2024-05-04_c307c099571544792385d1e9a1de8c39_chir_hacktools_icedid_nymaim

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-04_c307c099571544792385d1e9a1de8c39_chir_hacktools_icedid_nymaim
Size

2.6MB
MD5

c307c099571544792385d1e9a1de8c39
SHA1

0dd568f39fd42544162bd277d1bea5c79fba73f0
SHA256

cfacb518043afdfac9ca2806c1b7c3f50d28d96259d07efa7571eaf93c3296f2
SHA512

b57555d6833ec85f3c99bb318ad5920671c3fe1baa4e8d5723b4feacd76de214d54086f595e4b7c6a135b0bc857345629d3b70f86d286f74da740c0d8b908a63
SSDEEP

49152:TqaSoij7TqY8g805gohR4+3ky3W8CxVKlEYFjx3vv5A2Ecm:W3jpjQ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_c307c099571544792385d1e9a1de8c39_chir_hacktools_icedid_nymaim

Files

2024-05-04_c307c099571544792385d1e9a1de8c39_chir_hacktools_icedid_nymaim
.exe windows:4 windows x86 arch:x86

bf8ffc6789eff1fd0d7c806607f098d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
SetLocalTime
GetCommandLineA
CreateProcessA
SetCurrentDirectoryA
GetCurrentThreadId
GetModuleHandleA
GlobalSize
GlobalLock
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
GetCurrentDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetComputerNameA
GetProcessHeap
FindResourceA
LoadResource
LockResource
CreateThread
DeleteFileA
RemoveDirectoryA
FindNextFileA
GetModuleFileNameA
Sleep
MulDiv
FindFirstFileA
FindClose
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetFullPathNameA
lstrlenW
lstrlenA
GetUserDefaultLCID
GetTickCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitThread
VirtualQuery
lstrcpyW
ExitProcess
GetEnvironmentVariableA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetProfileStringA
SetEvent
GetCommModemStatus
GetOverlappedResult
WaitForMultipleObjects
GetLastError
ClearCommError
WaitCommEvent
CreateEventA
ReadFile
WriteFile
SetCommState
GetCommState
SetCommMask
SetCommTimeouts
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
SetLastError
lstrcpynA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
LocalAlloc
LocalFree
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
DuplicateHandle
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetFileTime
SetStdHandle
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetEnvironmentVariableA
SetEnvironmentVariableW
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetProcAddress
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
ReleaseMutex
CreateMutexA
SuspendThread
SetThreadPriority
GetCurrentThread
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
PurgeComm
EscapeCommFunction
lstrcmpA
GetCurrentProcess
WriteProcessMemory
FreeLibrary
VirtualProtect
lstrcmpiA
VirtualFree
LoadLibraryA
WaitForSingleObject
lstrcpyn
OpenFileMappingA
MapViewOfFile
RtlMoveMemory
Beep
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
OpenProcess
CreateRemoteThread
GetExitCodeThread
ReadProcessMemory
OpenEventA
GetShortPathNameA
BeginUpdateResourceA
EndUpdateResourceA
UpdateResourceA

imagehlp

ImageDirectoryEntryToData

user32

WindowFromPoint
CharUpperA
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCursorPos
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
IsClipboardFormatAvailable
SetWindowLongA
GetWindowLongA
IsWindowVisible
SetParent
SetScrollPos
SetScrollRange
GetScrollRange
PostMessageA
SetTimer
KillTimer
WinHelpA
ChildWindowFromPointEx
ScreenToClient
SetWindowRgn
DestroyCursor
DestroyAcceleratorTable
GetWindow
GetTopWindow
GetActiveWindow
SetWindowPos
SetFocus
DestroyMenu
SetActiveWindow
IsIconic
PeekMessageA
SetMenu
SetCursorPos
WaitForInputIdle
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
MessageBeep
LockWindowUpdate
ValidateRect
SetForegroundWindow
TrackPopupMenu
ScrollDC
InvertRect
SetCursor
wsprintfA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
RegisterClipboardFormatA
SetRectEmpty
GetClassNameA
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
LoadIconA
GetDesktopWindow
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
UnregisterClassA
LoadStringA
GetSysColorBrush
ClientToScreen
GetCapture
LoadCursorA
AdjustWindowRect
EnableMenuItem
GetSubMenu
GetMenu
EqualRect
IntersectRect
GetFocus
IsRectEmpty
IsChild
DestroyIcon
GetKeyState
GetMenuState
GetMenuCheckMarkDimensions
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
InvalidateRect
GetMessageA
GetDlgCtrlID
LoadBitmapA
MessageBoxA
LoadImageA
EnumDisplaySettingsA
ReleaseDC
GetDC
UpdateWindow
DispatchMessageA
CreateAcceleratorTableA
TranslateMessage
GetClipboardData
OpenIcon

gdi32

SetTextColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
GetBkColor
GetPixel
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetROP2
GetStretchBltMode
GetPolyFillMode
StartPage
EndPage
CreateDCA
DPtoLP
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
Ellipse
RoundRect
FillRgn
GetClipBox
CombineRgn
CreateRectRgn
GetClipRgn
CreatePolygonRgn
SetPixelV
LPtoDP
Pie
GetViewportOrgEx
GetWindowOrgEx
PatBlt
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
RealizePalette
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
Chord
Arc
Polygon
EndDoc
GetTextColor
Rectangle
SelectClipRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetWindowExtEx
GetBkMode
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetSystemPaletteEntries
SelectPalette
GetDIBits
CreateDIBSection
SetPixel
ExtCreateRegion
CreateRectRgnIndirect
GetCurrentObject
StartDocA

winspool.drv

GetFormA
ClosePrinter
SetFormA
EnumFormsA
OpenPrinterA
DocumentPropertiesA
DeleteFormA
AddFormA

comdlg32

GetFileTitleA
ChooseColorA
CommDlgExtendedError
ChooseFontA
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHChangeNotify

ole32

OleUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal

oleaut32

OleCreateFontIndirect
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
UnRegisterTypeLi
SysAllocString
VariantCopyInd
VariantInit
VariantChangeType
VariantClear
GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VarDateFromStr
OleCreatePictureIndirect

winmm

waveOutUnprepareHeader
midiStreamRestart
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
waveOutPrepareHeader

comctl32

ImageList_Destroy
ord17
ImageList_LoadImageA

Sections

.text
Size: 996KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 896KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf8ffc6789eff1fd0d7c806607f098d3

Headers

File Characteristics

Imports

kernel32

imagehlp

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

Sections

.text Size: 996KB - Virtual size: 992KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 896KB - Virtual size: 892KB

.rsrc Size: 672KB - Virtual size: 672KB

.text
Size: 996KB - Virtual size: 992KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 896KB - Virtual size: 892KB

.rsrc
Size: 672KB - Virtual size: 672KB