home

xlicons.exe

MD5:
f97beaac32c05e29332541bad2d3edde

SHA-1:
48e46187e725a0738ba34b5b29119d7f5a6f088c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:35:45 AM UTC  (today)

File size:
400 KB (409,600 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\microsoft\installer\{90110404-6000-11d3-8cfe-0150048383c9}\xlicons.exe

File PE Metadata
Compilation timestamp:
8/9/2003 4:48:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:g7yL3OOeAaZYSR6dr83E3pnkmahcuGYCtP:g7UGYSAm3EJ5uGYCt

Entry address:
0x1000

Entry point:
C3, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7279

Code size:
4 KB (4,096 bytes)

The file xlicons.exe has been seen being distributed by the following 4 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-9HNOiqAgOHoiXXZNjeS98MsidVNoPC0eI3n1ZAqmZmRDrZLtcZ0tzp-u2zTDhVsM94-MCBXIqYGkt7mnSt3C9A/messages/@.id==ABt3w0MARYLXV9pW_Qc7kOZZN6s/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=27a61a85-8471-0ccd-011d-370046010000&token=9Lm0mzAgtiWBDOagjMCCJQByrcPWwNt70tAvlIyb_3qhK-dzhpzeqr7iNKAWRVfaf_mUinVrGXBMnLWHKdfMb-8fpxadvmeZOKAMmxj8Hg9xISu-bbkZWf8gpJjTM7ob-OZtZrw2rULBXQ-scIJXZQ&error=https://us-mg4.mail.yahoo.com/.../iframemsg?id=cef0c8ed-1954-5ed1-15ed-31ce57b12e88

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-_SGf3uaWO2KuQaLXw34Z_yFuV5vwj49DyO9rDcXoL9XzIhFa1r6Z4TdL7mzBP6Xf-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==ABGvCmoAATw6Vz_90AOCcAHVKnM/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYDh8wKOwtA9IFZIVrtgJZKEUarNKIJoyaoUgE8AIntGg&error=https://mg.mail.yahoo.com/.../iframemsg?id=55e8744b-5fee-2fe4-bfab-d6046a4018e4&ymreqid=e413b2a0-e374-528b-0182-c9001c010000

http://mcdonline.gov.in/mcdengg/content/.../xlicons.exe

http://ishare.iask.sina.com.cn/download.php?fileid=10862452

Scan xlicons.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.