» wordicon.exe
Overview
Analysis
File Details
Downloads (19)

wordicon.exe

Microsoft Office 2010

Microsoft Corporation

The file is part of Microsoft Office 2010. The file has been seen being downloaded from dlvr.t-online.de and multiple other hosts.

File name:

wordicon.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Office 2010

Description:

Microsoft Office 2010 component

Version:

14.0.7120.5000

MD5:

f3ecea2ee71a1d2c0531166a99d90892

SHA-1:

9bbd0b90f408ac5eb2630174e1f2112791dfd3e8

SHA-256:

caa69cc7e3d0d1dde3541c7d289eaa793e45aa2ce2ac1a7d3e54d48fe64fbe1d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/25/2024 4:35:18 PM UTC (today)

File size:

1.8 MB (1,859,240 bytes)

Product version:

14.0.7120.5000

Original file name:

icons.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\microsoft office\office14\wordicon.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

1/24/2013 5:33:39 PM

Valid to:

4/24/2014 6:33:39 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata

Compilation timestamp:

3/4/2014 5:58:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:2UZmYH9NDu3RsXHMblnUc0TD3mcr286R39FJgMihUQL1:ZZmYH9N63RUGlnUcqWcy86jFJgbhUQR

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0838

The file wordicon.exe has been seen being distributed by the following 19 URLs.

https://dlvr.t-online.de/dlvr?p[dtkn]=Zvzvg85hfPlAmQxHK5uNseIrJc1eU7Za

https://ud.interia.pl/.../getattach,mid,11989,mpid,10,uid,e386cda659f5caee?f=wordicon.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-rZ-LQDV5n9cS6drZlDfxot_mx3aTFhGDA8c7U2nJ4IrwqpesNCv6_tAkwDqa5txz/messages/@.id==AHuXwgoABveCWAqR1wc3qEbBWl4/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=a99aeace-2994-6679-01a4-f9001f010000&token=-4Ko21hav9H32NRgdnUawqihjLew4UDxPN8xMpgxbw2uBc6k_cOMB_torX-cFVtn2nKx0oJkXppmAUxVWUbcxTlMS7Ge5_7-taVcmrYUSdvKq2x236OSj64rSSjwoc6v&error=https://mg.mail.yahoo.com/.../iframemsg?id=dec8ef50-438f-46a6-52f8-ee6943a0464b

https://st-albans-cambs.eschools.co.uk/storage/secure_download/N0JnYVFBTDBYQngzbkNYd3ErT3Z2SVZLOFpGeEJOT0tIemJZUXJDMWlRaXRhVkphdmNPOUJ2WkxhZGZPbjJ5dQ==/NULL/.../1630991

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-YtX2cfJ-fUgpq7a_tvXTS_5fPiW7MvRreziJtWwRzG8vSk1EUFkagkgEjk75fzWPQv4c4iUXZ0n8-D-n3jtmIQ/messages/@.id==AODkimIAF33jV7zrYg1OQKwh5sc/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=4c4a5c9a-9d50-1981-01aa-5f00a7010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYOZUfJAECahyxyWhfgzlcqaF2mBKHIfg__Fb4aTTLPtw&error=https://mg.mail.yahoo.com/.../iframemsg?id=615c91a0-de04-2cc9-186a-836ded349bf6

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-w7E22IstSVXaU-Bvt3aHmM3oFOzDqXE3R79C6SwkGL8GM24pzAlJxSbeJ16n86SZyqtsdt-jko-uK0ko8KHOrw/messages/@.id==AFoNiWIACC7OV2udAQwdkPfT0bQ/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYAlVknId8HtQtW3SrpAf_EGHo7VjqQIywXXT-j1hmLPQ&error=https://mg.mail.yahoo.com/.../iframemsg?id=b4385ecd-953d-82cd-08a0-e11e63dd5c37&ymreqid=88d02c57-c04b-2133-017e-5c0007010000

https://api.edmodo.com/files/.../download?f=31uu36orbzigtcbari9271n21

temp:WORDICON.EXE

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-3FGelbStaL4VbXasC55LFto_cw3uQWe2KJqpu2WeUt2Q1lSiEBMLpcjUbIv0TNfzGH4nkLovJSeSm65J69qU1w/messages/@.id==AC3kimIAAALvVyscsATtuC6xmPc/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=17684de9-2d5a-19ad-012a-a10019010000&token=3bEILx0gk2EH7z8B9aamsliGg4GJtp3vsDHC5xrh0S8e0BrlYfV1Nfd4Ol7UkfCs_tmbZU_QP6bd5QzJLzvu9w&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=21bd688f-8a32-7ac5-6790-660256dc2b3b

https://www.email.cz/download/k/.../wordicon.exe

http://u.poczta.o2.pl/?cmd=getpart&link=1d01aQIkToqQVc3OKSAtPzbaPTMZO2OtLTPwPDNkhWaZjSMeP3OxPTPoeTNAaDNkhnYwjTM6bTOsaDMJ83bwjjMVaDNsOjNJ8jNZjTMJ8DbadiNs8CMskwAikHA3LmcYF2YjKmLUeQZk

https://docs.google.com/uc?authuser=0&id=0B9a6iSVZZ9TrM1hzdDBobTJyQ1E&export=download

https://mail.aol.com/.../getPart?uid=28780540&partId=2&saveAs=wordicon.exe

https://sms5.schoolsoft.se/medborgarskolan/jsp/.../right_teacher_file_download.jsp?requestid1=15317&requestid2=0&requestid3=0&object=test&fileid=28467

https://dl-web.dropbox.com/.../wordicon.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_97904_AJjmjkQAAAMIVoQlkQTtuIHfdj0&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://bf1-attach.ymail.com/internal.dl-mail.ymail.com/ws/download/mailboxes/@.id==MTQ2MzY2OTk4Mzg4ODk3NDggMTQxNjUxIDE0MTYgbGl6YW5pa2lmb3J1a0B5YWhvby5jb20/messages/@.id==2_0_0_3_167819_ALbmjkQAAMo-VR9P1g0fYMR4KWI/content/parts/.../raw?appid=YahooMailNeo&token=oyMzf2YFF1sPcOIeUMXbcEZy3OfoQMV_clZvsh5C_VVnuJCvdU5XuOx-3lWpq6arkH_P8TRcl0oGl9odg_tYcQ&ymreqid=673f0620-daef-11e4-c000-00b52df1a468

https://mg.mail.yahoo.com/ya/.../imIAAB59VSLo1gDS8NjreeI&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://kristiansand.itslearning.com/.../download.aspx?Path=&filesend=wordicon.exe&Type=1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.