» icoupd.exe
Overview
Analysis
File Details
Behaviors (1)

icoupd.exe

Nippon Telegraph and Telephone West corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FCTICoUpd’.

File name:

icoupd.exe

Publisher:

Nippon Telegraph and Telephone West corporation (signed and verified)

MD5:

c915c53075ca430e510d962026457d72

SHA-1:

21c9c44efc20a5c7416cc175a4507fbf2037f4ec

SHA-256:

eacd18b4db697e674d609aab064aa9017699a94155bfbe2f2e1a6c9708466c32

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 1:38:58 AM UTC (today)

File size:

81.4 KB (83,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\nttw\fletsconnectiontool\icoupd.exe

Digital Signature

Signed by:

Nippon Telegraph and Telephone West corporation

Authority:

VeriSign, Inc.

Valid from:

1/16/2007 9:00:00 AM

Valid to:

1/17/2008 8:59:59 AM

Subject:

CN=Nippon Telegraph and Telephone West corporation, OU=Broadband Application Service Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Nippon Telegraph and Telephone West corporation, L=Osaka-shi/Chuo-ku, S=Osaka-fu, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1022D5EF3D3A74ACC2B0B7E3957A5AF4

File PE Metadata

Compilation timestamp:

4/16/2007 7:37:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

1536:8Ij35n+AijgN+/XtIb1DDC0d4DFpeRwhyKCwGYfEdoNclQc01iG++WylLliR4D:fz5n+AijO+/XtIb5DyyafMdFlB/zSlLN

Entry address:

0x71B4

Entry point:

6A, 60, 68, 08, E6, 40, 00, E8, 30, 02, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, F4, EE, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 74, E0, 40, 00, 8B, 4E, 10, 89, 0D, DC, 1E, 41, 00, 8B, 46, 04, A3, E8, 1E, 41, 00, 8B, 56, 08, 89, 15, EC, 1E, 41, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, E0, 1E, 41, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, E0, 1E, 41, 00, C1, E0, 08, 03, C2, A3, E4, 1E, 41, 00, 33, F6, 56, 8B, 3D, 20, E1, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

5.9857

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

52 KB (53,248 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FCTICoUpd

Command:

C:\Program Files1\nttw\fletsc~1\icoupd.exe

Scan icoupd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.