Threat Database Trojans Trojan.MSIL.Dropper.ICC

Trojan.MSIL.Dropper.ICC

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Dropper.ICC
Signature status: No Signature

Known Samples

MD5: d64f8c386d0e0bc0f07317dfdb333352
SHA1: 5116ea6330570d1350396ff4f0717600d17de47b
SHA256: 6B2FBA109474BCC3CE390CC5B0F4D2F0CD2CD6CD8DF65FE0CA23BC97982EE2ED
File Size: 18.94 KB, 18944 bytes
MD5: 3b0b20a554c8ae622f3be67372284491
SHA1: b8dae0f14db5bc916f1d16049019321feac65edb
SHA256: EAA51B5B88ADC82FB356690FED38152F28B6FEE7314805113A9F961ED9458481
File Size: 8.07 MB, 8074752 bytes
MD5: 3fae44fd7a621da7e5768a74d3b91228
SHA1: a606a5dbfbbc8f7ea9e84a3021b483351bcdeb31
SHA256: 3F721D9799EBE5A0E8CE350598785650E3DD819C32249C201B721F7D2FE758B3
File Size: 7.68 MB, 7677440 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Cutting-edge solution that improves your security. Smart solution that accelerates your integration. Cutting-edge technology that integrates your security. Cutting-edge solution that improves your security. Smart solution that accelerates your integration. Cutting-edge technology that integrates your security. edoq_2963 Cutting-edge solution that improves your security. Smart solution that accelerates your integration. Cutting-edge technology that integrates your security.
  • Efficient interface that integrates your network. Smart software that customizes your system. Innovative AI that detects your data. Efficient interface that integrates your network. Smart software that customizes your system. Innovative AI that detects your data. zeq_1739 Efficient interface that integrates your network. Smart software that customizes your system. Innovative AI that detects your data.
  • Intelligent interface that customizes your files. Versatile platform that coordinates your files. Versatile engine that detects your storage. Intelligent interface that customizes your files. Versatile platform that coordinates your files. Versatile engine that detects your storage. udi_4262 Intelligent interface that customizes your files. Versatile platform that coordinates your files. Versatile engine that detects your storage.
Company Name
  • Cutting-edge solution that improves your security. Smart solution that accelerates your integration. Cutting-edge technology that integrates your security.
  • Efficient interface that integrates your network. Smart software that customizes your system. Innovative AI that detects your data.
  • udi_4262
File Description
  • hid_607
  • keme_9462
  • uco_3466
File Version 1.0.0.0
Internal Name
  • edoq_2963.exe
  • udi_4262.exe
  • zeq_1739.exe
Legal Copyright Copyright © 2025
Original Filename
  • edoq_2963.exe
  • udi_4262.exe
  • zeq_1739.exe
Product Name
  • hid_607
  • keme_9462
  • uco_3466
Product Version 1.0.0.0

File Traits

  • .NET
  • x86

Block Information

Total Blocks: 53
Potentially Malicious Blocks: 23
Whitelisted Blocks: 25
Unknown Blocks: 5

Visual Map

x x x 0 0 x x x ? x 0 0 0 0 x x x x x 0 ? x ? 0 0 x 0 0 0 ? 0 x 0 x x 0 0 0 x 0 0 0 x 0 0 x 0 x x ? 0 x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...