icefire_14038185778[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

icefire_14038185778.zip
Size

784KB
MD5

a903dc0199ca138e24fdb2d070dacc57
SHA1

20a849f9a8811ad61c14e9046b2acf1e353d31d5
SHA256

a73d19911e3a73abbefafaa81c8472b57a360daf768bc7f935203028476aa788
SHA512

9e2e62a22aee5f74fb403d2c74bbbbf1569aa0ac4aa35ce35e51404682a276c214b03f490494e1a21e68286a717669edab8074b604dbf2e65f1f88a50bd58d08
SSDEEP

24576:kw+LczDTfV9ZnLTUjZlI5PUPOHrhk7ClK3a7RR:kdoz/V/nLT8lIWo16ClYK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8e72e79a2fcd0c2b162bb73e47e14c5f304302243b55e141353b7619fb35a34d

Files

icefire_14038185778.zip
.zip

Password: infected
8e72e79a2fcd0c2b162bb73e47e14c5f304302243b55e141353b7619fb35a34d
.exe windows:4 windows x86 arch:x86

082c5647dcaa83af4b94227a9c99514f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
CloseHandle
FindNextFileW
Process32NextW
CreateEventW
ExitProcess
CreateProcessW
GetLastError
CreateMutexA
CreateToolhelp32Snapshot
LocalAlloc
Process32FirstW
FindClose
lstrlenW
lstrcmpW
TerminateProcess
OpenProcess
SetEvent
WaitForSingleObject
GetLogicalDriveStringsW
GetDriveTypeW
FindFirstFileW
CreateMutexW
Sleep
SetThreadExecutionState
GetCurrentProcess
LoadLibraryW
LoadLibraryA
FreeLibrary
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
WideCharToMultiByte
DeleteFiber
GetModuleHandleExW
GetStdHandle
GetFileType
WriteFile
MultiByteToWideChar
GetVersion
GetModuleHandleW
GetProcAddress
GetEnvironmentVariableW
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
SetLastError
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange

user32

wsprintfW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

OpenSCManagerW
CryptGenRandom
CryptAcquireContextW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptDestroyKey
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptDecrypt
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
EnumServicesStatusW
OpenServiceW
CryptReleaseContext
CloseServiceHandle

shell32

SHEmptyRecycleBinW

ole32

CoInitialize

msvcp80

??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?close@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_WH@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

msvcr80

_wstat64
??_V@YAXPAX@Z
isalpha
_beginthreadex
isalnum
??2@YAPAXI@Z
__wargv
??3@YAXPAX@Z
wcstok_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
fclose
fwrite
_wfopen_s
wcscpy_s
_ftelli64
__CxxFrameHandler3
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
sprintf
signal
fputs
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
_fseeki64
__wgetmainargs
_amsg_exit
_wgetcwd
srand
rand
_wrename
memcpy_s
fread
_invalid_parameter_noinfo
memcpy
memset
memmove
malloc
free
realloc
_time64
wcsstr
_vsnwprintf
_vsnprintf
raise
qsort
strrchr
strchr
strncmp
memchr
strcspn
strspn
_stricmp
strcmp
strerror_s
atoi
strncpy
ferror
fflush
_setmode
_fileno
ftell
feof
fseek
fgets
_errno
_strnicmp
fprintf
__iob_func
isspace
strtol
getenv
_wfopen
fopen
_gmtime64_s
sscanf
strtoul
strstr
_stat64i32
_CxxThrowException

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext

ws2_32

WSAGetLastError
WSACleanup
closesocket
recv
WSASetLastError
send

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

082c5647dcaa83af4b94227a9c99514f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

vssapi

crypt32

ws2_32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB