home

icacls.exe

The executable icacls.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address hostby.echoromeonet.co.uk on port 8080.
MD5:
4e9be1d60c03fac14841bea36aacfc83

SHA-1:
8b99a96538115799287546d238c41b240bd33c05

SHA-256:
3e7c03bbd51f82eff3d7401b2807bf7dd98a71d04aae1a5993a12d839589c2f4

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
10/10/2025 8:18:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
7.11.171.66

AVG
Win32/DH
2015.0.3356

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.5.0

Kaspersky
Trojan.Win32.Agent
14.0.0.3275

Malwarebytes
Trojan.Agent
v2014.09.09.11

McAfee
Artemis!4E9BE1D60C03
5600.7012

Norman
Agent.BFGVY
11.20140909

File size:
131 KB (134,144 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\ieupdate\icacls.exe

File PE Metadata
Compilation timestamp:
9/7/2004 11:13:43 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:2hoMCCB4mOZM2SYmIAKuuVfEyF3jCLBHUc36h:2OMp7YqMVfEyF3GH3

Entry address:
0x6BCC

Entry point:
48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 55, 48, 8D, AC, 24, 50, F8, FF, FF, 48, 81, EC, B0, 08, 00, 00, E8, 25, AB, FF, FF, E8, 48, F7, FF, FF, 84, C0, 0F, 84, FD, 02, 00, 00, 48, 8D, 95, 10, 06, 00, 00, B9, 02, 02, 00, 00, FF, 15, 46, 3A, 01, 00, 85, C0, 0F, 85, E3, 02, 00, 00, 48, 8D, 0D, 9F, A7, 01, 00, 33, D2, E8, B8, 54, 00, 00, 85, C0, 0F, 84, CD, 02, 00, 00, 48, 8D, 35, 11, A5, 01, 00, 41, B8, 04, 01, 00, 00, 33, C9, 48, 8B, D6, FF, 15, 20, 35, 01, 00, 48, 8B, CE, FF, 15, D7, 38, 01, 00, 48, 8D, 0D...
 
[+]

Entropy:
6.4020

Code size:
99.5 KB (101,888 bytes)

Scrnsave
Name:
icacls.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hostby.echoromeonet.co.uk  (89.144.2.20:8080)

Remove icacls.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.