× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3cb1f15cb48c1c929d50487870f3bc5e84b06f306b2ed315fca8a96a5b8c74ab
File name: office.exe
Detection ratio: 8 / 53
Analysis date: 2016-03-07 10:22:59 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160307
Avira (no cloud) TR/Crypt.Xpack.421581 20160307
DrWeb Trojan.PWS.Siggen1.48197 20160307
ESET-NOD32 Win32/Zlader.L 20160307
Kaspersky UDS:DangerousObject.Multi.Generic 20160306
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160307
Rising PE:Malware.Obscure/Heur!1.9E03 [F] 20160307
Symantec Suspicious.Cloud.9 20160307
Ad-Aware 20160307
Yandex 20160306
AhnLab-V3 20160307
Alibaba 20160307
ALYac 20160305
Arcabit 20160307
Avast 20160307
AVG 20160307
AVware 20160307
Baidu-International 20160307
BitDefender 20160307
Bkav 20160305
ByteHero 20160307
CAT-QuickHeal 20160305
ClamAV 20160306
Comodo 20160307
Cyren 20160307
Emsisoft 20160307
F-Prot 20160307
F-Secure 20160307
Fortinet 20160307
GData 20160307
Ikarus 20160307
Jiangmin 20160307
K7AntiVirus 20160304
K7GW 20160307
Malwarebytes 20160307
McAfee 20160307
McAfee-GW-Edition 20160307
Microsoft 20160307
eScan 20160307
NANO-Antivirus 20160307
nProtect 20160304
Panda 20160306
Sophos AV 20160307
SUPERAntiSpyware 20160306
Tencent 20160307
TheHacker 20160305
TrendMicro 20160307
TrendMicro-HouseCall 20160307
VBA32 20160306
VIPRE 20160307
ViRobot 20160307
Zillya 20160306
Zoner 20160307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005 - 2015 IcoFX Software

Product IcoFX
Original name IcoFX2.exe
Internal name IcoFX
File version 2.11.0.0
Description IcoFX - The Professional Icon Editor
Comments Professional Icon Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-29 16:14:32
Entry Point 0x0000807E
Number of sections 4
PE sections
PE imports
RegDeleteValueA
CompareStringW
GetModuleHandleA
GetCurrentDirectoryA
LCMapStringW
GetCurrentProcessId
GetTimeZoneInformation
VirtualProtect
GlobalAlloc
CreateEventA
GetThreadTimes
GetStartupInfoA
WaitForSingleObject
GetSystemTimeAsFileTime
CreateFileA
GetVersionExA
GetModuleFileNameA
HeapReAlloc
GetStringTypeW
GetEnvironmentVariableW
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(1995)
Ord(2124)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5479)
Ord(2446)
Ord(2370)
Ord(4863)
Ord(2363)
Ord(5811)
Ord(524)
Ord(5797)
Ord(815)
Ord(879)
Ord(641)
Ord(5308)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5482)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(941)
Ord(882)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(2029)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(3717)
Ord(4424)
Ord(540)
Ord(4335)
Ord(4078)
Ord(2554)
Ord(273)
Ord(6376)
Ord(1727)
Ord(4465)
Ord(2379)
Ord(2725)
Ord(4447)
Ord(4998)
Ord(823)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(523)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(2077)
Ord(3922)
Ord(1247)
Ord(4376)
Ord(324)
Ord(4975)
Ord(3830)
Ord(2385)
Ord(4919)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(4411)
Ord(967)
Ord(603)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(791)
Ord(4779)
Ord(4622)
Ord(561)
Ord(2032)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(2801)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
GetSystemMetrics
DestroyCaret
GetParent
CheckMenuItem
LoadIconA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
IsIconic
OpenClipboard
Number of PE resources by type
RT_DIALOG 2
RT_VERSION 2
RT_ICON 1
RMVB 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SPANISH MEXICAN 2
SWEDISH 1
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
CodeSize
268468224

SubsystemVersion
4.0

Comments
Professional Icon Editor

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.11.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
IcoFX - The Professional Icon Editor

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
81920

EntryPoint
0x807e

OriginalFileName
IcoFX2.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005 - 2015 IcoFX Software

FileVersion
2.11.0.0

TimeStamp
2016:02:29 17:14:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IcoFX

ProductVersion
2.11

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IcoFX Software

LegalTrademarks
IcoFX

ProductName
IcoFX

ProductVersionNumber
2.11.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 edcd41158c2aa45ceb27f4ae2133efe0
SHA1 3668b96f737d8d4236bd90235b1618db695c5db2
SHA256 3cb1f15cb48c1c929d50487870f3bc5e84b06f306b2ed315fca8a96a5b8c74ab
ssdeep
3072:LoMRmT05NCp/yTeOXIahuID203N7X9yV9GboM9:LoMRmT050/qeqJuI605NyV0

authentihash dfdddbf87fbfcc80c7011b414fefc6fbab0a58096e320d288dd1d5f803dd7fc3
imphash 4da80bd36d4ddc3375fffdcc9605a356
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-06 23:40:32 UTC ( 2 years, 11 months ago )
Last submission 2019-01-26 21:01:40 UTC ( 3 weeks ago )
File names edcd41158c2aa45ceb27f4ae2133efe0.virobj
_duplicate_30d64927deffabcca99516f9a009eb269c41ee80.cod
IcoFX
IcoFX2.exe
name
f1u9PIsz.js
c0bc5e681144aab97e069d84d29d25f3dad1c788
office.exe
virussign.com_edcd41158c2aa45ceb27f4ae2133efe0.vir
aa
VirusShare_edcd41158c2aa45ceb27f4ae2133efe0
office.exe.malware
3cb1f15cb48c1c929d50487870f3bc5e84b06f306b2ed315fca8a96a5b8c74ab.bin
office.exe.ViR
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs