wordicon.exe

Microsoft Office 2013

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 2013

Description:
Microsoft Office 2013 component

Version:
15.0.4553.1000

MD5:
a8dc5cc29ad3b5608c4028a2fc64b8fd

SHA-1:
2d18f0cee8b74b639208aef4a5eb2dcf637b1800

SHA-256:
d4f2952e1b70153f9711554054fb786fcfff571ab519e55757cfafebb876c05a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/28/2024 12:23:58 AM UTC  (today)

File size:
2.9 MB (3,015,336 bytes)

Product version:
15.0.4553.1000

Original file name:
icons.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\microsoft office 15\data\updates\download\packagefiles\root\vfs\windows\installer\{90150000-000f-0000-0000-0000000ff1ce}\wordicon.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
1/24/2013 10:33:39 PM

Valid to:
4/24/2014 11:33:39 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
9/14/2013 12:14:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
6144:CTlHzFcZUNrfkrfzMwFjNVtZ9EYDEWs3cKrFYWKKnKK02NX:CdyRtZ2YDEWs3cKrFYWKKnKK3x

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.3938

The file wordicon.exe has been seen being distributed by the following 20 URLs.

https://www.draugiem.lv/attach/.../down.php?i=123576894

http://mail.uol.com.br/attachment?msg_id=MzI5OQ&folder=DRAFT&disposition=attachment&ctype=wordicon.exe&&accountId=0

https://hudsonccc.blackboard.com/webapps/.../download?course_id=_46276_1&attempt_id=_1175030_1&file_id=_540359_1&fileName=wordicon.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_265815_AG4IDNkAABcHViRCMgrNoAACGog&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=4cd8ac70-79b5-cbdb-01c9-b7002a010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_156660_ALN2imIAAA9pVCUzPQCcQHHKubM&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-lCxYGqLdm4k7YLmCFxxQVqu6USgIwOA1ApmqLMbTWB44E6RPaXkQujUFEuUnDrFUBmBxuc2UTjmHlmQVvjcwMQ/messages/@.id==AEZ3w0MAArr6V4TYdgqewOBoIoo/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBap_6q8TnbOG0H1T50PHzsA8r1geBETFpWEeOjnYnwxpA&error=https://mg.mail.yahoo.com/.../iframemsg?id=51b6af3f-1b3e-ed20-f871-f16d82d0dd15&ymreqid=c0482b38-aa35-ac6d-015e-2b0033010000

https://e.mail.ru/.../getattach?file=wordicon.exe&id=14506265750000000808;0;1&mode=attachment&notype=1&x-email=gasannaog@mail.ru

https://spscc.instructure.com/courses/1356967/assignments/8095212/.../4481150?download=70863213

http://zalacznik.wp.pl/0/.../wordicon.exe

https://learn.liberty.edu/bbcswebdav/.../xid-119730693_1

https://doc-0s-as-docs.googleusercontent.com/docs/securesc/45bcdthvtcu2j9lh01h5kpshnlujoi8m/6dh6mub8eatu1r5t6dsttn8al64f1073/1453831200000/.../09722830655030344957/0B3j8ATvFCfeNZGpZdjlqdnlrVjg?e=download&nonce=csahnddu07lps&user=09722830655030344957&hash=q1njbmbb37fnogir6q8f8q3nvkns9nbq

https://fronter.com/hil/.../link.phtml?idesc=1&iid=1207946