icardagt[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

icardagt.exe
Size

605KB
MD5

8d466b36076bcd7997838c0ddb69764c
SHA1

244126e58182e126d8e6413252732f6e0e2de51d
SHA256

1b4000ef40de381510de11e9737b0661a28f1098fad17f9721e94d3b59481c07
SHA512

f7a4e724fef2e6c9025cee497389a31b8f7f14e56c122807f997a8e739d05a0c6fa26a9a6c0a6a986e1de4323c265dfb7d80ae6fc742c84c4f8472f55cd87e32
SSDEEP

12288:W3nTr3lDzKiooeCJysLP9wSoEA1BdTfutE:W3nTr3lD/ty+xozBdTf7

Score

1^/10

Malware Config

Signatures

Files

icardagt.exe
.exe windows x86

56a5817e41adc44f4cc9982a7865eca8

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:88:99:02:32:d7:30:2c:db:21:e6:90:85:03:19:44:7b:f8:92:07
Signer

Actual PE Digest

cb:88:99:02:32:d7:30:2c:db:21:e6:90:85:03:19:44:7b:f8:92:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_crt_debugger_hook
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
memset
memcpy_s
_CxxThrowException
memmove_s
__CxxFrameHandler3
malloc
free
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
_purecall
__wgetmainargs
_amsg_exit
vswprintf_s
_vscwprintf
_vsnwprintf
memcpy
wcsncmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
ceil
_wtoi
iswspace
iswdigit
wcschr
_recalloc
bsearch
_wcsicmp
swprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_wcsnicmp
??2@YAPAXI@Z
_resetstkoflw
??_V@YAXPAX@Z
??_U@YAPAXI@Z
calloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_lock
??3@YAXPAX@Z

msvcp80

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@XZ
?allocate@?$allocator@G@std@@QAEPAGI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?assign@?$char_traits@G@std@@SAPAGPAGIG@Z
?max_size@?$allocator@D@std@@QBEIXZ
??0?$allocator@D@std@@QAE@ABV01@@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?eq@?$char_traits@G@std@@SA_NABG0@Z
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z
?_Move_s@?$char_traits@G@std@@SAPAGPAGIPBGI@Z
?_Copy_s@?$char_traits@G@std@@SAPAGPAGIPBGI@Z
?allocate@?$allocator@G@std@@QAEPAGIPBX@Z
?max_size@?$allocator@G@std@@QBEIXZ
?deallocate@?$allocator@G@std@@QAEXPAGI@Z
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?length@?$char_traits@G@std@@SAIPBG@Z

advapi32

InitializeAcl
GetAclInformation
GetSecurityDescriptorControl
CryptSignHashW
CryptGetUserKey
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetProvParam
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptSetProvParam
CryptDecrypt
CryptDestroyKey
CryptSetHashParam
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSidToSidW
LookupAccountSidW
CryptGetHashParam
CryptHashData
CryptDestroyHash
GetSecurityInfo
AdjustTokenPrivileges
GetAce
LookupPrivilegeValueW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
ImpersonateSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
EqualSid
CopySid
IsValidSid
GetLengthSid
OpenThreadToken
SetThreadToken
RevertToSelf
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
AddAce

kernel32

OpenProcess
RegisterWaitForSingleObject
GetUserDefaultUILanguage
UnregisterWait
GetCurrentProcess
FlushInstructionCache
RaiseException
WideCharToMultiByte
GetSystemTime
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetExitCodeThread
GetStringTypeExW
MultiByteToWideChar
GetLocaleInfoW
GetCommandLineW
SetCurrentDirectoryW
OutputDebugStringW
DebugBreak
FatalExit
SearchPathW
GetSystemDefaultUILanguage
GetVersionExW
LoadLibraryExW
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
HeapSetInformation
DuplicateHandle
LocalAlloc
GetModuleFileNameW
GetModuleHandleW
GetFileType
CreateFileW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FormatMessageW
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetLastError
FileTimeToSystemTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
InterlockedCompareExchange
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
CloseHandle
GetCurrentThread
SetEvent
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
TerminateJobObject
WaitForMultipleObjects
CreateThread
SetLastError
TerminateProcess
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
QueueUserWorkItem
WaitForSingleObject
ResetEvent
OpenEventW
CompareStringW
CompareFileTime
SystemTimeToFileTime

gdi32

GetStockObject
DeleteObject
GetObjectA
CreateFontIndirectW
GetDeviceCaps
GetObjectW
DeleteDC
BitBlt
SelectObject
SetLayout
CreateCompatibleDC
CreateRoundRectRgn
SetBkMode
GetDIBits
CreateCompatibleBitmap
StretchBlt
CreateDIBSection
SetDIBits
CreateDCW
GetTextExtentPoint32W
GetTextColor
GetBkColor
CreateICW
CreateSolidBrush
SetTextColor
SetBkColor

user32

DestroyMenu
AppendMenuW
EnableMenuItem
TrackPopupMenuEx
ScreenToClient
IsWindowVisible
GetWindow
SetCursor
PostQuitMessage
IsChild
DialogBoxParamW
GetKeyboardLayout
GetKeyboardLayoutList
IsRectEmpty
SetActiveWindow
IsDialogMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
CharUpperW
GetKeyState
GetClassNameW
MsgWaitForMultipleObjects
SetWindowRgn
SetScrollInfo
GetScrollInfo
ScrollWindowEx
EnableWindow
GetSysColorBrush
MessageBoxW
ShowWindow
MapWindowPoints
GetDlgCtrlID
SystemParametersInfoW
GetSystemMetrics
CloseDesktop
SetThreadDesktop
CreatePopupMenu
SetWindowPos
DestroyWindow
LoadStringW
UnregisterClassA
PostMessageW
IsWindow
CreateDesktopW
GetThreadDesktop
GetUserObjectInformationW
OpenInputDesktop
GetDesktopWindow
PeekMessageW
ReleaseDC
GetDC
DestroyIcon
LoadImageW
GetSysColor
CallWindowProcW
SetWindowLongW
SendMessageW
GetClientRect
BeginPaint
EndPaint
InvalidateRect
IsWindowEnabled
GetClassInfoExW
LoadCursorW
DefWindowProcW
EnumDisplayMonitors
GetMonitorInfoW
UpdateWindow
SetTimer
RegisterClassExW
GetWindowLongW
GetFocus
GetWindowTextW
GetWindowTextLengthW
CopyRect
InflateRect
DrawFocusRect
GetDialogBaseUnits
SetClassLongW
CreateWindowExW
SetWindowTextW
KillTimer
EndDialog
SwitchDesktop
GetWindowRect
GetDlgItem
CreateAcceleratorTableW
FillRect
DestroyAcceleratorTable
TranslateAcceleratorW
TrackMouseEvent
PtInRect
ClientToScreen
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetCaretPos
GetQueueStatus
EqualRect
OffsetRect
SendInput
DeferWindowPos
MoveWindow
GetParent

comctl32

ImageList_Destroy
ImageList_Add
ImageList_Create

comdlg32

GetSaveFileNameW
GetOpenFileNameW

cryptui

CryptUIDlgViewCertificateW

gdiplus

GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipGetFontHeight
GdipFree
GdipDrawRectangleI
GdipDrawString
GdipReleaseDC
GdipGetDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipCreateRegionPath
GdipCreateRegion
GdipGetClip
GdipSetClipRegion
GdipDeleteFont
GdipFillRectangleI
GdipGraphicsClear
GdipDrawPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipMeasureString
GdipSetPathGradientCenterColor
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRectI
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromScan0
GdipDeleteRegion
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen2
GdipCreateRegionHrgn
GdipCreatePen1
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillRegion
GdipDrawLineI
GdipFillRectangle
GdipDrawRectangle
GdipCreateLineBrush
GdipCreatePath2I
GdipGetStringFormatFlags
GdipDrawLine
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipSetPathGradientSurroundColorsWithCount
GdipDrawImageRectRectI
GdipGetPathGradientPointCount
GdipCloneImage
GdipDrawImageRectI
GdipGetWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipSetWorldTransform
GdipCreateMatrix
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipDeleteMatrix
GdipAlloc
GdipSetStringFormatLineAlign

msimg32

AlphaBlend

ole32

CoTaskMemFree
StgCreateStorageEx
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance

rpcrt4

NdrClientCall2
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelfEx
UuidToStringW
UuidCreate
RpcServerListen
RpcMgmtIsServerListening
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcBindingFree
NdrServerCall2

shlwapi

PathFindExtensionW
PathAddBackslashW

uxtheme

DrawThemeParentBackground

crypt32

CertSerializeCertificateStoreElement
CertOpenStore
CertStrToNameW
CryptAcquireCertificatePrivateKey
CertDuplicateStore
CertDuplicateCertificateContext
CertCloseStore
CertOIDToAlgId
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext

userenv

UnloadUserProfile

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetOpenW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a5817e41adc44f4cc9982a7865eca8

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

cb:88:99:02:32:d7:30:2c:db:21:e6:90:85:03:19:44:7b:f8:92:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

msvcp80

advapi32

kernel32

gdi32

user32

comctl32

comdlg32

cryptui

gdiplus

msimg32

ole32

rpcrt4

shlwapi

uxtheme

crypt32

userenv

shell32

version

wininet

Sections

.text Size: 550KB - Virtual size: 549KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 40KB - Virtual size: 39KB

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

cb:88:99:02:32:d7:30:2c:db:21:e6:90:85:03:19:44:7b:f8:92:07
Signer

.text
Size: 550KB - Virtual size: 549KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 40KB - Virtual size: 39KB