2024-05-28_377784cd6d34f0500cfd9e03d2dcc370_icedid_nymaim

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_377784cd6d34f0500cfd9e03d2dcc370_icedid_nymaim
Size

1.0MB
MD5

377784cd6d34f0500cfd9e03d2dcc370
SHA1

5688ab74a9fe4cc5eabcbd9de1bd4c628f396a3c
SHA256

89bd57c44decc12818e1c530681cfdd62030248f6297eea64c0835cbb2b6e10d
SHA512

98235f4af40559cf371570cfe78dc30e274b5918b44061ce917cd69813eeac57b74147806c99a677fe6b1412876264ce6bd4efb981efa5497553add4a6a740cd
SSDEEP

24576:/XNHvjXJ5TXGzTkPce9t5YhncpozrmjLGdvC:1TTX4TkPcU6cy+GdvC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-28_377784cd6d34f0500cfd9e03d2dcc370_icedid_nymaim

Files

2024-05-28_377784cd6d34f0500cfd9e03d2dcc370_icedid_nymaim
.exe windows:4 windows x86 arch:x86

8befd639394962a1745c91cb88f1d933

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSARecv
inet_ntoa
ntohs
getpeername
gethostbyname
gethostname
socket
WSAGetLastError
inet_addr
WSASend
send
recv
select
shutdown
bind
listen
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
htons
WSAStartup
connect
WSASocketA
WSAEnumNetworkEvents
WSAAccept
closesocket
WSACleanup
WSACloseEvent
WSASetLastError

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetTimeFromSystemTime

winmm

PlaySoundA

imageload

SaveBMP
GetLastPicLibError
LoadTIF
LoadTGA
LoadPCX
LoadJPG
LoadGIF
LoadBMP
FileType
SaveGIF
SaveJPG
SavePCX
SaveTGA
SaveTIF

ssleay32

ord77
ord112
ord78
ord162
ord48
ord96
ord8
ord71
ord130
ord128
ord127
ord65
ord61
ord33
ord154
ord21
ord16
ord73
ord225
ord141
ord5
ord28
ord22
ord6
ord12
ord74
ord183
ord157
ord35
ord83
ord82
ord75
ord108

libeay32

ord401
ord1308
ord1304
ord89
ord1291
ord107
ord421
ord78
ord95
ord281
ord680
ord84
ord1017
ord1016
ord774
ord66
ord52
ord1882
ord82
ord399
ord2181
ord2254
ord2253
ord467
ord466
ord641
ord653
ord585
ord1015
ord657

kernel32

GetLastError
SetEvent
GetCurrentThreadId
TerminateThread
RemoveDirectoryA
DeleteFileA
SetFileAttributesA
CreateDirectoryA
lstrcmpA
GetSystemTime
GetLocalTime
lstrcpyA
lstrlenA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
WinExec
lstrcatA
DeleteCriticalSection
CopyFileA
GetProcAddress
GetTimeZoneInformation
SetLastError
GetModuleFileNameA
GetSystemDirectoryA
SetThreadPriority
Sleep
ResumeThread
GetVersionExA
Beep
GetTickCount
GetVersion
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
InitializeCriticalSection
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
MulDiv
lstrcpynA
FindClose
FindFirstFileA
FindNextFileA
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
CreateEventA
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
SuspendThread
GetCurrentThread
GlobalAlloc
GlobalFlags
SizeofResource
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
RtlUnwind
CreateThread
ExitThread
RaiseException
GlobalGetAtomNameA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
GetACP
TerminateProcess
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ResetEvent
WaitForSingleObject
CloseHandle
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
InterlockedExchange
GetProfileStringA
HeapAlloc

user32

LoadStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
WindowFromPoint
DestroyMenu
ValidateRect
GetMessageA
PostQuitMessage
SetRectEmpty
IsZoomed
SetWindowContextHelpId
MapDialogRect
GetClassNameA
GetDesktopWindow
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
SetParent
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
wvsprintfA
GetForegroundWindow
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
SetForegroundWindow
LoadBitmapA
GetWindow
OffsetRect
EnableMenuItem
PostThreadMessageA
CopyRect
FillRect
DrawIconEx
MessageBoxA
GetCursorPos
ScreenToClient
KillTimer
SetTimer
LoadMenuA
GetSubMenu
DrawTextExA
LoadCursorA
CopyIcon
GetParent
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetWindowLongA
SetCursor
PtInRect
RedrawWindow
SetCapture
MessageBeep
GetSysColor
PostMessageA
wsprintfA
SetRect
GetWindowRect
GetClientRect
GetDlgItem
IsCharAlphaNumericA
IsCharAlphaA
LoadIconA
DestroyIcon
SendMessageA
EnableWindow
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
GetLastActivePopup
GetWindowTextLengthA
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
ReleaseCapture

gdi32

DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreateRectRgnIndirect
SetWindowExtEx
ScaleWindowExtEx
PatBlt
ExcludeClipRect
IntersectClipRect
DeleteObject
CreateRectRgn
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Polygon
BitBlt
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
SelectClipRgn
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetTextExtentPointA
CreateDIBitmap
GetDeviceCaps
GetViewportExtEx
CreatePalette
LPtoDP
GetBkColor
GetTextColor
GetTextMetricsA
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
GetStockObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA
SHGetMalloc

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_AddMasked
ord17
ImageList_Create

oledlg

ord8

ole32

CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleUninitialize
OleInitialize
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoGetClassObject
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen
VariantClear
SysFreeString
SysAllocStringLen

wsock32

accept
htonl
WSAAsyncSelect
sendto
recvfrom
inet_ntoa

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

Sections

.text
Size: 812KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8befd639394962a1745c91cb88f1d933

Headers

File Characteristics

Imports

ws2_32

wininet

winmm

imageload

ssleay32

libeay32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

rpcrt4

Sections

.text Size: 812KB - Virtual size: 809KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 40KB - Virtual size: 57KB

.rsrc Size: 68KB - Virtual size: 64KB

.text
Size: 812KB - Virtual size: 809KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 40KB - Virtual size: 57KB

.rsrc
Size: 68KB - Virtual size: 64KB