home

IconChanger.exe

IconChanger

The executable IconChanger.exe has been detected as malware by 13 anti-virus scanners.
Product:
IconChanger

Version:
1.00

MD5:
4f28ca595bba03ac2a9c43b56a4e870f

SHA-1:
3a63b9a91eda5a5c3f713727c9529b87b8856c73

SHA-256:
2ce7db44b844cba26b138bde83b2939b4eb07ef4191690c23a4c5c54b92f9b5a

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/25/2024 5:57:27 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.129.216

avast!
Win32:Malware-gen
2014.9-140318

AVG
Dropper.Generic6
2015.0.3531

Bkav FE
W32.Clod408.Trojan
1.3.0.4923

Clam AntiVirus
Trojan.Agent-291890
0.98/18355

Comodo Security
UnclassifiedMalware
17740

IKARUS anti.virus
Trojan-Dropper.Win32.VB
t3scan.2.2.29

McAfee
Artemis!4F28CA595BBA
5600.7187

Norman
Suspicious_Gen2.VHSEN
11.20140318

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Sophos
Mal/Generic-S
4.97

Trend Micro House Call
TROJ_SPNR.30DK13
7.2.77

Trend Micro
TROJ_SPNR.30DK13
10.465.18

File size:
24 KB (24,576 bytes)

Product version:
1.00

Original file name:
IconChanger.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\iconchanger.exe

File PE Metadata
Compilation timestamp:
9/28/2009 2:41:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
192:NbyWnPjS59Yoj72MYgMGBcEteqjeXHxIYSWl3hp+UHXE9xrzwDRvXPpr5:9rnm59YmzeAe3j7+UHXE91wDRvfpr5

Entry address:
0x10BC

Entry point:
68, 88, 14, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 53, 6D, 25, F8, 7A, E5, 9B, 4E, B2, B2, 2F, D3, 58, 98, EA, B4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 60, 7C, 00, 38, 38, 38, 49, 63, 6F, 6E, 43, 68, 61, 6E, 67, 65, 72, 00, 00, 50, 50, 78, 00, 00, 00, 00, FF, CC, 31, 00, 08, 86, B1, 32, EF, D1, 9B, 36, 4A, 80, 95, 90, FF, 32, 94, C7, B1, 58, 7A, B0, 13, 83, 51, 5F, 4E, AA, 77, 34, D2, 51, FD, 35, 2E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.0392

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
16 KB (16,384 bytes)

Remove IconChanger.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.