× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 750397095381b584c9d124de1a4483ae4f6553e2939ed545903d1e7286d346c7
File name: LiquidIcon
Detection ratio: 0 / 70
Analysis date: 2019-01-06 00:29:09 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Acronis 20181227
Ad-Aware 20190105
AegisLab 20190105
AhnLab-V3 20190105
Alibaba 20180921
Antiy-AVL 20190105
Arcabit 20190105
Avast 20190105
Avast-Mobile 20190105
AVG 20190105
Avira (no cloud) 20190105
Babable 20180918
Baidu 20190104
BitDefender 20190105
Bkav 20190104
CAT-QuickHeal 20190105
ClamAV 20190105
CMC 20190105
Comodo 20190105
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20190106
Cyren 20190105
DrWeb 20190105
eGambit 20190106
Emsisoft 20190105
Endgame 20181108
ESET-NOD32 20190105
F-Prot 20190105
F-Secure 20190105
Fortinet 20190105
GData 20190105
Ikarus 20190105
Sophos ML 20181128
Jiangmin 20190105
K7AntiVirus 20190105
K7GW 20190105
Kaspersky 20190105
Kingsoft 20190106
Malwarebytes 20190105
MAX 20190106
McAfee 20190105
McAfee-GW-Edition 20190105
Microsoft 20190105
eScan 20190105
NANO-Antivirus 20190105
Palo Alto Networks (Known Signatures) 20190106
Panda 20190105
Qihoo-360 20190106
Rising 20190105
SentinelOne (Static ML) 20181223
Sophos AV 20190105
SUPERAntiSpyware 20190102
Symantec 20190105
TACHYON 20190105
Tencent 20190106
TheHacker 20190104
TotalDefense 20190105
Trapmine 20190103
TrendMicro 20190105
TrendMicro-HouseCall 20190105
Trustlook 20190106
VBA32 20190104
VIPRE 20190105
ViRobot 20190106
Webroot 20190106
Yandex 20181229
Zillya 20190105
ZoneAlarm by Check Point 20190106
Zoner 20190106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2003 X2 Studios, Ltd.

Product LiquidIcon Editor
Original name LiquidIcon.exe
Internal name LiquidIcon
File version 1.00.0004
Description LiquidIcon Editor
Comments LiquidIcon XP Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-03-06 20:31:04
Entry Point 0x00002EE0
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(518)
__vbaStrFixstr
_allmul
__vbaGet4
_adj_fprem
__vbaR4Var
__vbaRedim
__vbaRecDestruct
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaRecUniToAnsi
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(648)
Ord(607)
__vbaLenBstr
Ord(594)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaGetOwner4
DllFunctionCall
__vbaPowerR8
__vbaUbound
Ord(589)
__vbaFreeVar
Ord(588)
__vbaFileOpen
Ord(530)
Ord(526)
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(593)
__vbaAryUnlock
__vbaR4ForNextCheck
__vbaNameFile
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaVarNeg
EVENT_SINK_Release
__vbaStrCmp
__vbaErase
__vbaRecAssign
__vbaVarLateMemSt
Ord(533)
__vbaFreeObjList
Ord(647)
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
_CIcos
__vbaVarMove
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
__vbaPrintObj
__vbaLenVar
__vbaEnd
__vbaPutOwner3
Ord(685)
Ord(617)
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaForEachCollVar
__vbaRecDestructAnsi
__vbaCastObjVar
__vbaStrBool
_CIsin
_CIsqrt
__vbaNextEachCollVar
_CIatan
__vbaVarDiv
__vbaR8Var
Ord(529)
__vbaPut4
__vbaPut3
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_BITMAP 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 2
PE resources
ExifTool file metadata
CodeSize
352256

SubsystemVersion
4.0

Comments
LiquidIcon XP Editor

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
LiquidIcon Editor

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x2ee0

OriginalFileName
LiquidIcon.exe

MIMEType
application/octet-stream

LegalCopyright
2003 X2 Studios, Ltd.

FileVersion
1.00.0004

TimeStamp
2004:03:06 21:31:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LiquidIcon

ProductVersion
1.00.0004

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
X2 Studios, Ltd.

LegalTrademarks
X2 Studios, Ltd.

ProductName
LiquidIcon Editor

ProductVersionNumber
1.0.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 cf40f574ef63e2180b6f3612f1fc77b6
SHA1 da54b45c596d527a2985ea2e4364c63416981fd9
SHA256 750397095381b584c9d124de1a4483ae4f6553e2939ed545903d1e7286d346c7
ssdeep
6144:YxEuYVafJlEMJ9bkwNIk3BbiXbpzjFpgERalTBVO4YxxhcYejcN/q:pWfXJIk3BbiXbpzjFpgERalTOxxhctjx

authentihash 4c734758f08fa62efa92e9c7d5074aed712605dd5f3bc62a83dd03e9b4ccfbdd
imphash f6e367b03e58714b325b701ccd91d695
File size 360.0 KB ( 368640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe software-collection

VirusTotal metadata
First submission 2009-03-04 04:30:04 UTC ( 10 years ago )
Last submission 2018-05-20 00:25:14 UTC ( 10 months ago )
File names file
liquidicon.exe
cf40f574ef63e2180b6f3612f1fc77b6.exe
file-3333674_exe
LiquidIcon.exe
LiquidIcon.exe
LiquidIcon XP Editor_1.0.4 b2616.exe
LiquidIcon
1346827682-LiquidIcon.exe
LiquidIcon 104.exe
80556
file
octet-stream
LiquidIcon.exe
LiquidIcon.exe
cf40f574ef63e2180b6f3612f1fc77b6
download.php
scan_file
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!