2024-06-27_cde8b615c8ae0f7637ec2b5af1e573db_hacktools_icedid_nymaim

General

Target

2024-06-27_cde8b615c8ae0f7637ec2b5af1e573db_hacktools_icedid_nymaim
Size

4.1MB
MD5

cde8b615c8ae0f7637ec2b5af1e573db
SHA1

5b36dbd279937db2f66e737cfed8fab86f25132d
SHA256

d858474b5cca666fd3dda89ea509e98575a01e323366752dc252b8d66e20e6e4
SHA512

493c757726b86abbcf351093d5898aa963fc731a678bfd04bd0fda93da940926f66ddea8e3c40bcc3bcd08e21b7b685afcca7e7581f3ece6fdf4897cd8cc7447
SSDEEP

98304:isEhF1PU4oZgCr7Ihu+A/MipwA8qB09QfMKSTiPVbZz7U:isQPUtL+Maq0KSTiP1Zz7U

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_cde8b615c8ae0f7637ec2b5af1e573db_hacktools_icedid_nymaim

Files

2024-06-27_cde8b615c8ae0f7637ec2b5af1e573db_hacktools_icedid_nymaim
.exe windows:4 windows x86 arch:x86

4cbcdd2d9ea5175ed1aeed7999ed12e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetStringTypeA
LCMapStringW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
GetStringTypeW
CreateWaitableTimerA
SetWaitableTimer
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree

qyui

GetNewSock

user32

MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
SetLayeredWindowAttributes
FindWindowExA
GetWindow
GetDC
MoveWindow
GetWindowRect
UpdateLayeredWindow
ReleaseDC

shell32

ShellExecuteA

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject

atl

AtlAxGetControl

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cbcdd2d9ea5175ed1aeed7999ed12e6

Headers

File Characteristics

Imports

kernel32

qyui

user32

shell32

gdi32

atl

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 3.9MB - Virtual size: 3.9MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 3.9MB - Virtual size: 3.9MB

.rsrc
Size: 8KB - Virtual size: 7KB