home

icoupd.exe

Nippon Telegraph and Telephone West corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FCTICoUpd’.
Publisher:
Nippon Telegraph and Telephone West corporation  (signed and verified)

MD5:
c28defb504d94d14f53ac55a84d1ef79

SHA-1:
c7b49794a83593434045d5e22d657bd74272d2f4

SHA-256:
dba2c3a21a53dc173aec7bb63218676199640c3fafbc6be719987d2b5c687683

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 6:41:59 AM UTC  (today)

File size:
81.4 KB (83,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nttw\fletsconnectiontool\icoupd.exe

Digital Signature
Signed by:
Nippon Telegraph and Telephone West corporation

Authority:
VeriSign, Inc.

Valid from:
1/16/2007 9:00:00 AM

Valid to:
1/17/2008 8:59:59 AM

Subject:
CN=Nippon Telegraph and Telephone West corporation, OU=Broadband Application Service Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Nippon Telegraph and Telephone West corporation, L=Osaka-shi/Chuo-ku, S=Osaka-fu, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1022D5EF3D3A74ACC2B0B7E3957A5AF4

File PE Metadata
Compilation timestamp:
8/1/2006 3:06:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:sjSEnuWXS/gd0E03ihqtfKnTrz8ryvpwGkPKFjnsYcr1iV8tYylKTUZR4D:zEnuWXS/gd0ETq4Wye7Spn5DV8BlCUA

Entry address:
0x70D4

Entry point:
6A, 60, 68, 30, E6, 40, 00, E8, 30, 02, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, F4, EE, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 74, E0, 40, 00, 8B, 4E, 10, 89, 0D, DC, 1E, 41, 00, 8B, 46, 04, A3, E8, 1E, 41, 00, 8B, 56, 08, 89, 15, EC, 1E, 41, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, E0, 1E, 41, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, E0, 1E, 41, 00, C1, E0, 08, 03, C2, A3, E4, 1E, 41, 00, 33, F6, 56, 8B, 3D, 20, E1, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
5.9684

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
52 KB (53,248 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FCTICoUpd

Command:
C:\Program Files2\nttw\fletsc~1\icoupd.exe


Scan icoupd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.