home

wordicon.exe

MD5:
5f02de2e68d47ca326df279d635aab83

SHA-1:
719f30be31989577a4abe72336712b3a3dcfb8f9

SHA-256:
9e74be6c0553485c67a2c976b1f40f55ccf5ea743eb403aa1416f562bbdb2c56

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 4:05:30 PM UTC  (today)

File size:
280 KB (286,720 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wordicon.exe

File PE Metadata
Compilation timestamp:
8/9/2003 4:48:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:7e6/Xey/inrM5XIYwEfdrvr2JNZlUbX8PKCB3pV/cQYTFobXiCB3axXfxeS:pZinr8XIY9oNf0sPK6FY0i9h

Entry address:
0x1000

Entry point:
C3, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6557

Code size:
4 KB (4,096 bytes)

The file wordicon.exe has been seen being distributed by the following 15 URLs.

http://download.tax.nat.gov.tw/.../BLR_VER1200_1030829I.exe

https://alrifai.applicantstack.com/attachment/.../a6e4hzn6q53g

https://mail.aol.com/.../getPart?uid=28889260&partId=2&scope=STANDARD&saveAs=wordicon.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-aI-UycrJSpjQ3klDirNOKVeYmi85YelQS2jmZ31IFCXiy9hEy0IEvPJVqpe-N_It-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==AAl3w0MAApYrV4NTrQKAoDfvQng/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=6a1a00fc-6fb5-c553-01e1-f30026010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBY-kYyapcthrkyeezNptZ5JtWweW3aDQkMficgPKi154w&error=https://mg.mail.yahoo.com/.../iframemsg?id=1e02357f-75c3-2b5e-3ebb-9a72477e5c2d

https://mail.aol.com/.../getPart?uid=32127221&partId=2&saveAs=wordicon.exe

https://dl.dropboxusercontent.com/content_link/.../file?dl=1

https://mail.google.com/.../?ui=2&ik=fbfa7bb62c&view=att&th=141cfa505607def9&attid=0.1&disp=safe&realattid=f_hmyj9a8o0&zw

https://cfe1pq.blu.livefilestore.com/.../wordicon.exe

https://mail.aol.com/38848-916/aol-6/en-us/.../get-attachment.aspx?uid=27719308&folder=Sent&partId=4&saveAs=wordicon.exe

https://sg3-attach.ymail.com/hk.f1934.mail.yahoo.com/.../securedownload?m=YaDownload&mid=2_0_0_2_59434_ABXFCmoAAATZU6ZDzwAAAA0Bbqw&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&cred=DLuuzrPr9MfhpwykunWy2uMHy1ptttg8xUNj1Kljme5UpvU-&ts=1403405277&partner=ymail&sig=KsD8.hhCZN5sFAxxRdF8_Q--

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_59434_ABXFCmoAAATZU6ZDzwAAAA0Bbqw&fid=Sent&pid=2&clean=0&appid=YahooMailNeo

https://sg3-attach.ymail.com/hk.f1934.mail.yahoo.com/.../securedownload?m=YaDownload&mid=2_0_0_3_669_ABXFCmoAAAQ4U6ZDtgAAALV6j88&fid=Draft&pid=2&clean=0&appid=YahooMailNeo&cred=_jrmr76L9Md4ZoLeaZIhWMnnZ37tcQhxeG70.Jo5WS_Q8kY-&ts=1403405245&partner=ymail&sig=5AoOdHjxkpolFA1H6t79oQ--

https://sg3-attach.ymail.com/hk.f1934.mail.yahoo.com/.../securedownload?m=YaDownload&mid=2_0_0_3_669_ABXFCmoAAAQ4U6ZDtgAAALV6j88&fid=Draft&pid=2&clean=0&appid=YahooMailNeo&cred=GNYn5xqM9Mdz_F7U0qnapu_lYgeHxkJE53SSjwukIS5hUMk-&ts=1403405242&partner=ymail&sig=iRHSg8RDYouLgvKpcAKXzg--

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_669_ABXFCmoAAAQ4U6ZDtgAAALV6j88&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=140d547066&view=att&th=14163932960815f6&attid=0.1&disp=safe&realattid=f_hm4js6xg0&zw&saduie=AG9B_P-STdJAZJmog46KsuoApTaN&sadet=1380355122555&sads=0iRWE79YvE7QTwK6NgTYTlEWh1o&sadssc=1

Scan wordicon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.