× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e1eb1ea17fe4520948aa0c3113a433cd4208dede206bcec37bfba081f6d934d
File name: Word Silent Exploit Builder V4.9.exe
Detection ratio: 5 / 68
Analysis date: 2017-12-04 13:05:37 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20171204
AVG Win32:Evo-gen [Susp] 20171204
ClamAV Win.Exploit.CVE_2017_8759-6336226-0 20171204
Cylance Unsafe 20171204
SentinelOne (Static ML) static engine - malicious 20171113
Ad-Aware 20171204
AegisLab 20171204
AhnLab-V3 20171204
Alibaba 20171204
ALYac 20171204
Antiy-AVL 20171204
Arcabit 20171204
Avast-Mobile 20171204
Avira (no cloud) 20171204
AVware 20171204
Baidu 20171201
BitDefender 20171204
Bkav 20171204
CAT-QuickHeal 20171204
CMC 20171204
Comodo 20171204
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20171204
DrWeb 20171204
eGambit 20171204
Emsisoft 20171204
Endgame 20171130
ESET-NOD32 20171204
F-Prot 20171204
F-Secure 20171204
Fortinet 20171204
GData 20171204
Ikarus 20171204
Sophos ML 20170914
Jiangmin 20171204
K7AntiVirus 20171204
K7GW 20171204
Kaspersky 20171204
Kingsoft 20171204
Malwarebytes 20171204
MAX 20171204
McAfee 20171204
McAfee-GW-Edition 20171203
Microsoft 20171204
eScan 20171204
NANO-Antivirus 20171204
nProtect 20171204
Palo Alto Networks (Known Signatures) 20171204
Panda 20171204
Qihoo-360 20171204
Rising 20171204
Sophos AV 20171204
SUPERAntiSpyware 20171204
Symantec 20171204
Symantec Mobile Insight 20171204
Tencent 20171204
TheHacker 20171130
TotalDefense 20171204
TrendMicro 20171204
TrendMicro-HouseCall 20171204
Trustlook 20171204
VBA32 20171204
VIPRE 20171204
ViRobot 20171204
Webroot 20171204
WhiteArmor 20171204
Yandex 20171201
Zillya 20171201
ZoneAlarm by Check Point 20171204
Zoner 20171204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Elm0D 2017

Product Word Silent Exploit Builder
Original name Word Silent Exploit Builder.exe
Internal name Word Silent Exploit Builder.exe
File version 4.1.0.0
Description Word Silent Exploit Builder
Comments Word Silent Exploit Builder
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-04 12:43:28
Entry Point 0x000631FE
Number of sections 4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PE resources
Debug information
ExifTool file metadata
CodeSize
398336

SubsystemVersion
4.0

Comments
Word Silent Exploit Builder

InitializedDataSize
28672

ImageVersion
0.0

ProductName
Word Silent Exploit Builder

FileVersionNumber
4.1.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Word Silent Exploit Builder.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.0.0

TimeStamp
2017:12:04 13:43:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Word Silent Exploit Builder.exe

ProductVersion
4.1.0.0

FileDescription
Word Silent Exploit Builder

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright Elm0D 2017

MachineType
Intel 386 or later, and compatibles

CompanyName
Elm0D (www.elm0d.tk)

LegalTrademarks
Elm0D

FileSubtype
0

ProductVersionNumber
4.1.0.0

EntryPoint
0x631fe

ObjectFileType
Executable application

AssemblyVersion
4.0.0.0

Compressed bundles
File identification
MD5 1ae3c3131e85bae434672dc1a4a6dff8
SHA1 c9a9659030283d685ea3486f6adfd19adfc45cad
SHA256 4e1eb1ea17fe4520948aa0c3113a433cd4208dede206bcec37bfba081f6d934d
ssdeep
3072:iQ9n6Wh1O8ipLfkhRWLp6dBbKXAxeh0sjzYDLYZnLV0r/G79W/XtUCN7zFgFF+Ud:dY8YQRZbpGWYlBX9fFlzFl

authentihash b96253831ccafb9d5db2520a4dbe3c071e4802b3ac15612f0e9e5244e3747e4e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 418.0 KB ( 428032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (45.1%)
Win32 Executable MS Visual C++ (generic) (19.2%)
Win64 Executable (generic) (17.0%)
Windows screen saver (8.0%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
cve-2017-8759 peexe assembly exploit

VirusTotal metadata
First submission 2017-12-04 13:05:37 UTC ( 1 year, 5 months ago )
Last submission 2017-12-17 07:09:26 UTC ( 1 year, 5 months ago )
File names Word Silent Exploit Builder.exe
Word Silent Exploit Builder V4.9.exe
1024-c9a9659030283d685ea3486f6adfd19adfc45cad
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
DNS requests
TCP connections
UDP communications