2024-06-06_cefd8f94f59fa671dcaeed27ef6247b2_hacktools_icedid_nymaim

General

Target

2024-06-06_cefd8f94f59fa671dcaeed27ef6247b2_hacktools_icedid_nymaim
Size

4.1MB
MD5

cefd8f94f59fa671dcaeed27ef6247b2
SHA1

5167756a2cdeca5e1910fdda3178dc990a80a4c7
SHA256

83623ca4e5cb6b85e8d8c38719b848403cd5ed30a6b81250c611e551df5a374c
SHA512

f93165b1b8f4cdb715c7bccca005902fbb7cd81dd1d156d87a757b082c3c5527ea0c1ef11a7ec70ab1e6ec6ba3f5bf70c447a0631b7044b6730ad7c52be8345b
SSDEEP

98304:isEhF1PU4oZgCr7Ihu+A/MipwA8qB09QfMKSTiPVbZ97U:isQPUtL+Maq0KSTiP1Z97U

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_cefd8f94f59fa671dcaeed27ef6247b2_hacktools_icedid_nymaim

Files

2024-06-06_cefd8f94f59fa671dcaeed27ef6247b2_hacktools_icedid_nymaim
.exe windows:4 windows x86 arch:x86

4cbcdd2d9ea5175ed1aeed7999ed12e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetStringTypeA
LCMapStringW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
GetStringTypeW
CreateWaitableTimerA
SetWaitableTimer
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree

qyui

GetNewSock

user32

MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
SetLayeredWindowAttributes
FindWindowExA
GetWindow
GetDC
MoveWindow
GetWindowRect
UpdateLayeredWindow
ReleaseDC

shell32

ShellExecuteA

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject

atl

AtlAxGetControl

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cbcdd2d9ea5175ed1aeed7999ed12e6

Headers

File Characteristics

Imports

kernel32

qyui

user32

shell32

gdi32

atl

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 3.9MB - Virtual size: 3.9MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 3.9MB - Virtual size: 3.9MB

.rsrc
Size: 8KB - Virtual size: 7KB