home

wordicon.exe

2007 Microsoft Office system

Microsoft Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘2007 Microsoft Office component’. This is installed with multiple programs including Microsoft Office Language Pack 2007 - English and Microsoft Office Professional Plus 2007. The file has been seen being downloaded from bmail.uol.com.br and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
2007 Microsoft Office system

Description:
2007 Microsoft Office component

Version:
12.0.4518.1014

MD5:
484acf6af85a29ac52f3cf054dfde9d3

SHA-1:
a47e72106e2115ed867bee8ec536c949847c8659

SHA-256:
d36a5fff5bd5df538457ed4dcf084bcd6e2820a6266b31405eadeed03076946d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/18/2024 7:58:54 PM UTC  (today)

File size:
867.3 KB (888,080 bytes)

Product version:
12.0.4518.1014

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
icons.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\wordicon.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/5/2006 2:43:46 AM

Valid to:
10/5/2007 2:53:46 AM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
10/27/2006 4:00:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:ywDHKNDuPci+QPLPrWI6dPeSamhED7/Ob2aapnhz24:1DHKN6Ph+Srj6eSamhED72b2bpnhi4

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2701

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
2007 Microsoft Office component

Command:
C:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\wordicon.exe


The file wordicon.exe has been discovered within the following programs.

Microsoft Office Enterprise 2007  by Microsoft Corporation
Office Enterprise 2007 is a version of Microsoft Office, a family of office suites and productivity software for Windows also named Office 12.
office.microsoft.com/en-us/excel
4% remove it
Microsoft Office Language Pack 2007 - English  by Microsoft Corporation
2% remove it
Microsoft Office Language Pack 2007 - German/Deutsch  by Microsoft Corporation
Publisher's description - “Microsoft Office Language Packs serve the needs of multilingual individuals who routinely create or edit documents and presentations in different languages.”
5% remove it
Microsoft Office Professional Plus 2007  by Microsoft Corporation
Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Fluent User Interface (initially referred to as the Ribbon User Interface), replacing the menus and toolbars – which have been the cornerstone of Office since its inception – with a tabbed toolbar, known as the Ribbon.
office.microsoft.com/en-us/professional
2% remove it
 
Powered by Should I Remove It?

The file wordicon.exe has been seen being distributed by the following 50 URLs.

https://bmail.uol.com.br/attachment?msg_id=MjEyNjQ&folder=DRAFT&disposition=attachment&ctype=wordicon.exe&&accountId=0

http://bmail.uol.com.br/attachment?msg_id=MTUwMw&ctype=wordicon.exe&disposition=attachment&folder=DRAFT

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_24305003_AF3uw0MAABA6Vou1JQJlSJqqKVg&fid=Inbox&pid=3&clean=0&appid=YahooMailNeo&ymreqid=f0c95d7b-214c-9a99-010c-1e000d010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-5_hF6K0zCPOlt3JRse7DpygpV3_aNafSE7YD2IK91oz6Oo055UioXhOl8NI5d4glpXSQPIt7834jXjyRXCwNNg/messages/@.id==AJZ2imIAEex6WH2dJggl8F7mxss/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaPU2FSUfB6GJ1tLm0wxHFlLhEQvEySpIrCCTZxz2JDEB--mZBU9QtqxwXhr8xZIUH-2ZtlT9A_pt3lDMkvO-73&error=https://mg.mail.yahoo.com/.../iframemsg?id=034d1407-bb75-068e-f52f-722daacce2f9&ymreqid=64226589-8e3e-be20-0102-410013010000

http://bmail.uol.com.br/attachment?msg_id=ODI0NQ&ctype=wordicon.exe&disposition=attachment&folder=DRAFT

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-FMXvnajXSpqgMxh8R7RvFREz4suGU52UuLLT4koB6W3yMGTTdjY0PsI0WXbiAaTTjVfli5JDkUiiZ09-kZbeLQ/messages/@.id==AE53w0MAG7QlV_TmRAHQ2O0kytQ/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=d180088c-ba89-e29e-014e-180037010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYA0hiDxXPb-NrvhEPixWISIjq4QOJhtrYy4iHA4-Na_q0WY0eEW1U7DoVnZrfglZOEOSXZdGsfQNtPcjV4ltu1&error=https://mg.mail.yahoo.com/.../iframemsg?id=67c79260-8333-9190-0869-01d7510e5a1b

http://bmail.uol.com.br/attachment?msg_id=NDY3NQ&ctype=wordicon.exe&disposition=attachment&folder=DRAFT

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-jk0qmJvWPG3SLcSlZLtUauquNfnkVRgjC4mDCWJrwJZD6hFn7oYVzp0eGo1L-In516LosaTOfImUY1y0-2LjAQ/messages/@.id==ADfuw0MADkEzV_Ojwwb5KFLAxzk/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=2a9cc0b7-f396-5587-01d9-bc000d010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbboR4OPcBZtouL8JgDloS6aUQQpK2OcYszPSRzdGQSuxlzax_1I9ZPt3MGMy_vNDcaVo2iytam4EeY4Pp4xKii&error=https://mg.mail.yahoo.com/.../iframemsg?id=03b5b5b3-38e3-4d93-3af0-18620e1080ae

https://ud.interia.pl/.../getattach,mid,96,mpid,11,uid,4a6149a1c89d7a4a?f=wordicon.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_6000_AKJUfbwAAA5HVmdWowXroLsROs4&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=98da7b47-430d-88e2-0190-320011010000

http://posta34.posta.libero.it/cp/ps/Mail/.../wordicon.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-hEFL9oDk06nKS6cKXtMWRLRQ_nDenLfgdVqYv9esv2pt8tpNNsAkGiLBTGoZXt6yOD6kXVc2zpLXfhb7tdqtlA/messages/@.id==AAlMyAoAAG87V0f9jgmZCHo0f9U/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=8dcdb576-a0c1-1ac5-017b-320037010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbsugoEQTDzejSIfRmsQmrO5tKdhQwx2O4fvk0Dl0ZRTA&error=https://ro-mg42.mail.yahoo.com/.../iframemsg?id=c61a294b-25f8-ddde-5288-e5d9fbc629b6

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-e5XcPIAfG2qurifzDa6hbJfcAhLfP8a-kQ1ThWa6jjJ-6EmG04J6uFwQw0YL_notjVfli5JDkUiiZ09-kZbeLQ/messages/@.id==AG5K2kIAAjaVV4a86wOdyAQlYd8/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=e5d5be90-9d4e-f9f5-01b8-240012010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbMBmU6NzQWP8CNH_HovAHnUxKSk1LpdidpTQwo9G5r1g&error=https://br-mg6.mail.yahoo.com/.../iframemsg?id=5ddc6376-3414-eb33-0568-6d9393718436

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-t8rlynQ6NDBf2YLMRTQM9PRjXg7cBJc2ELvHovxoN0zDwiGOQJBWJTaqBDMv4O2ULcnHBsCboInoMA37FGtLXw/messages/@.id==AL5K2kIABlpkV46DbAxQWPCCku0/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=fc7c3e69-30c0-d3b4-01cb-6b0082010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZNdkJL6nBilwx1hogocXCoVKOTrQSW93gvuvMz36r4QKtgezLTFbuWDfCaMFLPdGs&error=https://br-mg6.mail.yahoo.com/.../iframemsg?id=60b79eea-b5fb-4eec-ced7-6ca4c6509d09

https://p34-mailws.icloud.com/wm/.../wordicon.exe

https://zalacznik.wp.pl/0/.../wordicon.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-MdJMVZY3r_LJwe-zD9wtI-6xbhbhNhYps6AUjwyZkdux2mq1fpfxqWO3GP5l29P_/messages/@.id==ACwNiWIAA916V4Rsgwn6sKskG5U/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYREK_Z7VQnpMw9LVUb2Ajc4QS589m2ULn4HOf3kMCF_g&error=https://mg.mail.yahoo.com/.../iframemsg?id=e42b4cbc-e9fb-a8c0-1eea-6731bacc251e&ymreqid=c1c9c947-ecd0-fae8-01cd-2e0034010000

http://us-mg5.mail.yahoo.com/.../download?mid=2_0_0_3_2423_AHfkimIAABE9UiQqugAAAEo4KAc&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://webmail.ig.com.br/?_task=mail&_uid=5168&_mbox=INBOX&_action=get&_part=2&_download=1

http://bmail.uol.com.br/attachment?msg_id=NDYyMw&ctype=wordicon.exe&disposition=attachment&folder=DRAFT

https://mail.google.com/mail/u/.../?ui=2&ik=561d908031&view=att&th=14079a26fb5f046f&attid=0.1&disp=safe&realattid=f_hkbmxo1o1&zw

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-UOzQEzNQM0c2yKhhgOJvrGGjCJA5AQB9APqbbNzyYm9Te6a1l7Jc6G0GYnVxzMW2/messages/@.id==AKx2imIAB1YfV94t6wpoEBPvUAA/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=9a2e6c25-2265-d3da-01c0-fd00b3010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZYFPTq030CHYLn-1fNvExAZ7L9CKs13tF0BDuu894dY30VvQuO8ggwEZuSSoYVjX0GYHG5zZROOYeWZBW-NzAx&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=9c30204d-cd71-b75b-15d2-4b92f54eb7ea

http://mail.inbox.lv/view?msgmailbox=INBOX&index=2373&array_index=0&id=2&part_id=2&actionID=download_attach&f=wordicon.exe&thumb=0&cache=a332fc57a743ee00601c3dedf86a5434

http://eadgraduacaounitau.com.br/pluginfile.php/166878/assignsubmission_file/submission_files/243231/.../wordicon.exe

https://lms.arabou.edu.kw/ksa/draftfile.php/11042/user/draft/.../wordicon.exe

http://bmail.uol.com.br/attachment?msg_id=MTQ3NA&ctype=wordicon.exe&disposition=attachment&folder=DRAFT

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_105525_ABgNiWIAABmZVfobxgWdgHBmpTI&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==MTM1MTA4MDMxODc4NzgxMjIgMTIwMTQ0IDEyMDEgYXppb2xhc2hha2FqQHlhaG9vLmNvbQ/messages/@.id==AOlUimIAABSoVp1Skgy50O7DbPk/content/parts/.../raw?appid=YahooMailNeo&token=OoGIWzMXmQbFJV6GAskvF8IF3oTi4hUSiTAESF6VT483qOmB1vA2WM8lDnohuu6AypiIEsLVrw8McM7wc8J5fg&ymreqid=2182e095-22ab-f10d-0164-8f00cc010000

https://mail.google.com/.../?ui=2&ik=50efc2941a&view=att&th=14446b8bef169ab6&attid=0.1&disp=safe&realattid=f_hrtmwto20&zw

https://doc-00-3k-docs.googleusercontent.com/docs/securesc/g6nif0f13032urgu9nd3stngg5jrmor4/taudbkcc0jvnbgq56sngrb12f323kcut/1478174400000/.../13359085538760420124/0Bx8elOjjldodWnpJWnN2QzhzSkk?e=download

Latest 30 of 119 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.