2024-06-06_3c67ead8f9cc01572d45e00a2a9690ff_4hxordropper_icedid_nymaim

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_3c67ead8f9cc01572d45e00a2a9690ff_4hxordropper_icedid_nymaim
Size

889KB
MD5

3c67ead8f9cc01572d45e00a2a9690ff
SHA1

b6b0dd859b53f8b8c9fb1c5f415fcc405aa8dfc2
SHA256

c9917e171b8e7f6f2c7d8d15ae4b167fe1fd4fce27354a4dc9f4fe29a4e98a10
SHA512

ebd9f87f8435b8f345b3dec91e81d67442c5d6cd3b8bf5afbbc2e70ce62fb91f4152a51f4c43f8829c3ae485392d8cb109b6cb52549939644c9547163c3d9947
SSDEEP

12288:AeVWeByBtTmp3x3bpa6dCxCghSQholTNH00w4pFYMP1wdkmg:AeaEp3xrpa/cghSQelTZ00Pydjg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_3c67ead8f9cc01572d45e00a2a9690ff_4hxordropper_icedid_nymaim

Files

2024-06-06_3c67ead8f9cc01572d45e00a2a9690ff_4hxordropper_icedid_nymaim
.exe windows:4 windows x86 arch:x86

948fcd48713713bb7756dabb7c1f4f38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
FileTimeToSystemTime
RtlUnwind
FileTimeToLocalFileTime
GetCommandLineA
ExitProcess
GetTickCount
CreateThread
ExitThread
TerminateProcess
RaiseException
GetStartupInfoA
GetFileType
HeapSize
HeapReAlloc
HeapAlloc
GetTimeZoneInformation
HeapFree
SetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
GetACP
DeleteFileA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetFileTime
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileAttributesA
GetOEMCP
GetCPInfo
SizeofResource
WritePrivateProfileStringA
GlobalFlags
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
LCMapStringW
LCMapStringA
ClearCommBreak
BuildCommDCBA
GetFileSize
WriteFile
GetOverlappedResult
FlushFileBuffers
ReadFile
FormatMessageA
LocalFree
CommConfigDialogA
GetDefaultCommConfigA
PurgeComm
ResetEvent
SetEvent
CreateFileA
GetLastError
SetLastError
SetupComm
CloseHandle
GetCommState
SetCommState
SetCommMask
SetCommTimeouts
SetEndOfFile
LockFile
UnlockFile
GetProfileStringA
DuplicateHandle
SetFilePointer
GetCurrentProcess
FreeLibrary
MulDiv
LoadLibraryA
GlobalGetAtomNameA
GetVersion
lstrcatA
lstrcpyA
GlobalAddAtomA
GlobalFindAtomA
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
InterlockedDecrement
WideCharToMultiByte
lstrlenA
GlobalFree
InterlockedIncrement
GlobalUnlock
LoadResource
LockResource
FindResourceA
GlobalAlloc
GetModuleFileNameA
GlobalLock
lstrcmpiA
GlobalDeleteAtom
lstrcmpA
GetCurrentThreadId
GetCurrentThread
SuspendThread
SetThreadPriority
ResumeThread
CreateEventA
VirtualAlloc
Sleep
WaitForSingleObject
WaitCommEvent
ClearCommError
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

InvalidateRect
RegisterClipboardFormatA
PostThreadMessageA
CharNextA
PtInRect
GetClassNameA
GetDesktopWindow
GetSysColorBrush
LoadCursorA
DestroyMenu
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
LoadStringA
GetDC
ReleaseDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
InflateRect
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
CopyAcceleratorTableA
GetMenuItemCount
GetSubMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
SetRect
MessageBeep
GetNextDlgGroupItem
GetSysColor
AdjustWindowRectEx
GetMenu
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetParent
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
PostMessageA
LoadIconA
EnableWindow
EnableScrollBar
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
GetWindowLongA
SetWindowLongA
SendMessageA
GetSystemMetrics
MessageBoxA
GetMenuItemID
SetFocus
DrawFocusRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode

gdi32

DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA
GetTextColor
GetBkColor
LPtoDP
GetMapMode
DPtoLP
CreateDIBitmap
BitBlt
GetTextExtentPointA
CreateCompatibleDC
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
PatBlt
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemAlloc

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948fcd48713713bb7756dabb7c1f4f38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 28KB - Virtual size: 1.1MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 28KB - Virtual size: 1.1MB

.rsrc
Size: 8KB - Virtual size: 5KB