IcedID is the malware that stealing information from Mail, Browser, etc...
In Japan, it spreading radically as a password-protected zip file sent from malicious e-mail nowadays and it contains .doc file which is using as MS Word macro.
Also, there are two versions of the executable file.
Fortunately, I could be able to dump the main process from one version by set a breakpoint to VirtualAlloc and VirtualProtect.
If we looking into the first 4 bytes "4D 38 5A 90" it seems PE header of a packed file by aPLib.
You can check it precisely in Exeinfo PE.
Therefore it able to decompress with that.
// Might be steganography something
StringEncrypter((uint *)&local_8,CONCAT31((int3)(uint)extraout_EDX_00 >> 8),1),".png",local_12c + iVar1);
// Strings used in simple encrypt algorithm
aeiuo
bcdfghjklmnpqrstvwxyz
abcedfikmnopsutw
infected
https://bazaar.abuse.ch/sample/a4f244ea588a4d55a542fe9c8fc6875d8b494acf7c2b970d420ff3a537f023cd/