× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 750397095381b584c9d124de1a4483ae4f6553e2939ed545903d1e7286d346c7
File name: 80556
Detection ratio: 0 / 55
Analysis date: 2016-01-07 16:38:16 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160107
AegisLab 20160107
Yandex 20160107
AhnLab-V3 20160105
Alibaba 20151208
ALYac 20160107
Antiy-AVL 20160107
Arcabit 20160104
Avast 20160107
AVG 20160107
Avira (no cloud) 20160103
AVware 20160107
Baidu-International 20160105
BitDefender 20160107
Bkav 20160107
ByteHero 20160107
CAT-QuickHeal 20160107
ClamAV 20160105
CMC 20160107
Comodo 20160107
Cyren 20160107
DrWeb 20160107
Emsisoft 20160104
ESET-NOD32 20160107
F-Prot 20160107
F-Secure 20160101
Fortinet 20160107
GData 20160107
Ikarus 20160107
Jiangmin 20160107
K7AntiVirus 20160103
K7GW 20160103
Kaspersky 20160107
Malwarebytes 20160107
McAfee 20160107
McAfee-GW-Edition 20160107
Microsoft 20160107
eScan 20160107
NANO-Antivirus 20160106
nProtect 20160107
Panda 20160105
Qihoo-360 20160107
Rising 20160107
Sophos AV 20160106
SUPERAntiSpyware 20160105
Symantec 20160107
TheHacker 20160107
TotalDefense 20160105
TrendMicro 20160107
TrendMicro-HouseCall 20160107
VBA32 20160107
VIPRE 20160107
ViRobot 20160107
Zillya 20160107
Zoner 20160107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2003 X2 Studios, Ltd.

Product LiquidIcon Editor
Original name LiquidIcon.exe
Internal name LiquidIcon
File version 1.00.0004
Description LiquidIcon Editor
Comments LiquidIcon XP Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-03-06 20:31:04
Entry Point 0x00002EE0
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(518)
__vbaStrFixstr
_allmul
__vbaGet4
_adj_fprem
__vbaR4Var
__vbaRedim
__vbaRecDestruct
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaRecUniToAnsi
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(648)
Ord(607)
__vbaLenBstr
Ord(594)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaGetOwner4
DllFunctionCall
__vbaPowerR8
__vbaUbound
Ord(589)
__vbaFreeVar
Ord(588)
__vbaFileOpen
Ord(530)
Ord(526)
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(593)
__vbaAryUnlock
__vbaR4ForNextCheck
__vbaNameFile
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaVarNeg
EVENT_SINK_Release
__vbaStrCmp
__vbaErase
__vbaRecAssign
__vbaVarLateMemSt
Ord(533)
__vbaFreeObjList
Ord(647)
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
_CIcos
__vbaVarMove
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
__vbaPrintObj
__vbaLenVar
__vbaEnd
__vbaPutOwner3
Ord(685)
Ord(617)
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaForEachCollVar
__vbaRecDestructAnsi
__vbaCastObjVar
__vbaStrBool
_CIsin
_CIsqrt
__vbaNextEachCollVar
_CIatan
__vbaVarDiv
__vbaR8Var
Ord(529)
__vbaPut4
__vbaPut3
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_BITMAP 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 2
PE resources
ExifTool file metadata
CodeSize
352256

SubsystemVersion
4.0

Comments
LiquidIcon XP Editor

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
LiquidIcon Editor

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x2ee0

OriginalFileName
LiquidIcon.exe

MIMEType
application/octet-stream

LegalCopyright
2003 X2 Studios, Ltd.

FileVersion
1.00.0004

TimeStamp
2004:03:06 21:31:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LiquidIcon

ProductVersion
1.00.0004

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
X2 Studios, Ltd.

LegalTrademarks
X2 Studios, Ltd.

ProductName
LiquidIcon Editor

ProductVersionNumber
1.0.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 cf40f574ef63e2180b6f3612f1fc77b6
SHA1 da54b45c596d527a2985ea2e4364c63416981fd9
SHA256 750397095381b584c9d124de1a4483ae4f6553e2939ed545903d1e7286d346c7
ssdeep
6144:YxEuYVafJlEMJ9bkwNIk3BbiXbpzjFpgERalTBVO4YxxhcYejcN/q:pWfXJIk3BbiXbpzjFpgERalTOxxhctjx

authentihash 4c734758f08fa62efa92e9c7d5074aed712605dd5f3bc62a83dd03e9b4ccfbdd
imphash f6e367b03e58714b325b701ccd91d695
File size 360.0 KB ( 368640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe software-collection

VirusTotal metadata
First submission 2009-03-04 04:30:04 UTC ( 10 years, 2 months ago )
Last submission 2018-05-20 00:25:14 UTC ( 1 year ago )
File names file
liquidicon.exe
cf40f574ef63e2180b6f3612f1fc77b6.exe
file-3333674_exe
LiquidIcon.exe
LiquidIcon.exe
LiquidIcon XP Editor_1.0.4 b2616.exe
LiquidIcon
1346827682-LiquidIcon.exe
LiquidIcon 104.exe
80556
file
octet-stream
LiquidIcon.exe
LiquidIcon.exe
cf40f574ef63e2180b6f3612f1fc77b6
download.php
scan_file
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!