Windows Analysis Report
MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip

Overview

General Information

Sample name:	MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip
Analysis ID:	1541168
MD5:	d0fd69671504406cada8b5cd09256146
SHA1:	8cff42634e2d97d2b7aec060ad0f5fb9e14f206f
SHA256:	a7524e15838ab0941fee4fd3978e3fa55143de90dbfdeee870cfe8194cd74a29
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Program does not show much activity (idle)

Classification

Signatures

Source:

Binary string: D:\Work\PdfEditor\icepdfeditor-Desktop_Qt_5_15_1_MSVC2019_32bit\bin\icepdfeditor.pdb source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001032000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000952000.00000002.00000001.01000000.00000005.sdmp

Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://icecreamapps.com/act/crashfix/index.php/crashReport/uploadExternalCould
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://updates.icecreamapps.com/check.php
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://updates.icecreamapps.com/check.phphttps://icecreamapps.comhttps://icecreamapps.com/PDF-Editor
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://data.icecreamapps.com
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://data.icecreamapps.com/?pid=%1&ver=%2&dev=%3Send
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://google.ru
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://google.ruSome
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/Howto/how-to-make-icecream-pdf-editor-your-default-PDF-reader.html
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/PDF-Editor/changelog.html
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/PDF-Editor/upgrade.html?v=%1&t=%2
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/act/license.php
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/act/license.phphttps://icecreamapps.com/go/license_date.phpInvalid
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000000F7A000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.000000000089A000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/go/help.php?prod=pde
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://icecreamapps.com/go/license_date.php
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://mail.ru
Source: icepdfeditor.exe, 00000007.00000000.1459023086.0000000000F17000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 00000009.00000000.1533751759.0000000001013000.00000002.00000001.01000000.00000004.sdmp, icepdfeditor.exe, 0000000B.00000000.1685393086.0000000000933000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://ya.ru

Source: classification engine

Classification label: clean0.winZIP@4/0@0/0

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe"
Source: unknown	Process created: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe "C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe"

Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: libcurl.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: crashrpt1403.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5winextras.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: libcurl.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: crashrpt1403.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5winextras.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip\icepdfeditor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: libcurl.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: crashrpt1403.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: qt5winextras.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117\icepdfeditor.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip

Static file information: File size 1693727 > 1048576

Source:

Source: C:\Windows\System32\rundll32.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1541168
Product:	CloudBasic
Start time:	14:31:56
Start date:	24.10.2024
Sample:	MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d0fd69671504406cada8b5cd09256146
SHA1:	8cff42634e2d97d2b7aec060ad0f5fb9e14f206f
SHA256:	a7524e15838ab0941fee4fd3978e3fa55143de90dbfdeee870cfe8194cd74a29
Filetype:	ZIP compressed archive (8000/1) 100.00%

Windows Analysis Report
MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
MDE_File_Sample_5947d8bd2f31bedc98f322800cabd2fb85e56117.zip