2024-05-29_d8a05e14bff17e7da8bbfdca8f284476_icedid_nymaim

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-29_d8a05e14bff17e7da8bbfdca8f284476_icedid_nymaim
Size

5.8MB
MD5

d8a05e14bff17e7da8bbfdca8f284476
SHA1

6581146768b721b80fe017589c4c1b3efd4185db
SHA256

8af73188ca6e978c9cbb8b32afeb8e88a4fec3653dd499ef80b209b7511ae0dd
SHA512

1ff2191be4f76de348065c374720344f942eca9e42a58b3af08a1d0dfebee3e50b4369e68f7c7d041658b1a3fb0776a98b84bfb3e64dd88c9ccc7daa792d1b31
SSDEEP

98304:y2VhRNaNihNxivDDJPHthVlfRZt+I9OR4r3:7VheiuvDDlfRZ8I9OR4z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-29_d8a05e14bff17e7da8bbfdca8f284476_icedid_nymaim

Files

2024-05-29_d8a05e14bff17e7da8bbfdca8f284476_icedid_nymaim
.exe windows:4 windows x86 arch:x86

ecf52eb1f62a94c7ac38b44329584295

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_SetNumInputBuffers
HidD_GetHidGuid
HidD_GetAttributes
HidD_FlushQueue

kernel32

InterlockedIncrement
InterlockedDecrement
SetLastError
lstrcpynA
DuplicateHandle
GetVolumeInformationA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
MulDiv
ResumeThread
SetThreadPriority
SuspendThread
FileTimeToLocalFileTime
lstrcmpA
IsBadWritePtr
GetFileTime
LocalFileTimeToFileTime
SetFileTime
GetCurrentThread
GlobalReAlloc
GetTempFileNameA
lstrlenW
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
lstrlenA
lstrcpyW
RtlUnwind
ExitProcess
GetTimeZoneInformation
RaiseException
ExitThread
GetStartupInfoA
GetACP
SetStdHandle
GetFileType
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
CompareStringA
CompareStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
GlobalAddAtomA
SetEnvironmentVariableA
GetVersion
lstrcatA
GlobalGetAtomNameA
GetPrivateProfileIntA
lstrcmpiA
WinExec
DeleteFileA
GetCommandLineA
Sleep
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemInfo
DeviceIoControl
CloseHandle
CreateFileA
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
GetVersionExA
WritePrivateProfileStringA
GetTickCount
SetCurrentDirectoryA
GetSystemDefaultLangID
WideCharToMultiByte
CreateDirectoryA
MultiByteToWideChar
RemoveDirectoryA
CopyFileA
FindClose
FindFirstFileA
FindNextFileA
GetModuleFileNameA
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetExitCodeProcess
TerminateProcess
GetComputerNameA
IsDebuggerPresent
GetLastError
CreateMutexA
ReadFile
GetFileSize
WaitForSingleObject
CreateProcessA
GetCurrentProcessId
GetLocaleInfoA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
GetCurrentProcess
GetCurrentDirectoryA
SetFileAttributesA
MoveFileA
GlobalFindAtomA
GlobalDeleteAtom
LocalAlloc
FileTimeToSystemTime
GetLocalTime
SetEvent
CreateThread
CancelIo
CreateEventA
ReleaseMutex
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetProfileStringA
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetVersionExW
HeapCreate
HeapDestroy
IsBadReadPtr
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LoadLibraryW
LocalFree
LockFile
LockFileEx
QueryPerformanceCounter
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
InterlockedCompareExchange
LoadLibraryExA
lstrcpyA
WriteFile
SetFilePointer
CreateFileMappingA
MapViewOfFile
IsBadCodePtr

user32

SetRect
IsRectEmpty
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
IsZoomed
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
DestroyCursor
SetCursorPos
ReleaseCapture
SetCapture
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SetPropA
RegisterClipboardFormatA
GetDCEx
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
GrayStringA
DrawTextA
GetSysColorBrush
WindowFromPoint
DestroyIcon
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
SetParent
GetScrollInfo
RemoveMenu
TabbedTextOutA
GetSysColor
LoadCursorA
CopyIcon
SetCursor
GetMessagePos
PtInRect
MessageBeep
InvalidateRect
AppendMenuA
InsertMenuA
InflateRect
CheckMenuItem
IsClipboardFormatAvailable
LockWindowUpdate
GetDC
GetDesktopWindow
ReleaseDC
LoadImageA
SetWindowPos
BlockInput
CountClipboardFormats
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
LoadStringA
FindWindowExA
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
PostMessageA
GetSystemMetrics
IsWindowVisible
GetClientRect
FindWindowA
BringWindowToTop
DestroyMenu
IsWindow
SetMenu
SystemParametersInfoA
GetMenu
ClientToScreen
LoadMenuA
GetSubMenu
GetMenuItemCount
GetMenuItemID
ModifyMenuA
DeleteMenu
GetMenuStringA
EnableMenuItem
RedrawWindow
UpdateWindow
GetCursorPos
ScreenToClient
MessageBoxA
LoadBitmapA
SendMessageA
EnableWindow
KillTimer
GetWindowRect
SetWindowLongA
SetTimer
PostThreadMessageA
CallWindowProcA
UnregisterClassA
GetDlgCtrlID

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
GetTextExtentPoint32A
GetTextMetricsA
LPtoDP
DPtoLP
CreateDCA
GetMapMode
SetRectRgn
CombineRgn
GetTextColor
GetBkColor
CopyMetaFileA
PatBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
GetStockObject
CreateFontIndirectA
GetTextExtentPointA
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
DeleteObject
BitBlt
GetDIBits
StretchBlt
SelectObject
GetObjectA
CreateDIBitmap
CreateCompatibleDC

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
ReplaceTextA
FindTextA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetFileSecurityA
RegQueryValueExA
RegOpenKeyA
GetUserNameA
RegCreateKeyA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetSecurityDescriptorDacl
RegSetValueA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
SetFileSecurityA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
InitializeSecurityDescriptor

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
DragAcceptFiles
FindExecutableA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
ExtractIconA

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord4
ord11
ord8
ord3

ole32

CLSIDFromString
ReleaseStgMedium
CoTaskMemFree
OleRegGetUserType
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoDisconnectObject
CreateFileMoniker
OleLockRunning
StringFromCLSID
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
CreateItemMoniker
CreateGenericComposite
CreateBindCtx
ReadFmtUserTypeStg
ReadClassStg
OleDuplicateData
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
CoTreatAsClass
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
OleGetClipboard
OleSetMenuDescriptor
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromProgID

olepro32

ord253

oleaut32

SysStringLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SafeArrayGetUBound
SysFreeString

odbc32

ord72
ord4
ord48
ord49
ord20
ord17
ord59
ord8
ord44
ord19
ord46
ord12
ord68
ord41
ord2
ord1
ord50
ord45
ord51
ord15
ord9
ord14
ord3
ord11
ord18
ord13
ord61
ord16
ord5
ord10

wininet

InternetAutodial
InternetCloseHandle
InternetReadFile
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenUrlA
InternetSetOptionExA
InternetSetStatusCallback
InternetSetFilePointer
InternetQueryDataAvailable
InternetGetLastResponseInfoA
HttpQueryInfoA

wsock32

WSAStartup
WSACleanup

psapi

GetModuleFileNameExA

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecf52eb1f62a94c7ac38b44329584295

Headers

File Characteristics

Imports

winmm

setupapi

hid

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

odbc32

wininet

wsock32

psapi

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 384KB - Virtual size: 381KB

.data Size: 300KB - Virtual size: 468KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 384KB - Virtual size: 381KB

.data
Size: 300KB - Virtual size: 468KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB