IcsEntitlementHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

IcsEntitlementHost.exe
Size

36KB
MD5

2d3c9011f0c0a0a1fd215376072cec3c
SHA1

26ba67c70abb7d18e9e2e79919e6a89dff376e06
SHA256

c34d682afde0423f9e4dcdaa3a88392281f35aa21d2bc301ca28f9938286b519
SHA512

98ea33c776e8ffb8c4a42ebafb30c320a01dc98dcdad9144074e1ae74ce2070e913240e4194f0b9bd810f8e881a4860cfbae27272a338ef43c7422f6d3c354d5
SSDEEP

768:GN8/i29O0ZG9xmUm/QpNOHrQ51f9l0daiB42BMHEY:88brZG9xJhpNirQDV+daW46Mx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IcsEntitlementHost.exe

Files

IcsEntitlementHost.exe
.exe windows x64

4f5540e6872e1985abf6f28de3cd8dbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__dllonexit
_unlock
_cexit
_lock
_exit
exit
_fmode
__setusermatherr
__C_specific_handler
_commode
_onexit
_initterm
__set_app_type
__CxxFrameHandler3
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_vsnwprintf
memcpy_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
memcpy
memmove
??1type_info@@UEAA@XZ
__getmainargs
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
memset

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f5540e6872e1985abf6f28de3cd8dbf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 448B