ICBM[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ICBM.7z
Size

767KB
MD5

93e7f7080797b83f022783663051cac6
SHA1

dd0944cdf23b767f40a633319b58f15c5e07e9a7
SHA256

3d975853527f3c27c107f2ffc2371203b062280690cc0e8ead2368128b1a2d1f
SHA512

549f288d3353dfae80257b3dce54af48c02e947bfe3974771d9711032c60224103cbeba9a2f8bd70a20d1e37742dd8b4b8a72ed63eb4f07a5fe241231aafb309
SSDEEP

12288:uo0PgpFx+PqCLU9vVzgfTIu7DUKs3NfqmrIoE82W3f/YdAwJi9btEL05iwoMuVzk:JugpFwUfzSHUKs3Ny49ttC05dFaAHiCp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/ICBM.exe

resource
unpack001/ICBM.exe

Files

ICBM.7z
.7z

Password: infected
ICBM.exe
.exe windows:6 windows x64 arch:x64

Password: infected

4d7fc3a5c3211519d3c48b2d257e22ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ICBM.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

kernel32

GetStdHandle
SetFilePointerEx
WriteFileEx
SleepEx
GetExitCodeProcess
QueryPerformanceFrequency
DuplicateHandle
HeapReAlloc
lstrlenW
ReleaseMutex
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
GetCommandLineW
GetEnvironmentVariableW
GetFileType
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetModuleHandleW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetFullPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetModuleHandleA
GetProcAddress
HeapAlloc
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemInfo
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
QueryPerformanceCounter
Sleep
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryExA
HeapFree
GetProcessHeap
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetConsoleMode
GetConsoleMode
GetTimeZoneInformationForYear
WTSGetActiveConsoleSessionId
CreateProcessW
TerminateProcess
GetLastError
OpenProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetCurrentProcessId
GetSystemTimePreciseAsFileTime
IsProcessorFeaturePresent

advapi32

DeleteService
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerW
CreateServiceW
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
LookupAccountSidW
GetTokenInformation
ControlService
SystemFunction036
OpenServiceW
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
AdjustTokenPrivileges

ntdll

NtReadFile
RtlNtStatusToDosError
ZwCreateFile
ZwSetValueKey
ZwClose
NtWriteFile

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

bcrypt

BCryptGenRandom

vcruntime140

memcmp
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memmove
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

exp2f
truncf
roundf
ceil
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm_e
exit
_exit
_initialize_onexit_table
_register_onexit_function
__p___argc
__p___argv
_cexit
_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_crt_atexit
_set_app_type
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4d7fc3a5c3211519d3c48b2d257e22ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

advapi32

ntdll

oleaut32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 636KB - Virtual size: 636KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 61KB - Virtual size: 61KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 636KB - Virtual size: 636KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 61KB - Virtual size: 61KB

.reloc
Size: 9KB - Virtual size: 9KB