home

wordicon.exe

Microsoft Office 2013

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 2013

Description:
Microsoft Office 2013 component

Version:
15.0.4553.1000

MD5:
a8dc5cc29ad3b5608c4028a2fc64b8fd

SHA-1:
2d18f0cee8b74b639208aef4a5eb2dcf637b1800

SHA-256:
d4f2952e1b70153f9711554054fb786fcfff571ab519e55757cfafebb876c05a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/25/2024 5:03:31 PM UTC  (today)

File size:
2.9 MB (3,015,336 bytes)

Product version:
15.0.4553.1000

Original file name:
icons.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\microsoft office 15\data\updates\download\packagefiles\root\vfs\windows\installer\{90150000-000f-0000-0000-0000000ff1ce}\wordicon.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/24/2013 10:33:39 PM

Valid to:
4/24/2014 11:33:39 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
9/14/2013 12:14:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
6144:CTlHzFcZUNrfkrfzMwFjNVtZ9EYDEWs3cKrFYWKKnKK02NX:CdyRtZ2YDEWs3cKrFYWKKnKK3x

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.3938

The file wordicon.exe has been seen being distributed by the following 20 URLs.

https://www.draugiem.lv/attach/.../down.php?i=123576894

http://mail.uol.com.br/attachment?msg_id=MzI5OQ&folder=DRAFT&disposition=attachment&ctype=wordicon.exe&&accountId=0

https://hudsonccc.blackboard.com/webapps/.../download?course_id=_46276_1&attempt_id=_1175030_1&file_id=_540359_1&fileName=wordicon.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_265815_AG4IDNkAABcHViRCMgrNoAACGog&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=4cd8ac70-79b5-cbdb-01c9-b7002a010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_156660_ALN2imIAAA9pVCUzPQCcQHHKubM&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-lCxYGqLdm4k7YLmCFxxQVqu6USgIwOA1ApmqLMbTWB44E6RPaXkQujUFEuUnDrFUBmBxuc2UTjmHlmQVvjcwMQ/messages/@.id==AEZ3w0MAArr6V4TYdgqewOBoIoo/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBap_6q8TnbOG0H1T50PHzsA8r1geBETFpWEeOjnYnwxpA&error=https://mg.mail.yahoo.com/.../iframemsg?id=51b6af3f-1b3e-ed20-f871-f16d82d0dd15&ymreqid=c0482b38-aa35-ac6d-015e-2b0033010000

https://e.mail.ru/.../getattach?file=wordicon.exe&id=14506265750000000808;0;1&mode=attachment&notype=1&x-email=gasannaog@mail.ru

https://spscc.instructure.com/courses/1356967/assignments/8095212/.../4481150?download=70863213

http://zalacznik.wp.pl/0/.../wordicon.exe

https://learn.liberty.edu/bbcswebdav/.../xid-119730693_1

https://doc-0s-as-docs.googleusercontent.com/docs/securesc/45bcdthvtcu2j9lh01h5kpshnlujoi8m/6dh6mub8eatu1r5t6dsttn8al64f1073/1453831200000/.../09722830655030344957/0B3j8ATvFCfeNZGpZdjlqdnlrVjg?e=download&nonce=csahnddu07lps&user=09722830655030344957&hash=q1njbmbb37fnogir6q8f8q3nvkns9nbq

https://fronter.com/hil/.../link.phtml?idesc=1&iid=1207946

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==NjM0ODU0Mzg1IDE4NDc3OSAxODQ3IGRlaXN5X211c2VuZWtAeWFob28uY29t/messages/@.id==AFG_imIAABBoVkvI0AwpSLY5c8g/content/parts/.../raw?appid=YahooMailNeo&token=Yks-zsSt2T2FxR0vNg5icVhLMA75ib5BK0w4KA8dQeyFAfiS333niOl3ZcgThIz5A8helrhwfNHmPUO5L08Pdw&ymreqid=e769b2f0-8d8c-11e5-c000-01afae2ac212

http://bmail.uol.com.br/attachment?msg_id=NzcxNg&folder=DRAFT&disposition=attachment&ctype=wordicon.exe&&accountId=0

http://mail.uol.com.br/attachment?msg_id=MzA4MA&ctype=wordicon.exe&disposition=attachment&folder=DRAFT&attsize=3015336&accountId=0

https://ud.interia.pl/.../getattach,mid,21973,mpid,6,uid,9867d1111ab3c4d5,min,0,nd,0?f=wordicon.exe

https://karlstads.itslearning.com/essay/Proxy/DownloadRedirect.ashx?fileRepoId=y6n8uale8k2N6OrZLZMh2udhXfIJEaKTv xUOW2UNz7d/.../Am0uh&EssayID=865144&Type=1&EssayAnswerID=636058

http://mail.uol.com.br/attachment?msg_id=MTQ5Mzc&ctype=wordicon.exe&disposition=attachment&folder=DRAFT

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-Gg9ffVoLznjRPSo5dfF-LbmwKRrn5vP2IPbcKFTGLMuod9uzRlVih3l63PAhSzlc/messages/@.id==AEV3w0MAABsBVrztgw1xaO7GmXU/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbglCQbWF7z_TJhy213-u1E4QS589m2ULn4HOf3kMCF_g&error=https://us-mg4.mail.yahoo.com/.../iframemsg?id=55db4548-5038-0089-4947-750d095be91e&ymreqid=1c5233cb-b962-5386-01b9-ff001f010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-nmb3sJQzvq6ZzoasSjeA8JPUM1_1KPp5USpt0PGIRU3b-PWzLpTkAgMLvM11SxYT/messages/@.id==ALhhUtQAAOTuVtLnzAw1ABYdN_I/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbdimca07YYS8Ug9KiqLjoCOstHGQ2SvOzuBlPC52QM-g&error=https://uk-mg42.mail.yahoo.com/.../iframemsg?id=8902577b-8835-6a8f-cb78-be3154a465a9&ymreqid=e1244f0f-33e8-f843-0156-8c005c010000

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.