home

icon.12a89820.bfce.4007.a7fc.6092a09dd1c1.exe

2007 Microsoft Office system

Microsoft Corporation

This is installed with multiple programs including Microsoft Office Language Pack 2007 - English and Microsoft Office Professional Plus 2007. The file has been seen being downloaded from mg.mail.yahoo.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
2007 Microsoft Office system

Description:
2007 Microsoft Office component

Version:
12.0.4518.1014

MD5:
21ef4bb2a6ff4116fd83faee52d4a416

SHA-1:
fc448fdd31a30297c342c5fa3d73a96b80e17f17

SHA-256:
9cec8b999c21db95624f29c529fb6ada3f01a24ca7a90452f3bef0eb92a01a5f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/19/2024 12:23:55 AM UTC  (today)

File size:
1.1 MB (1,172,240 bytes)

Product version:
12.0.4518.1014

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
icons.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\microsoft office\icon.12a89820.bfce.4007.a7fc.6092a09dd1c1.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/4/2006 12:43:46 PM

Valid to:
10/4/2007 12:53:46 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
10/26/2006 2:00:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:p+T+MTOwO/P0d6msdO+hpASXbq/Qq7wgaq73w9VYBs3dW23:p2+QMk4mV+jASXg7wgN3wEiNW23

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1936

The file icon.12a89820.bfce.4007.a7fc.6092a09dd1c1.exe has been discovered within the following programs.

Microsoft Office Enterprise 2007  by Microsoft Corporation
Office Enterprise 2007 is a version of Microsoft Office, a family of office suites and productivity software for Windows also named Office 12.
office.microsoft.com/en-us/excel
4% remove it
Microsoft Office Language Pack 2007 - English  by Microsoft Corporation
2% remove it
Microsoft Office Language Pack 2007 - German/Deutsch  by Microsoft Corporation
Publisher's description - “Microsoft Office Language Packs serve the needs of multilingual individuals who routinely create or edit documents and presentations in different languages.”
5% remove it
Microsoft Office Professional Plus 2007  by Microsoft Corporation
Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Fluent User Interface (initially referred to as the Ribbon User Interface), replacing the menus and toolbars – which have been the cornerstone of Office since its inception – with a tabbed toolbar, known as the Ribbon.
office.microsoft.com/en-us/professional
2% remove it
 
Powered by Should I Remove It?

The file icon.12a89820.bfce.4007.a7fc.6092a09dd1c1.exe has been seen being distributed by the following 50 URLs.

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_91382_AL5L2kIAABK7VD41rwAAAExOj0I&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-ECqkwJesrAo-5W-e-s7w5FbMnIz1N8eOLddODyeEWtY4auecMM-bIDlLnsaivysp/messages/@.id==AOhJyAoAABVIWJNN5AV2cENfxLA/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=afc9e9d9-0af4-f15e-0109-120013010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZ8pSCKLGF-PaiDOH8HQGYZgN5-uMU4a1xp7UsyNKICIPrvCfAGkJdOxUte2duArxurYHsy0xW7lg3wmjBSz3Rr&error=https://mg.mail.yahoo.com/.../iframemsg?id=8571af85-3917-ba33-0902-968c066f623e

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-UE4ehlddpxUnisRKaTSuhqezY4XTnkEi096d-yDesfZjm8jkF-ZSsrHpRTV-_NF5asEpL6Jott_DjAn15eQVCA/messages/@.id==ABiC8QoAADWNWAXQKQGxmI9WnCU/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=617a272e-6b22-a244-01f1-f70036010000&token=oq3V0Vz2CgMsLhyPD4H7mgCdpYv2hTHTYjAFXh-AQzdlH-KmiZKQ13onYrfX0kUbG0QNn8nnWbUjgRDSkBIizvQd7jQURvBEt-_rEf_CXTLV_WR0knCbNDwyhfD3Yw-7&error=https://mg.mail.yahoo.com/.../iframemsg?id=e8c355c5-bc0c-b7d2-e830-a4282b130211

https://us-mg6.mail.yahoo.com/.../download?mid=2_0_0_1_122936_AEHci2IAATBoUYd8wggNNGBD9R8&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo

http://mail.uol.com.br/attachment?msg_id=MTIxMTc&folder=DRAFT&disposition=attachment&ctype=xlicons.exe&&accountId=0

https://mail.google.com/mail/ca/u/.../?ui=2&ik=dac9645b77&view=att&th=158bb84f99957dd4&attid=0.1&disp=safe&realattid=f_ivok5ka20&zw

http://bmail.uol.com.br/attachment?msg_id=NDYxNw&folder=DRAFT&disposition=attachment&ctype=xlicons.exe&&accountId=0

https://email.t-online.de/em/bin/.../deliveruploadedfile?id=803830018&disposition=attachment

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-8er2IIw75SHCXDdGLpulnupsfMiapmZnju9OM5RXWNHGTwvB8Sw8CR1VAOcB_gvO-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==ALXmjkQABYUNVt4lJQgiCB_BuqQ/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=ca00e3f2-ae35-68f5-01a6-8c004a010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZdg8Z_GogSa-dmgB1ImmiYRSLf1_cItX2s8NdNyRggig&error=https://ca-mg6.mail.yahoo.com/.../iframemsg?id=f4d16fa1-dd51-0651-19b1-ac348f05d581

https://mail.camtel.cm/service/home/.../?auth=co&loc=fr&id=1522&part=2&disp=a

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-RPa8L3YcbU6sDj78xRowL8-B192_AF84BGcayf7_m-oYw1m2a-pDUnQ9JD0w3wKXHRgg75KvPQSR-nR8tvCrUg/messages/@.id==AJoJDNkAA1zWV6CbCAKYEPAnA8E/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBb8vB0ryTCcQoqW8p5C-lgiznLoMbJ9lHx-6Nz1ls9zJa9BizqjjSwIidt2Ot7g7JXa9u8Z9QTvAV90FHetnmGm&error=https://xa-mg42.mail.yahoo.com/.../iframemsg?id=56b42932-bbc8-2336-4589-5c717a68ef87&ymreqid=642703f0-3d0e-2c0a-01d4-1800b9010000

temp:xlicons.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==MTM1MTA4MDMxODc4NzgxMjIgMTIwMTQ0IDEyMDEgYXppb2xhc2hha2FqQHlhaG9vLmNvbQ/messages/@.id==AO1UimIAABU9VqufQwjZoIC34dg/content/parts/.../raw?appid=YahooMailNeo&token=zz9jr-ScHvkyscO2GOWq2I7rSA5CnHoNspY-ClD9iYynOee_7akxiPjS-5wXbg1FypiIEsLVrw8McM7wc8J5fg&ymreqid=90088460-c6ac-11e5-c000-09b1092536f6

https://1and1-storage.net/data/federico@romarseguros.com/.../xlicons.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-eZTnr2-47PJvQTWxDJvkvYMfynMC0NGuNqk_9t_vlh3k8LRvGJByF6U8h9qaYjAO/messages/@.id==AK_mjkQABAUUV7zIZgIPWG601J4/content/parts/@.id==5/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBa2jK1TyAxmAWntWVgYQeTF6F676llwJijNHGM9Rx73ng&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=09787a4d-5fe7-1983-51a9-4529ceb7a9f4&ymreqid=d014a06b-e151-539e-0151-5b0020010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_775328_ABrFCmoAABFtVqcrjgzsmAsVivw&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=0cbd831e-f22d-d82b-01a9-e8001c010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_11755_AIQJDNkAABGDVPbtZggiCF4VBmc&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-evFmuhIARUrV5Jlt0LiC98Mz5TBJ40YGkCcgP_tZHRsrqafdm4-GRiocyo2MGAn7/messages/@.id==AFavCmoAAYMHVxhcfwZ4QCkyyrg/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=ae53dfd3-e0f7-e2eb-0155-970015010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYO6ApifIImAq7DBRhjwY6uOstHGQ2SvOzuBlPC52QM-g&error=https://mg.mail.yahoo.com/.../iframemsg?id=5613af15-e6c0-d7ba-33cd-d437aebf44be

https://mail.google.com/mail/u/.../?ui=2&ik=fe84911699&view=att&th=146c54f8e64f6b80&attid=0.1&disp=safe&realattid=f_hwqtl33y0&zw

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-TyjHzD-MUybX1FghjsF5otzYO6IqyCvbpsHYORLRXd-SoghJD3DdC7BfhzyGlW71/messages/@.id==AJp2imIAAvduWBI09QYK4GptRTc/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=288e9d11-126a-c85f-0124-b70053010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBavu81PwcOP0KoxD89teD24PsPIg0vpjy5obdICARUR845N8noDq6SkRIfj71_uv5VMlUleY6728bm9WFo5Zq_P&error=https://mg.mail.yahoo.com/.../iframemsg?id=7361d17c-b958-3297-f11b-43afe591d2a5

http://phuketarea.go.th/e-office/efi8/files/.../402220140423154153.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-6iqMtbgI1az6VFvZAm0kqmd_MPKDfdAuN2OV4KIDcqMzmhWkVEazQSmBlQsmf11gQv4c4iUXZ0n8-D-n3jtmIQ/messages/@.id==AI6_imIAF4-NWAZYfwH0AMPMXBk/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYc0fKAXb8SWVClM2-qcVnLVCw9DYwu8V6WIzuD0S1lDTg7LzQL6ACEiUt967qN_UwqcQYZEjvYn_Ia3pRfsoSX&error=https://mg.mail.yahoo.com/.../iframemsg?id=3796e53b-4cc5-730c-b8b5-75f1c2372d5e&ymreqid=4135a9b7-44a5-c282-0181-22000c010000

https://doc-10-2c-docs.googleusercontent.com/docs/securesc/uns43e47hvth6pfh5fdpbac1b10pq567/abln6jl4h0oass760g8stg3ium0gvekt/1476360000000/.../16374510432977870865/0BxggpLiiqPviZTc5Q3VkaEZQZXM?e=download

http://zalacznik.wp.pl/0/.../xlicons.exe

http://freemail.net.hr/download.php?msg_id=00010000000a000008bc002e2b73&idx=1.2&filename=xlicons.exe&r=25.227005065733877

https://messageriepro.orange.fr/nc/G05R00C30/OFX/fr-FR/.../download.html?CHECK_ATTACHEMENT=TRUE&PJRANG=2&csid=1468156403554&cbe=MET&token=o5782499da73f58.74899982

https://doc-08-44-docs.googleusercontent.com/docs/securesc/r380q20sqees1cb8ddjbepu390516b6e/oai826qebhhejc92luv8bklmdntbli9n/1474804800000/.../07864116830450390226/0B6zpDE9YUfnMOUl4M3kwVUNiY2M?e=download

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_39018_AHxpimIAABONVphd8waTmEqVW3I&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=4ff81c23-c2d2-6258-01c0-860031010000

https://onedrive.live.com/download.aspx?cid=D1D6CFAF8B2314F4&authKey=!AE_2rKBIzKKESks&resid=D1D6CFAF8B2314F4!188&ithint=.exe

https://dlvr.t-online.de/dlvr?p[dtkn]=nxOOHfzJEONCNKEjUJswg1QsyyECk42M

Latest 30 of 52 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.