» IcarosThumbnailProvider.dll
Overview
Analysis
File Details
Behaviors (1)

IcarosThumbnailProvider.dll

Icaros Thumbnail Provider

Tabibito Technology

The library IcarosThumbnailProvider.dll has been detected as malware by 23 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

Tabibito Technology

Product:

Icaros Thumbnail Provider

Version:

2.2.1.0

MD5:

e6b818bb1f6e2e7a84d86dec2fd2deeb

SHA-1:

c6b95c3bd4c4ad9dfc99bbeff33dfd52d13b1372

SHA-256:

4b857088ad741b6028ea59c9ea98f472d3cdf83bf08ed5ebe6bd4bba02a517c1

Scanner detections:

23 / 68

Status:

Malware

Explanation:

IcarosThumbnailProvider.dll is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:

4/19/2024 9:29:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Bot.83057

5729548

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.3.2.2

Arcabit

Backdoor.Bot.D14471

1.0.0.425

avast!

Win32:Ramnit-CC [Trj]

150828-0

AVG

Win32/Zbot.F

2015.0.4409

Bitdefender

Backdoor.Bot.83057

1.0.20.1240

Bkav FE

W32.HfsAutoB

1.3.0.7133

Comodo Security

Virus.Win32.Ramnit.OV

23176

Emsisoft Anti-Malware

Backdoor.Bot.83057

10.0.0.5366

Fortinet FortiGate

W32/Ramnit.A

9/5/2015

F-Prot

W32/Patched.B!Generic

4.6.5.141

F-Secure

Backdoor.Bot.83057

5.14.151

G Data

Backdoor.Bot.83057

15.9.25

IKARUS anti.virus

W32.Ramnit

t3scan.1.9.5.0

McAfee

Virus.W32/Ramnit!trace

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.205.1047.0

MicroWorld eScan

Backdoor.Bot.83057

16.0.0.744

NANO AntiVirus

Virus.Win32.Nimnul.bqjjnb

0.30.24.3283

Norman

Backdoor.Bot.83057

04.08.2015 10:30:46

nProtect

Backdoor.Bot.83057

15.09.04.01

Quick Heal

W32.Ramnit.D

9.15.14.00

Sophos

Virus 'W32/Patched-I'

5.15

Total Defense

Win32/Ramnit!remnants

37.1.62.1

File size:

736.9 KB (754,575 bytes)

Product version:

2.2.1.0

Original file name:

IcarosThumbnailProvider.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English

Common path:

C:\Program Files\k-lite codec pack\icaros\icarosthumbnailprovider.dll

Registration

CLSID:

{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

3/7/2013 12:40:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:maP9bMyU7Pv29Xre6gTKGaV7hhbaqShLTBptbUs/tLPmQXK9p5Tx1mWJG:maP9xU+Xre6gWXdhbaqShLT7vEQ69bKX

Entry address:

0xBE000

Entropy:

5.2419

Code size:

168.5 KB (172,544 bytes)

Approved Shell Extension

Name:

Icaros Thumbnail Provider

CLSID:

{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}

Remove IcarosThumbnailProvider.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.