File: 0a5c2fc4a772702f3d741d3448726869

Metadata
File name:icsys.icn.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:133902 bytes
Analysis date:2016-08-25 20:36:15
MD5:0a5c2fc4a772702f3d741d3448726869
SHA1:500db856812db3454a3c1e56c7e0148624a92b53
SHA256:92654da731338b70e3982850cef15bc9eefd9d846f89ec3725428c8732ac1542
SHA512:dded4061e4264710df9a960c9fcb45195b6e79e40428de6cd7f9c662d8b5dfcd9672dce16a46e6d64f33f206ef0faff94885eef338bec3acdc5f007f23ada800
SSDEEP:1536:VfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbJdn:VVqoCl/YgjxEufVU0TbTyDDalbn
IMPHASH:8c16c795b57934183422be5f6df7d891
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 0a5c2fc4a772702f3d741d3448726869.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ALYacGen:Variant.Symmi.43980
AVGAgent4.ALYU
AVwareTrojan.Win32.Agent.abzf (v)
Ad-AwareGen:Variant.Symmi.43980
AhnLab-V3Trojan/Win32.Swisyn.R1452
Antiy-AVLTrojan/Win32.Agent
ArcabitTrojan.Symmi.DABCC
AvastWin32:VB-OJQ [Wrm]
AviraWORM/Mofksys.bouem
BaiduWin32.Worm.VB.b
BitDefenderGen:Variant.Symmi.43980
BkavW32.DxedaZAV.Trojan
CAT-QuickHealWorm.Agent.XJ3
ClamAVWin.Trojan.Agent-1109049
ComodoTrojWare.Win32.VB.QOTY
CrowdStrikemalicious_confidence_100% (D)
CyrenW32/TJtroj.A.gen!Eldorado
DrWebWin32.HLLP.Swisyn
ESET-NOD32a variant of Win32/VB.QOT
EmsisoftGen:Variant.Symmi.43980 (B)
F-ProtW32/TJtroj.A.gen!Eldorado
F-SecureGen:Variant.Symmi.43980
FortinetW32/VB.QCC!tr.dldr
GDataGen:Variant.Symmi.43980
IkarusTrojan.Win32.VB
JiangminTrojan/Agent.hxgb
K7AntiVirusTrojan-Downloader ( 0011507f1 )
K7GWTrojan-Downloader ( 0011507f1 )
KasperskyTrojan.Win32.Agent.xjgj
MalwarebytesTrojan.Agent
McAfeeW32/Swisyn.ai
McAfee-GW-EditionBehavesLike.Win32.Swisyn.cm
MicroWorld-eScanGen:Variant.Symmi.43980
MicrosoftWorm:Win32/Mofksys!rfn
NANO-AntivirusTrojan.Win32.Agent.cqkyjd
PandaTrj/Spy.AT
Qihoo-360HEUR/QVM03.0.0000.Malware.Gen
SUPERAntiSpywareTrojan.Agent/Gen-Gosys
SophosTroj/Agent-ABZF
SymantecW32.Gosys!gen1
TheHackerTrojan/Downloader.VB.qcc
TotalDefenseWin32/Tnega.SHMfXW
TrendMicroPE_SWISB.A-O
TrendMicro-HouseCallPE_SWISB.A-O
VBA32Trojan.Agent
VIPRETrojan.Win32.Agent.abzf (v)
ZillyaVirus.HLLP.Win32.1
nProtectTrojan/W32.Agent.133902.B
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{ED6CA17F-B4CC-4BF9-B426-0BDE01CB7E81}
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServerX86
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandler32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandlerX86
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\AppID\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}
HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
CLSID\{00020424-0000-0000-C000-000000000046}
CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020424-0000-0000-C000-000000000046}
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
CLSID\{00020420-0000-0000-C000-000000000046}
CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020420-0000-0000-C000-000000000046}
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}
HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
Control Panel\International\Calendars\TwoDigitYearMax
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Schedule\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\msapsspc.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
\win32
\ProxyStubClsid32
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
Comments
User comments about 0a5c2fc4a772702f3d741d3448726869.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.