× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 830125ace2dd06283a07d5e78388688ae6b8f41ad7c4c61ce60a0d0e82d590a0
File name: Inciter v3.0 ICAgent
Detection ratio: 18 / 55
Analysis date: 2014-11-23 15:25:16 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20141123
Avira (no cloud) TR/Gendal.KD.19911 20141123
Baidu-International Trojan.Win32.Generic.Am 20141123
BitDefender Trojan.Generic.KD.19911 20141123
Comodo Heur.Suspicious 20141123
Emsisoft Trojan.Generic.KD.19911 (B) 20141123
F-Secure Trojan.Generic.KD.19911 20141123
GData Trojan.Generic.KD.19911 20141123
Ikarus Trojan.SuspectCRC 20141123
Kingsoft Win32.Troj.Agent.ge.(kcloud) 20141123
McAfee Artemis!286017FA1AEE 20141123
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20141122
eScan Trojan.Generic.KD.19911 20141123
Norman Suspicious_Gen2.RTQHS 20141123
nProtect Trojan/W32.Agent.294912.RN 20141121
Rising PE:Trojan.Win32.Generic.1520263B!354428475 20141122
Symantec Trojan.Gen 20141123
Tencent Win32.Trojan.Agent.pho 20141123
Ad-Aware 20141123
AegisLab 20141123
Yandex 20141122
AhnLab-V3 20141123
Antiy-AVL 20141123
AVG 20141123
AVware 20141121
Bkav 20141120
ByteHero 20141123
CAT-QuickHeal 20141122
ClamAV 20141123
CMC 20141121
Cyren 20141123
DrWeb 20141123
ESET-NOD32 20141123
F-Prot 20141123
Fortinet 20141123
Jiangmin 20141122
K7AntiVirus 20141121
K7GW 20141121
Kaspersky 20141123
Malwarebytes 20141123
Microsoft 20141123
NANO-Antivirus 20141123
Panda 20141123
Qihoo-360 20141123
Sophos AV 20141123
SUPERAntiSpyware 20141123
TheHacker 20141121
TotalDefense 20141123
TrendMicro 20141123
TrendMicro-HouseCall 20141123
VBA32 20141121
VIPRE 20141123
ViRobot 20141123
Zillya 20141122
Zoner 20141120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2003 - 2006 SOFTRUN Inc.

Publisher SoftRun Inc.
Product Inciter 2006
Original name ICAgent30.EXE
Internal name Inciter v3.0 ICAgent
File version 3, 0, 0, 43
Description Inciter 2006 Client Module
Comments Inciter 2006 Client Module
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-09 07:49:55
Entry Point 0x00024B34
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
GetLastError
ReleaseMutex
TerminateThread
WaitForSingleObject
SetEvent
CopyFileA
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetLocalTime
GetStartupInfoA
GetWindowsDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
ReadFile
CreateMutexA
CreateThread
GetModuleHandleA
GetExitCodeThread
GetCurrentProcess
ResetEvent
GetSystemDirectoryA
ExpandEnvironmentStringsA
SetFileAttributesA
FreeLibrary
LocalFree
ResumeThread
CreateProcessA
CreateEventA
Sleep
FormatMessageA
SetThreadPriority
CreateFileA
GetVersion
GetProcAddress
SetCurrentDirectoryA
CloseHandle
Ord(1775)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2393)
Ord(3597)
Ord(3495)
Ord(939)
Ord(2124)
Ord(3136)
Ord(2723)
Ord(4524)
Ord(1842)
Ord(4424)
Ord(693)
Ord(5577)
Ord(6883)
Ord(5440)
Ord(4699)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6282)
Ord(2621)
Ord(2770)
Ord(3259)
Ord(5953)
Ord(4413)
Ord(5860)
Ord(1665)
Ord(4303)
Ord(5214)
Ord(1075)
Ord(5303)
Ord(5301)
Ord(2446)
Ord(5237)
Ord(4964)
Ord(813)
Ord(4441)
Ord(3698)
Ord(5277)
Ord(4499)
Ord(5356)
Ord(5204)
Ord(4531)
Ord(815)
Ord(4242)
Ord(366)
Ord(922)
Ord(641)
Ord(389)
Ord(2645)
Ord(1948)
Ord(4696)
Ord(2514)
Ord(4953)
Ord(4402)
Ord(338)
Ord(3454)
Ord(5199)
Ord(567)
Ord(4077)
Ord(1134)
Ord(5861)
Ord(941)
Ord(551)
Ord(6881)
Ord(4108)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(6675)
Ord(5265)
Ord(4425)
Ord(6058)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(356)
Ord(500)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(801)
Ord(4823)
Ord(2390)
Ord(3350)
Ord(2542)
Ord(6383)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(6007)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(5252)
Ord(1945)
Ord(6657)
Ord(6376)
Ord(5282)
Ord(1601)
Ord(1727)
Ord(2781)
Ord(3370)
Ord(4465)
Ord(2107)
Ord(6663)
Ord(2379)
Ord(2725)
Ord(765)
Ord(1776)
Ord(4998)
Ord(5472)
Ord(4376)
Ord(2764)
Ord(4457)
Ord(2582)
Ord(3749)
Ord(817)
Ord(2512)
Ord(541)
Ord(1980)
Ord(4274)
Ord(6143)
Ord(565)
Ord(6876)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(1146)
Ord(3825)
Ord(3147)
Ord(6375)
Ord(535)
Ord(6052)
Ord(4892)
Ord(2879)
Ord(1726)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(2256)
Ord(2614)
Ord(4353)
Ord(5808)
Ord(3748)
Ord(5100)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(520)
Ord(4545)
Ord(5280)
Ord(986)
Ord(4612)
Ord(4486)
Ord(2976)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6877)
Ord(4436)
Ord(2818)
Ord(2510)
Ord(6055)
Ord(3402)
Ord(800)
Ord(4623)
Ord(324)
Ord(3319)
Ord(4341)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4961)
Ord(4278)
Ord(2846)
Ord(6394)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(5606)
Ord(772)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(3996)
Ord(4837)
Ord(5241)
Ord(668)
Ord(4129)
Ord(2399)
Ord(5450)
Ord(5012)
Ord(2648)
Ord(4202)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6142)
Ord(6374)
Ord(3403)
Ord(4277)
Ord(823)
Ord(3302)
Ord(3229)
Ord(4622)
Ord(561)
Ord(1106)
Ord(1746)
Ord(6888)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(4226)
Ord(2841)
Ord(924)
Ord(4427)
Ord(4907)
Ord(4529)
Ord(3640)
Ord(4698)
Ord(4370)
Ord(4588)
Ord(5163)
Ord(3811)
Ord(296)
Ord(4673)
Ord(4858)
Ord(5710)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(860)
Ord(5731)
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xran@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
rand
malloc
_putenv
__p__fmode
_ftol
__dllonexit
toupper
sscanf
_except_handler3
_itoa
_acmdln
_mbscmp
_mbslen
_onexit
exit
sprintf
??1type_info@@UAE@XZ
__setusermatherr
__p__commode
localtime
free
__CxxFrameHandler
_mbsicmp
_ismbcdigit
_adjust_fdiv
__p___argc
getenv
_mbschr
atoi
_splitpath
__getmainargs
__p___argv
_exit
_XcptFilter
_setmbcp
memmove
difftime
time
_initterm
_controlfp
__set_app_type
_mbsstr
VariantInit
PathRemoveBackslashA
PathFindFileNameA
PathRemoveFileSpecA
PathAppendA
PathFileExistsA
wsprintfA
GetSystemMetrics
SetTimer
LoadIconA
UpdateWindow
EnableWindow
PostMessageA
MessageBoxA
SendMessageA
KillTimer
RegisterWindowMessageA
ExitWindowsEx
SetWindowPos
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetDevCaps
socket
recv
inet_addr
send
WSACreateEvent
gethostbyname
connect
WSAResetEvent
inet_ntoa
htons
closesocket
WSAGetLastError
NotifyAddrChange
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 4
RT_ICON 2
RT_STRING 1
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 11
PE resources
ExifTool file metadata
SpecialBuild
Seoul Metro

LegalTrademarks
SOFTRUN and Inciter are Trademarks of SoftRun Inc.

SubsystemVersion
4.0

Comments
Inciter 2006 Client Module

InitializedDataSize
135168

ImageVersion
0.0

ProductName
Inciter 2006

FileVersionNumber
3.0.0.43

UninitializedDataSize
0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
ICAgent30.EXE

PrivateBuild
2006. 09. 07.

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3, 0, 0, 43

TimeStamp
2006:10:09 08:49:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Inciter v3.0 ICAgent

FileAccessDate
2014:11:23 16:26:01+01:00

ProductVersion
3, 0, 0, 43

FileDescription
Inciter 2006 Client Module

OSVersion
4.0

FileCreateDate
2014:11:23 16:26:01+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 2003 - 2006 SOFTRUN Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
SoftRun Inc.

CodeSize
155648

FileSubtype
0

ProductVersionNumber
3.0.0.43

EntryPoint
0x24b34

ObjectFileType
Executable application

File identification
MD5 286017fa1aee3bee2fcc2a90d233d534
SHA1 4a824d329cb26b24207431f7f0948424d81512ee
SHA256 830125ace2dd06283a07d5e78388688ae6b8f41ad7c4c61ce60a0d0e82d590a0
ssdeep
6144:PqGcTAx1SUXbW8nOhATungnOhAtungnOhABungnunU84xWjBD1z+Q+CfndHMw3LS:0TAx1SinOhATungnOhAtungnOhABungP

authentihash 06157949ac75b1a242fa1ce2cff70d4bf536f00a6b9b08b3f6c0c20143bdf898
imphash d940dbc42361cc7fe30909ce993bae44
File size 288.0 KB ( 294912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2010-02-13 18:53:31 UTC ( 8 years, 6 months ago )
Last submission 2012-06-08 23:26:24 UTC ( 6 years, 2 months ago )
File names 1266793470.icagent30.exe
aa
1TeAuYxcJ9.xls
icagent30.exe
286017FA1AEE3BEE2FCC2A90D233D534
ICAgent30.EXE
0jGSeGxjxG.xdp
Inciter v3.0 ICAgent
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!