home

icon.8c3cef86.e8ca.446c.9e34.15b5fa94bfd9.exe

2007 Microsoft Office system

Microsoft Corporation

This is installed with multiple programs including Microsoft Office Language Pack 2007 - English and Microsoft Office Professional Plus 2007. The file has been seen being downloaded from nowy.tlen.pl and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
2007 Microsoft Office system

Description:
2007 Microsoft Office component

Version:
12.0.4518.1014

MD5:
c0f4a57ba5e09a28ae3d2f67ed219eea

SHA-1:
265c860767b2ba6ccbc8dbcc48c376527dedf90f

SHA-256:
f2069979f2ea7bcc37e894a0fe1eb3a0d554878696c97827d62a13d9b0a84076

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 10:43:26 PM UTC  (today)

File size:
900.8 KB (922,384 bytes)

Product version:
12.0.4518.1014

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
icons.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\microsoft office\icon.8c3cef86.e8ca.446c.9e34.15b5fa94bfd9.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/4/2006 12:43:46 PM

Valid to:
10/4/2007 12:53:46 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
10/26/2006 2:00:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:IoWIYwQoc+6ky/Cr70qbH+IXJ/WnVQyNRDLdGZB6hJ9gWG+k:IoWIYwQoGky/Cr70qHXJ/WnVdNRDLdGv

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9934

The file icon.8c3cef86.e8ca.446c.9e34.15b5fa94bfd9.exe has been discovered within the following programs.

Microsoft Office Language Pack 2007 - English  by Microsoft Corporation
2% remove it
Microsoft Office Language Pack 2007 - German/Deutsch  by Microsoft Corporation
Publisher's description - “Microsoft Office Language Packs serve the needs of multilingual individuals who routinely create or edit documents and presentations in different languages.”
5% remove it
Microsoft Office Professional Plus 2007  by Microsoft Corporation
Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Fluent User Interface (initially referred to as the Ribbon User Interface), replacing the menus and toolbars – which have been the cornerstone of Office since its inception – with a tabbed toolbar, known as the Ribbon.
office.microsoft.com/en-us/professional
2% remove it
 
Powered by Should I Remove It?

The file icon.8c3cef86.e8ca.446c.9e34.15b5fa94bfd9.exe has been seen being distributed by the following 38 URLs.

https://nowy.tlen.pl/api/v2/mails/messages/10001-0a06cfa3fc0de77358997f35/.../1.2

http://ird.attach.mail.ymail.com/de.f1712.mail.yahoo.com/ya/securedownload?mid=2_0_0_1_217024_AG1TfbwAAJvBULJc1gP96TboXZw&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&redirectURL=http://de.mg41.mail.yahoo.com/neo/.../outage.php?b=_6065&mid=2_0_0_1_217024_AG1TfbwAAJvBULJc1gP96TboXZw&fid=Inbox&yid=lee_itchy&nAtt=1&cred=3sOGnPoc6tNg7bDLnbrNsIy1ceZ7jTu50l..D3u4O.Ov9TjdNShxcS3uxvnLCLGzDpGRPwfUo5YyDXBh_2kmdYuY1R.JMvS66NSrRQIE0a0ONgh3XNhaN9EodoQSH2EjOkQtYfnlDECmzm8lbAh1&ts=1353866538&partner=ymail&sig=nMOD1NyhFbC9ocFHmP1MTA--

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-Wc0tXVyc_gt8R_6sPc38LEOFU1IrA6y5A9FGCvPT2EHwqpesNCv6_tAkwDqa5txz/messages/@.id==AJnkimIACuzEV4WK5wbCeLpDGs4/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=52338afb-fbde-2517-018b-0f0037010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaeoWPtU9Vb2AryhA4dShP-BmBxuc2UTjmHlmQVvjcwMQ&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=111bb324-c144-71fc-f81e-6be2de9f6581

https://web.spaggiari.eu/cvv/app/.../didattica_genitori.php?a=downloadContenuto&contenuto_id=1814825

https://nm80.abv.bg/.../dl?mid=14226780714&fid=10&aid=4&an=pptico.exe

http://us.f1646.mail.yahoo.com/ya/download?clean=0&fid=Sent&mid=2_0_0_2_16872_ADRmw0MAAAx3UZjQ4AAAAAK2rzA&pid=2&tnef=&prefFilename=pptico.exe&redirectURL=http://us.mc1646.mail.yahoo.com/.../showMessage?cmd=download.failure&fid=Sent&mid=2_0_0_2_16872_ADRmw0MAAAx3UZjQ4AAAAAK2rzA&pid=2&tnef=&prefFilename=pptico.exe

https://ud.interia.pl/.../getattach,mid,672,mpid,3,uid,4dc6a714d0668049?f=pptico.exe

https://download.poczta.onet.pl/63735667/.../pptico.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-OErgcdUqgSUUGkNc-hxLsIO6Ra1f5q1E8YQxvmHQHjwtGNCiDhTAa-i1SD6T4yN4jVfli5JDkUiiZ09-kZbeLQ/messages/@.id==AG7ci2IAAWe9TuPvVwJFtzi8XYA/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZ_fIFYXEW7Nb9m0HhJAtjx2p2Hp-vB6weVO_hC3iiU6niyfHSnExwhPlSeoFJ2gT6EOSXZdGsfQNtPcjV4ltu1&error=https://mg.mail.yahoo.com/.../iframemsg?id=40aaa342-9877-f8b0-1458-793fcd8d7027&ymreqid=d5e66b1a-6bbe-12e8-01da-6e001c010000

https://download.wetransfer.com/eu2/.../pptico.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_3163_AEe imIACKJYViQDdgzJcPUadIM&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://doc-04-b4-docs.googleusercontent.com/docs/securesc/4g7pc4tbvg2oak712d0a85edhgi28k5n/2d1jurq4ivqbrkvqq6lpglnu8mkujqhl/1472644800000/.../04046776665163444787/0BwMnZTrXztsRLWpIQUJPbGdxQ00?e=download

https://onedrive.live.com/download.aspx?cid=05C9EA392CF81BAA&authKey=!ANeZ-Mp7W79nxNQ&resid=5C9EA392CF81BAA!116&canary=z8wNd5qG3BnmmSqFUOyAbMHzMIsxu8SdpmkeYp34dgE=2

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-BFefvmHLXb6amDHZt9HRVhujY9kPm9JC8y3P6JTVyCGjPvgBBOnnst60df2XZzoPBmBxuc2UTjmHlmQVvjcwMQ/messages/@.id==AJ_mjkQAAEPTVsdpUwXcACQhw9M/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbJJda23CbYdDg7BkNTAQeu4h7mrR78QzVQGh9VrzNFag&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=a33780dd-d6a6-512c-a0be-76629beba4c2&ymreqid=56527c20-85fa-8980-010f-a40040010000

https://doc-10-1g-docs.googleusercontent.com/docs/securesc/nn3113dqh48bp2agng6ua3vgcnavji30/bom9ikdt9fh3lsbrhud8he0f808m8b2i/1479398400000/17608663004666674710/.../0B2z5e5rFAAaFd2RkTHc2OER3ZEk?h=00768247166970896592&e=download

http://dla.uloz.to/Ps;Hs;fid=59607978;cid=1995572706;rid=1260114282;up=0;uip=91.229.88.106;tm=1474474585;ut=f;aff=ulozto.net;did=ulozto-net;He;ch=c4df24af2a9df70d2691a89e0cd68e4c;Pe/.../microsoft-powerpoint-exe/.../microsoft-powerpoint-exe?bD&c=1995572706&De

http://poczta.onet.pl/download.html?kid=42431321

https://mega.nz/temporary/.../ilFyDQ6J

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-BkhvJrwMAi3C2GV-tGPDgIn_M_JBNAV7-E8mcSzk6E7DFP21EonvEnS9kqY-JW1uUWhjIv2uHVC2R0Wv8Q9VgQ/messages/@.id==AMW-imIAALzcVy-CuQGeEMiS6tQ/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=ac9de57f-0fcd-8551-0104-a5013e010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBas5dujYMdv269O9pIYFMZdxEwfUWj-Th2Bgih9yLAoaRh-J5C6LyUnkpuuSevalNc&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=6e779c45-f2fb-1ddb-6e21-e6029a90a08b

http://poczta.onet.pl/download.html?kid=63759709

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_91440_AByvCmoAABImVP5kEA6xuMp0QnY&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

http://www.priprave.net/datoteka/datoteka/id/.../pptico.exe

http://zalacznik.wp.pl/0/.../pptico.exe

http://zalacznik.wp.pl/0/.../pptico.exe

https://mail.naver.com/file/download/.../?mailSN=24392&attachIndex=2&virus=1&domain=mail.naver.com&u=dpwl31411

http://bmail.uol.com.br/attachment?msg_id=NzQyNg&ctype=pptico.exe&disposition=attachment&content_id=<53bed761f2222_1b912fcb03c567a@a4-winter4.mail>&folder=DRAFT&attsize=1270844&content_id=<53bed761f2222_1b912fcb03c567a@a4-winter4.mail>&accountId=0

http://zalacznik.wp.pl/0/.../pptico.exe

https://ud.interia.pl/.../getattach,mid,189,mpid,3,uid,bb7733f6326631fe?f=pptico.exe

https://mail.naver.com/file/download/.../?attachType=normal&mailSN=15106&attachIndex=5&virus=1&domain=mail.naver.com&u=dkfflsk15

http://dc97.4shared.com/download/.../PowerPoint_2007.exe

Latest 30 of 38 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.