Malware Analysis JPHP IceRat analysis

Not open for further replies.

Andy Ful

From Hard_Configurator Tools
Honorary Member
Top Poster
Dec 23, 2014
I am probably the last one who finally noticed that IceRat.exe and klip.exe are not only similar but in fact the same malware, despite the different hashes (but Vhash and Imphash are the same). They have almost identical sections (except .rsrc which differs only by hash and Chi2, but have the same Virtual Address - Virtual Size - Raw Size - Entropy). Furthermore they have identical Resources.:unsure:(y)
Last edited:


Thread author
Staff Member
Apr 9, 2020
I am closing this thread now.
The analysis of related samples is done. With related I mean all samples that are actually downloading, dropping or creating each other. The relations are outlined, starting with the first part of the infection chain.

Most of the things that were posted in this thread recently don't seem to be related to IceRat except for the domain. Or there are other very loose connections like just the file name. Feel free to open a different thread for discussing speculations of that case. 🤠
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.