2024-09-30_b83bd662f9070c377edb105e4a50366b_icedid_nymaim

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-30_b83bd662f9070c377edb105e4a50366b_icedid_nymaim
Size

5.7MB
MD5

b83bd662f9070c377edb105e4a50366b
SHA1

9b2aa096fb1d0c3381763de113563d0a639cab2f
SHA256

6e4574d27863dce2563b7ee846e4d324088866b580ab9ec88749ba8d73efd6fe
SHA512

ce99711011dfe0fbca6e1e27dea6284fa2af5f824a19a582f0508e5b1905c19d74b650c6b3f345f944f232bd087bad7fdf905df4d60803dd919ac86b37fe8f6a
SSDEEP

98304:kRrFDzF9iexAFVw/xU6xdPkRReFtn5Hz4em:arVF9jr/S6xdPCeLnO

Score

1^/10

Malware Config

Signatures

Files

2024-09-30_b83bd662f9070c377edb105e4a50366b_icedid_nymaim
.exe windows:4 windows x86 arch:x86

ac1c0192249bdc42d467747f8b3e5e54

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:76:29:4e:2a:3f:45:98:18:3f:75:13:31:92:c7:c4:e5:11:51:57:78:ef:49:06:1d:95:f5:f8:b2:fe:ea:bd
Signer

Actual PE Digest

c2:76:29:4e:2a:3f:45:98:18:3f:75:13:31:92:c7:c4:e5:11:51:57:78:ef:49:06:1d:95:f5:f8:b2:fe:ea:bd

Digest Algorithm

sha256

PE Digest Matches

true

b1:58:be:ca:49:97:2a:c6:65:ec:08:6b:2c:c2:8a:51:6c:3c:19:bb
Signer

Actual PE Digest

b1:58:be:ca:49:97:2a:c6:65:ec:08:6b:2c:c2:8a:51:6c:3c:19:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetNumDevs
mixerOpen
mixerGetLineControlsW
mixerGetLineInfoW
mixerGetDevCapsW
waveOutGetDevCapsW
waveOutOpen
waveOutReset
waveOutClose
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
mixerClose
mciSendCommandW
mixerGetControlDetailsW
mixerSetControlDetails
mciGetErrorStringW

rpcrt4

UuidFromStringW

kernel32

GetFileType
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
IsBadWritePtr
LCMapStringA
GetStringTypeA
SetUnhandledExceptionFilter
SetStdHandle
IsValidLocale
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
RaiseException
CompareStringA
GetACP
GetOEMCP
SetEnvironmentVariableA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
FindResourceA
GlobalAddAtomA
GetProfileStringA
FindClose
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
WaitForSingleObject
ReadFile
SetLastError
ExitProcess
ResumeThread
SuspendThread
CreateThread
GetTickCount
LocalFree
RtlUnwind
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentDirectoryA
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
SetErrorMode
GetProcessVersion
LocalReAlloc
GlobalReAlloc
TlsFree
GlobalFlags
lstrcmpiA
UnlockFile
LockFile
lstrcmpA
GetModuleHandleA
GlobalDeleteAtom
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetFileInformationByHandle
MoveFileExW
TlsAlloc
DosDateTimeToFileTime
TlsSetValue
TlsGetValue
GetSystemDefaultLangID
LocalAlloc
GlobalUnlock
SetThreadExecutionState
CreateEventA
GetOverlappedResult
GetCurrentThread
OpenProcess
MapViewOfFile
UnmapViewOfFile
GetThreadPriority
VirtualProtect
ExitThread
WinExec
GetExitCodeProcess
CreatePipe
DuplicateHandle
SetFilePointer
GlobalLock
SetEndOfFile
GlobalSize
GetCurrentProcessId
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
SetEvent
InitializeCriticalSection
SetThreadPriority
GetFileTime
GlobalHandle
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
GetCurrentThreadId
GetCurrentProcess
GetVersion
DefineDosDeviceW
GetLogicalDrives
SetFileTime
ResetEvent
GetFileSize
WriteFile
FlushFileBuffers
CloseHandle
FreeLibrary
LoadResource
SizeofResource
LockResource
DeviceIoControl
GetLastError
GlobalFree

user32

SetRect
SetParent
TranslateMessage
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetRectEmpty
DestroyCursor
SetCursorPos
DestroyMenu
EndPaint
BeginPaint
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
IsDlgButtonChecked
CheckRadioButton
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
ScrollWindow
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetMenu
TrackPopupMenu
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
DestroyWindow
IsWindowEnabled
GetAsyncKeyState
DrawEdge
CreateIconIndirect
GetIconInfo
ShowWindow
GetScrollInfo
IsWindow
GetWindowPlacement
MoveWindow
GetDlgCtrlID
SetWindowPos
DrawFrameControl
DrawFocusRect
MessageBeep
DrawIcon
SendMessageA
SetMenuDefaultItem
FrameRect
DrawIconEx
GetDCEx
IntersectRect
SetCaretPos
GetSystemMetrics
HideCaret
CreateCaret
ShowCaret
DestroyCaret
IsRectEmpty
IsIconic
InvalidateRgn
ReleaseCapture
SetCapture
SetMenu
CheckMenuRadioItem
DestroyIcon
GetSysColorBrush
IsWindowVisible
IsZoomed
EmptyClipboard
SetClipboardData
GetMessagePos
FillRect
PtInRect
GetWindowDC
GetMenuItemCount
WindowFromPoint
GetDesktopWindow
TrackPopupMenuEx
UnhookWindowsHookEx
CallNextHookEx
GetCapture
MapDialogRect
PostQuitMessage
ShowOwnedPopups
ValidateRect
MessageBoxA
GetDlgItem
SetFocus
GetKeyState
GetFocus
UpdateWindow
EqualRect
BeginDeferWindowPos
EndDeferWindowPos
GetDC
ReleaseDC
RedrawWindow
InflateRect
GetSysColor
CopyRect
OffsetRect
OpenClipboard
CloseClipboard
GetSystemMenu
BroadcastSystemMessage
GetMenuItemID
RemoveMenu
EnableMenuItem
CheckMenuItem
GetSubMenu
GetWindowRect
GetClientRect
ClientToScreen
CreatePopupMenu
SetForegroundWindow
GetParent
LockWindowUpdate
ShowScrollBar
SetTimer
KillTimer
GetCursorPos
ScreenToClient
SetCursor
InvalidateRect
GetKeyboardLayout
GetClassNameA
SetWindowsHookExA
CharNextA
DefWindowProcA
DefDlgProcA
GetClassInfoA
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
GetWindowTextLengthA
EnumChildWindows

gdi32

GetDeviceCaps
SetDIBits
GetDIBits
GetClipBox
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
Escape
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CombineRgn
StretchDIBits
LPtoDP
RectVisible
PtVisible
CreateRectRgn
Ellipse
GetTextColor
PolyPolyline
SetBkMode
SetTextColor
SetBkColor
CreateRectRgnIndirect
SetRectRgn
TranslateCharsetInfo
GetBkColor
SetBoundsRect
MoveToEx
LineTo
CreateDIBitmap
RoundRect
CreateCompatibleBitmap
DeleteDC
CreatePen
DeleteObject
CreateSolidBrush
Rectangle
GetStockObject
PatBlt
CreateDIBSection
CreateCompatibleDC
GetPixel
SetPixel
SetStretchBltMode
BitBlt
StretchBlt
CreateBitmap
ExtTextOutA
GetTextExtentPointA
SelectObject

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA
GetTokenInformation
OpenProcessToken
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
DeleteAce
EqualSid
GetAce
GetAclInformation
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
DragFinish
DragAcceptFiles

comctl32

ImageList_AddMasked
ImageList_Add
_TrackMouseEvent
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

ole32

OleGetClipboard
CoTaskMemFree
PropVariantClear
CreateStreamOnHGlobal
DoDragDrop
CoCreateInstance
CoUninitialize
ReleaseStgMedium
CoInitialize
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
OleDuplicateData
CoTaskMemAlloc
CoRegisterMessageFilter
CoRevokeClassObject
CoCreateGuid

olepro32

ord251

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringByteLen

wininet

InternetAttemptConnect
InternetOpenW
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW
InternetConnectW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac1c0192249bdc42d467747f8b3e5e54

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65Certificate

Extended Key Usages

Key Usages

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65Certificate

Extended Key Usages

Key Usages

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

c2:76:29:4e:2a:3f:45:98:18:3f:75:13:31:92:c7:c4:e5:11:51:57:78:ef:49:06:1d:95:f5:f8:b2:fe:ea:bdSigner

b1:58:be:ca:49:97:2a:c6:65:ec:08:6b:2c:c2:8a:51:6c:3c:19:bbSigner

Headers

File Characteristics

Imports

winmm

rpcrt4

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 1.3MB - Virtual size: 2.7MB

.rsrc Size: 552KB - Virtual size: 548KB

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

c2:76:29:4e:2a:3f:45:98:18:3f:75:13:31:92:c7:c4:e5:11:51:57:78:ef:49:06:1d:95:f5:f8:b2:fe:ea:bd
Signer

b1:58:be:ca:49:97:2a:c6:65:ec:08:6b:2c:c2:8a:51:6c:3c:19:bb
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 1.3MB - Virtual size: 2.7MB

.rsrc
Size: 552KB - Virtual size: 548KB