home

iconm1u.exe

neomedia

The application iconm1u.exe by neomedia has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot.
Publisher:
neomedia  (signed and verified)

MD5:
66f6f24ff1494bed7c6e905704acfe6e

SHA-1:
49c692555afbb89789f3fdc0498349665e83e1af

SHA-256:
5fce3633ba2f80148e065d65860dbb5685a76e03ff6943a2cb6753aea86a3b1a

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
4/30/2024 4:03:37 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/KeywordFind.B
8.3.3.4

avast!
Win32:Adware-gen [Adw]
2014.9-161013

AVG
Generic
2017.0.2592

Bkav FE
W32.HfsAdware
1.3.0.8383

ESET NOD32
Win32/AdWare.KeywordFind (variant)
10.14248

Fortinet FortiGate
Riskware/KeywordFind
10/13/2016

F-Prot
W32/Themida_Packed
v6.4.7.1.166

IKARUS anti.virus
PUA.KeywordFind
t3scan.2.1.16.0

K7 AntiVirus
Adware
13.242.21129

McAfee
Artemis!66F6F24FF149
5600.6248

NANO AntiVirus
Trojan.Win32.Bifrose.djeicz
1.0.38.11822

Qihoo 360 Security
HEUR/QVM19.1.0000.Malware.Gen
1.0.0.1120

Sophos
Generic PUA EJ (PUA)
4.98

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
52896

File size:
986.2 KB (1,009,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\iconm1u.exe

Digital Signature
Signed by:
neomedia

Authority:
thawte, Inc.

Valid from:
1/25/2016 9:00:00 AM

Valid to:
1/25/2017 8:59:59 AM

Subject:
CN=neomedia, OU=IT Team, O=neomedia, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
343766F67EC25EF07DB4A9C47879EAF6

File PE Metadata
Compilation timestamp:
10/7/2016 2:31:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ooas9weVPCf8ejF3phJmKzM/2OeRPRyrR6rdYjBqxP:owDVPk8K1s3Bql

Entry address:
0x222000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, D0, 0B, 00, 2D, 5D, 36, 5F, 00, 05, 52, 36, 5F, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 5E, C3, 1B, 12, 68, 4C, DA, 54, 7C, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5300

Code size:
403 KB (412,672 bytes)

Remove iconm1u.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.