home

icqsetup.exe

I C Q LTD

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program ICQ 8.0 (build 6017) by Mail.Ru. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
ICQ  (signed by I C Q LTD)

Product:
ICQ

Version:
8, 0, 6017, 0

MD5:
56b94a673d353d3fcb8a5b4a53f91562

SHA-1:
baca76929a155a8910d2f906a0ff0bb61faa2f0c

SHA-256:
b222b01cea6dc3e030b715322c41ab8196a4fcfe6c7b7198bbc814de2c57ff15

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:17:15 PM UTC  (today)

File size:
32.1 MB (33,652,048 bytes)

Product version:
8, 0, 6017, 0

Copyright:
Copyright (C) 2001 - 2013

Original file name:
icqsetup.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\roaming\icqm\icqsetup.exe

Digital Signature
Signed by:
I C Q LTD

Authority:
VeriSign, Inc.

Valid from:
7/4/2012 6:00:00 PM

Valid to:
7/8/2013 5:59:59 PM

Subject:
CN=I C Q LTD, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=I C Q LTD, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7A8F6F2F463DD8A8CE5B5C3A4E5B5726

File PE Metadata
Compilation timestamp:
4/12/2013 8:12:03 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:MFzZprNzNI98arwlXcTsFn1oomBbmlvJ/8aL:MFtXzNIdrwqYV1rmdwJ0+

Entry address:
0x1123EA

Entry point:
E8, 70, D9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 4D, 85, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 5E, 0E, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 12, 33, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, A1, 0F, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, FE, 84, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD...
 
[+]

Entropy:
7.9718  (probably packed)

Code size:
1.8 MB (1,891,328 bytes)

Program Uninstaller
Program name:
ICQ 8.0 (build 6017)

Display publisher:
Mail.Ru

Display version:
8.0.6017.0

Uninstall string:
C:\users\{user}\appdata\roaming\icqm\icqsetup.exe -uninstallcu


The file icqsetup.exe has been seen being distributed by the following 4 URLs.

http://software-files-a.cnet.com/s/software/13/09/11/.../icq_rfrset.exe

http://exe.icq.com/icq.exe

http://files.downloadnow.com/s/software/13/09/11/.../icq_rfrset.exe

http://ftp.icq.com/pub/.../icq8_setup.exe

Scan icqsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.