icq_rfrset_pro7.exe

ICQ

LLC Mail.Ru

The executable icq_rfrset_pro7.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
ICQ

Version:
10.0.12013

MD5:
3b5e5bb21f8443cb5ad88cd0f638eeee

SHA-1:
65fb932b8b58ef8ff8ce499057e3d9ae273d05d4

SHA-256:
3ba10cdeb8f7148ba430d30109eb77eec77bb1ea9ff1d6c7f924206915131940

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:07:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.26.13

File size:
43.5 MB (45,610,768 bytes)

Product version:
10.0.12013

Original file name:
ICQ.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\icq_rfrset_pro7.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/6/2015 2:00:00 AM

Valid to:
10/5/2017 1:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=moscow, S=Moscow, C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
10F4D809B7AA340870993C0042347814

File PE Metadata
Compilation timestamp:
2/26/2016 2:03:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
786432:LjjzudeLnqdOE1QvcOyrQ/cEgTEyZe+X5PMY/IJkWz0Jx:/2demczvcMlgTZe+iwIJkWz0Jx

Entry address:
0x7FE281

Entry point:
E8, 68, C2, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, B2, 2B, 01, E8, 99, 41, 01, 00, E8, 9E, 1D, 01, 00, 0F, B7, F0, 6A, 02, E8, FB, C1, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0F, 6E, 01, 00, 85, C0, 75, 08, 6A, 1C, E8, 22, 01, 00, 00, 59, E8...
 
[+]

Code size:
11 MB (11,510,272 bytes)

The file icq_rfrset_pro7.exe has been seen being distributed by the following 41 URLs.

http://lb.cdn.m6web.fr/d/c/a/fcd19eff32296f8e86ebc8eab8f0ada1/57fbab61/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/52240c14ebeb86e89e9ba3393e6ec1cc/583445e3/soft/.../icq_10-0-12145_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/94887b1a622c0ceae332c2e1612cf1c2/58075a04/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/0ff92318a7d07f08408d6830c3a635e9/57449ded/soft/.../icq_10-0-12061_fr_35432.exe

http://indir.gezginler.net/i/1123/.../

http://lb.cdn.m6web.fr/d/c/a/5e69d2e997eb7fd9b5c443048bf72a29/58375e1c/soft/.../icq_10-0-12145_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/6c8d739d7781c3bf085204aa05d53666/5807f6c9/soft/.../icq_10-0-12116_fr_35432.exe

http://likeloadfastover.org/.../?f=45ba75702e392f77bb271c496d566cc5ef0c3bf96d040f23bff56b9e4a0aafda8677e03a96c086137b65e9344bce662140cc3b97eb84b10542235bfb2b73b5206e31b64ae0e80075503f5125f346a7b02bbbf05e612e8f8aceddf57f7c157040034b8af2e248430733ec447ecb75ac8e4754e3fb97baf57b1be3b7987fe82d4690e05dc6bce8a7f24b5afd12d88079e99715de2745e0a87bb3cdbf6c42f490d6346537a0bf33eb612de535640ef13a7ec93322bf9cf7dfa909d1a4524e4afb33721415cfa9875f1c662490ff8a7cc2e62978a6e08e64cc40b205af6b4ae858465fc189f821e2d68b10bbf8f0a3eb63e13162909d55f5c6d1953d4f448acab0ba

http://lb.cdn.m6web.fr/d/c/a/7cd67f81955e87a6ceebac3307bdbf8f/581275a8/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/f13a5f95e1fc20eab26feb9b41bfa27d/57f7c9ec/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/c47ec0c0717a4e0f6acc427ab4715196/5817389c/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/342632c5ea9acc572033e8f104387f2f/57fc9c90/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/30a2f6fe49e17888a87f3231c50370ea/58163d11/soft/.../icq_10-0-12116_fr_35432.exe

http://indir.gezginler.net/i/1123/.../

http://lb.cdn.m6web.fr/d/c/a/bd14c30a90d292546cc40f0bede4b408/57476667/soft/.../icq_10-0-12061_fr_35432.exe

http://dl.cdn.chip.de/downloads/.../icq45setup.exe

http://lb.cdn.m6web.fr/d/c/a/ff42fd7b0aff3cd512d3680bc61feb36/57f7feac/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/ee2fd1bab04e93f9516167a73561cba3/57827d0b/soft/.../icq_10-0-12094_fr_35432.exe

http://exe.icq.com/icq.exe

http://lb.cdn.m6web.fr/d/c/a/3b4d45625551c39c1becbe920b14e0db/580231f6/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/2dc166376425e1bb346872469a436a21/57f9964f/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/dbe5f8945db77fddd3d88910b8e40f54/580e588d/soft/.../icq_10-0-12116_fr_35432.exe

http://indir.gezginler.net/i/1123/.../

http://lb.cdn.m6web.fr/d/c/a/c597c3b6ad033c57009ae3a2446968ce/580beca3/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/a30473d7164882b21ff3b60a19d8f0a9/57dae97b/soft/.../icq_10-0-12114_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/2873adbdecd832989a101fb44c93b689/57e562e2/soft/.../icq_10-0-12116_fr_35432.exe

http://lb.cdn.m6web.fr/d/c/a/409a3e6e9929993fed2586f8fc571f57/573e29c1/soft/.../icq_10-0-12058_fr_35432.exe

http://indir.gezginler.net/i/1123/.../

Latest 30 of 41 download URLs

Remove icq_rfrset_pro7.exe - Powered by Reason Core Security