× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30590019d5bea972ff8b41ca4ddb5c17967d236ddd965a7c35fc31f13bcb5913
File name: 30590019d5bea972ff8b41ca4ddb5c17967d236ddd965a7c35fc31f13bcb5913
Detection ratio: 1 / 69
Analysis date: 2018-10-06 01:13:45 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181006
Ad-Aware 20181005
AegisLab 20181005
AhnLab-V3 20181005
Alibaba 20180921
ALYac 20181005
Antiy-AVL 20181005
Arcabit 20181006
Avast 20181005
Avast-Mobile 20181005
AVG 20181005
Avira (no cloud) 20181005
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181006
Bkav 20181005
CAT-QuickHeal 20181005
ClamAV 20181005
CMC 20181005
Comodo 20181006
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20181006
DrWeb 20181006
eGambit 20181006
Emsisoft 20181005
Endgame 20180730
ESET-NOD32 20181005
F-Prot 20181006
F-Secure 20181006
Fortinet 20181005
GData 20181006
Ikarus 20181005
Sophos ML 20180717
Jiangmin 20181006
K7AntiVirus 20181005
K7GW 20181005
Kaspersky 20181005
Kingsoft 20181006
Malwarebytes 20181005
MAX 20181006
McAfee 20181005
McAfee-GW-Edition 20181005
Microsoft 20181006
eScan 20181006
NANO-Antivirus 20181005
Palo Alto Networks (Known Signatures) 20181006
Panda 20181005
Qihoo-360 20181006
Rising 20181005
SentinelOne (Static ML) 20180926
Sophos AV 20181005
SUPERAntiSpyware 20181005
Symantec 20181005
Symantec Mobile Insight 20181001
TACHYON 20181005
Tencent 20181006
TheHacker 20181001
TotalDefense 20181005
TrendMicro 20181006
TrendMicro-HouseCall 20181006
Trustlook 20181006
VBA32 20181005
VIPRE 20181006
ViRobot 20181005
Webroot 20181006
Yandex 20181005
Zillya 20181005
ZoneAlarm by Check Point 20181006
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Armjisoft DRM Systems. All rights reserved.

Product Office OwnerGuard
Original name OfficeOwnerguardPersonalSetup.exe
Internal name OfficeOwnerguardPersonalSetup
File version 12.7.8
Description Office OwnerGuard Personal
Packers identified
F-PROT NSIS, appended, Unicode, SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-14 05:50:27
Entry Point 0x000067CC
Number of sections 5
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
Ord(23)
Ord(20)
Ord(21)
Ord(22)
GetDeviceCaps
GetLastError
IsDBCSLeadByte
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
TerminateThread
GetDiskFreeSpaceA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LockResource
SetEvent
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
LocalFileTimeToFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
_llseek
GetProcAddress
GetSystemInfo
CreateMutexA
GetModuleHandleA
GetTempPathA
CreateThread
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
OutputDebugStringA
SetUnhandledExceptionFilter
WriteFile
_lopen
_lclose
CompareStringA
GetTempFileNameA
EnumResourceLanguagesA
FindNextFileA
GetSystemDirectoryA
GlobalLock
GetModuleHandleW
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
GetDriveTypeA
LocalFree
TerminateProcess
CreateProcessA
GetModuleFileNameA
GetExitCodeProcess
ResetEvent
GetWindowsDirectoryA
LoadResource
GlobalAlloc
CreateEventA
FindClose
Sleep
FormatMessageA
GetTickCount
CreateFileA
GetCurrentThreadId
GetVersion
FindResourceA
SetCurrentDirectoryA
CloseHandle
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_cexit
?terminate@@YAXXZ
_vsnprintf
_ismbblead
__p__fmode
_exit
_acmdln
memset
__p__commode
_errno
__setusermatherr
_amsg_exit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
memcpy
__set_app_type
Number of PE resources by type
RT_ICON 16
RT_RCDATA 14
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 46
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
8353792

ImageVersion
6.3

ProductName
Office OwnerGuard

FileVersionNumber
12.7.8.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
OfficeOwnerguardPersonalSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.7.8

TimeStamp
2013:10:14 07:50:27+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
OfficeOwnerguardPersonalSetup

ProductVersion
12.7.8

FileDescription
Office OwnerGuard Personal

OSVersion
6.3

FileOS
Windows NT 32-bit

LegalCopyright
Armjisoft DRM Systems. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Armjisoft DRM Systems

CodeSize
26112

FileSubtype
0

ProductVersionNumber
12.7.8.0

EntryPoint
0x67cc

ObjectFileType
Executable application

File identification
MD5 7a181062111f9edbcdd991829829b5c5
SHA1 5d444e9785cf924b349100ed91fa545aef681020
SHA256 30590019d5bea972ff8b41ca4ddb5c17967d236ddd965a7c35fc31f13bcb5913
ssdeep
196608:Q0Ox6B9Q++enafN1TzsjuMl8icFQytdM0x0UUXStrTP+eDTTH:h9KNTgq/icSytdXx0fcTHXT

authentihash 606ec72394f8d46a750ee88bc593b9880f14ed6c75858694761eb6495ecb1124
imphash bc70c4fa605f17c85050b7c7b6d42e44
File size 8.0 MB ( 8380928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
nsis peexe

VirusTotal metadata
First submission 2014-05-02 08:24:40 UTC ( 5 years ago )
Last submission 2017-08-25 19:53:01 UTC ( 1 year, 9 months ago )
File names OfficeOwnerguardPersonalSetup.exe
OfficeOwnerguardPersonalSetup
1005040
30590019D5BEA972FF8B41CA4DDB5C17967D236DDD965A7C35FC31F13BCB5913
141490295634591-OfficeOwnerguardPersonalSetup.exe
OfficeOwnerguardPersonalSetup.exe
OfficeOwnerguardPersonalSetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications