0f82a9090379195c4a99138d4babf43c66a5167b74d3c768afbf6ec7141c4594d60d03d4fa01834a9bbb1291
SSDEEP

12288:FyL5p1KP2wMLyro903gbKe6nVXsyF7SoYFR4jO2LpACRPuo:mp1oMLAgj6nV8qSoY3Op

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-11-24_03325e4d0d45668ab4e0602d4aed4113_icedid_ramnit

Files

2024-11-24_03325e4d0d45668ab4e0602d4aed4113_icedid_ramnit
.exe windows:4 windows x86 arch:x86

66d29391d99f00cd1db7d8eb38686163

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\HVResultBrowser\_Bin\x86\Release\HVResultBrowser.pdb

Imports

gdiplus

GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipDeleteGraphics
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateSolidFill
GdipCreateFromHWND
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawString
GdipDrawImageRectI
GdipAlloc
GdipCloneBrush
GdipCloneImage
GdipCreateBitmapFromStream
GdipDeletePen
GdipCreatePen1
GdiplusShutdown
GdipFree
GdipDeleteBrush
GdiplusStartup
GdipCreateBitmapFromScan0

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
GetFileTime
GetTickCount
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetStartupInfoA
TlsGetValue
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
InterlockedDecrement
WritePrivateProfileStringA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
EnumResourceLanguagesA
lstrcpyA
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GetProcAddress
GetFileAttributesExA
CreateFileA
CloseHandle
DeleteFileA
OutputDebugStringA
CreateDirectoryA
WideCharToMultiByte
GetModuleFileNameA
GetLocalTime
GetCurrentDirectoryA
CopyFileA
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
GetCommandLineA

user32

TranslateMessage
GetMessageA
WindowFromPoint
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
SetCapture
ReleaseCapture
CharNextA
IsRectEmpty
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
ValidateRect
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
DrawTextExA
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetWindow
GetKeyState
FindWindowA
SetWindowTextA
LoadCursorA
SetCursor
GetCursorPos
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
SetWindowsHookExA
GrayStringA
CloseWindow
LoadIconA
GetFocus
SetActiveWindow
RedrawWindow
LockWindowUpdate
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
LoadMenuA
GetSubMenu
DrawTextA
TabbedTextOutA
PostQuitMessage
wsprintfA
SendDlgItemMessageA
EnableMenuItem
AppendMenuA
DrawIcon
SetRect
PtInRect
CharUpperA
SendMessageA
EnableWindow

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateFontA
DeleteDC
CreateSolidBrush

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ord165
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ord17
ImageList_Destroy

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorage
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
OleFlushClipboard

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66d29391d99f00cd1db7d8eb38686163

Headers

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 312KB - Virtual size: 309KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 48KB - Virtual size: 45KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 48KB - Virtual size: 45KB

.rmnet
Size: 60KB - Virtual size: 60KB