OldIcon[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OldIcon.exe
Size

2.9MB
MD5

e7ac7ba3f6c206cbd140199a6de642d7
SHA1

1b44faccea41f65d9e254aa282b35abbb1dba9c8
SHA256

54c91e25c20a174cf15a8605402ffb71d5db9792a1980d76c694e8a7a9b06b9c
SHA512

3d50023e0f8d8150f454fd85ffa5239c57909da6006eb4c32f746fc92595e527e157deceaafd8c389cbd3dc5d0d45539e7c825801d50122a265e9f41bd66cb94
SSDEEP

49152:BiNDTNQw2gmRwOq2TVIDmvIzKTQ/dIMg29DVip8ZEs9EZpZZptXpgX5m6/fuimwP:BiDlm/6Pzt/dIM99DECN4KbfVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OldIcon.exe

Files

OldIcon.exe
.exe windows:4 windows x86 arch:x86

85ff8865282cd0252f59ec6279eebc9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vic32

ord203
ord128
ord167
ord202
ord205
ord192
ord110
ord55
ord7
ord47
ord122
ord120
ord64
ord51
ord3
ord36

kernel32

GetVersionExA
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
GlobalFree
LockResource
LoadResource
FindResourceA
GlobalHandle
GetLocaleInfoW
GetProfileStringA
GetProfileIntA
GetShortPathNameA
Sleep
GetExitCodeThread
ResumeThread
TerminateThread
SuspendThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
LoadLibraryA
FreeLibrary
LocalFree
FormatMessageA
GetTempPathA
GlobalSize
lstrcpyA
GlobalMemoryStatus
GetSystemInfo
GetExitCodeProcess
WriteFile
ReadFile
CreateFileA
GetProcAddress
ExitProcess
RtlUnwind
IsBadReadPtr
InterlockedIncrement
RaiseException
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
HeapReAlloc
SetStdHandle
GetFileType
CreateThread
TlsSetValue
ExitThread
TerminateProcess
TlsAlloc
SetLastError
TlsGetValue
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
VirtualAlloc
IsBadWritePtr
GetCPInfo
CompareStringA
CompareStringW
GetFileAttributesA
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
CloseHandle
GetWindowsDirectoryA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentThreadId
GlobalAddAtomA
GetVersion
GlobalDeleteAtom
OpenFileMappingA
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetLastError
CreateProcessA
GetTickCount
lstrcpynA
GetFullPathNameA
MultiByteToWideChar
lstrlenA
InterlockedDecrement
WideCharToMultiByte
GetLocaleInfoA
GetVolumeInformationA
SetErrorMode
GetDriveTypeA
GetLogicalDrives
GetModuleFileNameA
GetDiskFreeSpaceA
FindFirstFileA
FileTimeToSystemTime
FindNextFileA
MapViewOfFile
GetPrivateProfileStringA
GetSystemTime
WritePrivateProfileStringA
DeleteFileA
FileTimeToLocalFileTime
FindClose
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
FlushFileBuffers
UnmapViewOfFile

mpr

WNetCancelConnectionA
WNetAddConnectionA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

FindExecutableA
ShellExecuteA
SHAppBarMessage

user32

EnableWindow
DefMDIChildProcA
RegisterClassA
ShowCaret
HideCaret
ModifyMenuA
CreatePopupMenu
PostMessageA
GetFocus
ShowWindow
BringWindowToTop
EnableMenuItem
DrawIcon
DefFrameProcA
ScrollWindow
SetScrollRange
SetScrollPos
DeleteMenu
DestroyMenu
CheckMenuItem
GetMessageA
CallNextHookEx
SetWindowsHookExA
LoadIconA
KillTimer
SetTimer
LoadBitmapA
DestroyIcon
FrameRect
DrawTextA
CreateIcon
MessageBeep
MessageBoxA
GetActiveWindow
GetSubMenu
AppendMenuA
DrawMenuBar
SetMenu
CreateMenu
GetSystemMenu
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindow
GetClassInfoA
SetPropA
GetMessageTime
SetActiveWindow
TrackPopupMenu
DispatchMessageA
TranslateMDISysAccel
PostQuitMessage
TranslateMessage
IsWindow
CreateCursor
SetCaretPos
LoadStringA
IsIconic
VkKeyScanA
wsprintfA
IsWindowEnabled
ScreenToClient
GetDesktopWindow
GetPropA
UnregisterClassA
GetTabbedTextExtentA
SetForegroundWindow
FillRect
GetSysColor
GetWindowDC
GrayStringA
PeekMessageA
GetSystemMetrics
LoadCursorA
DrawFocusRect
GetUpdateRect
BeginPaint
EndPaint
RemovePropA
CallWindowProcA
GetCursorPos
SetCursorPos
DefWindowProcA
ClientToScreen
MoveWindow
GetWindowLongA
SetWindowLongA
TranslateAcceleratorA
CreateAcceleratorTableA
DestroyAcceleratorTable
SystemParametersInfoA
UnhookWindowsHookEx
GetDC
InvalidateRect
ReleaseDC
GetWindowRect
SetCapture
GetCursor
DestroyWindow
CreateWindowExA
GetClientRect
SendMessageA
SetCursor
ReleaseCapture
UpdateWindow
SetFocus
WindowFromPoint
SetWindowPos
GetCapture
GetKeyboardState
GetWindowThreadProcessId
DestroyCursor
GetParent

wsock32

accept
bind
listen
setsockopt
htonl
shutdown
ioctlsocket
socket
htons
inet_ntoa
WSAGetLastError
connect
recv
send
select
__WSAFDIsSet
closesocket
getsockopt
WSAStartup
gethostname
gethostbyname
inet_addr
WSACleanup

gdi32

GetTextExtentPointA
TextOutA
SetPolyFillMode
Polygon
Polyline
MoveToEx
LineTo
CreatePen
Ellipse
Pie
Arc
GetPixel
SelectClipRgn
SetROP2
CreateFontA
GetObjectA
GetStockObject
GetBkColor
GetBkMode
CreateSolidBrush
UnrealizeObject
GetClipBox
SetMapMode
GetTextMetricsA
CreateBitmap
CreateCompatibleBitmap
CreatePatternBrush
BitBlt
SetTextColor
SetBkColor
SetBkMode
DeleteObject
CreateCompatibleDC
SelectObject
DeleteDC
SelectPalette
RealizePalette
GetBitmapBits
StretchBlt
SetStretchBltMode
GetDeviceCaps
CreateDIBitmap
CreateDCA
AbortDoc
StartDocA
StartPage
SetPixel
CreatePalette
SetBrushOrgEx
EndDoc
EndPage
DPtoLP
ResetDCA
CreateRectRgn

comctl32

ord17

ole32

CoCreateGuid

oleaut32

VariantClear

winspool.drv

OpenPrinterA
GetPrinterA
ClosePrinter

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SharedDa
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85ff8865282cd0252f59ec6279eebc9a

Headers

File Characteristics

Imports

vic32

kernel32

mpr

comdlg32

advapi32

shell32

user32

wsock32

gdi32

comctl32

ole32

oleaut32

winspool.drv

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 432KB - Virtual size: 429KB

.data Size: 316KB - Virtual size: 448KB

SharedDa Size: 4KB - Virtual size: 12B

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 432KB - Virtual size: 429KB

.data
Size: 316KB - Virtual size: 448KB

SharedDa
Size: 4KB - Virtual size: 12B

.rsrc
Size: 56KB - Virtual size: 53KB