× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7be8966df205b91f95f3c56ef972be0264b35c865450fb69b9861fd82748e69b
File name: ms_office_update.exe
Detection ratio: 13 / 67
Analysis date: 2017-10-22 11:02:51 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171020
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cylance Unsafe 20171022
eGambit malicious_confidence_81% 20171022
Endgame malicious (high confidence) 20171016
Fortinet W32/GenKryptik.AZSD!tr 20171022
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171022
Qihoo-360 HEUR/QVM07.1.AC83.Malware.Gen 20171022
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazpy1Ky3X+wYTqQ868WvHf44) 20171022
SentinelOne (Static ML) static engine - malicious 20171019
Symantec ML.Attribute.HighConfidence 20171021
WhiteArmor Malware.HighConfidence 20171016
Ad-Aware 20171022
AegisLab 20171022
AhnLab-V3 20171021
Alibaba 20170911
ALYac 20171022
Antiy-AVL 20171022
Arcabit 20171022
Avast 20171022
Avast-Mobile 20171021
AVG 20171022
Avira (no cloud) 20171022
AVware 20171022
BitDefender 20171022
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171022
CMC 20171022
Comodo 20171022
Cyren 20171022
DrWeb 20171022
Emsisoft 20171022
ESET-NOD32 20171022
F-Prot 20171022
F-Secure 20171022
GData 20171022
Ikarus 20171022
Jiangmin 20171022
K7AntiVirus 20171019
K7GW 20171022
Kaspersky 20171022
Kingsoft 20171022
Malwarebytes 20171022
MAX 20171022
McAfee 20171022
McAfee-GW-Edition 20171022
Microsoft 20171022
eScan 20171022
NANO-Antivirus 20171022
nProtect 20171022
Panda 20171022
Sophos AV 20171022
SUPERAntiSpyware 20171022
Symantec Mobile Insight 20171011
Tencent 20171022
TheHacker 20171017
TotalDefense 20171022
TrendMicro 20171022
TrendMicro-HouseCall 20171022
Trustlook 20171022
VBA32 20171020
VIPRE 20171022
ViRobot 20171022
Webroot 20171022
Yandex 20171021
Zillya 20171021
ZoneAlarm by Check Point 20171022
Zoner 20171022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-21 11:14:33
Entry Point 0x0000164A
Number of sections 4
PE sections
PE imports
GetLastError
SetProcessWorkingSetSize
SizeofResource
GetModuleHandleA
LoadResource
LockResource
GlobalAddAtomA
GetStartupInfoA
GetFileType
IsBadStringPtrA
GetThreadTimes
GetProcAddress
FindResourceA
GetModuleFileNameA
_except_handler3
rand
_acmdln
_exit
_adjust_fdiv
srand
__p__commode
__p__fmode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__set_app_type
Number of PE resources by type
RT_ICON 12
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_GROUP_ICON 4
RT_BITMAP 3
RT_FONT 1
RT_STRING 1
RT_MENU 1
Number of PE resources by language
ENGLISH US 29
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:21 04:14:33-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2048

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x164a

InitializedDataSize
97792

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9cc129b0e8acaa0cf9c61041a7b247aa
SHA1 bc34267b2cf868dd74a0c8c4a9c9d4754fa12611
SHA256 7be8966df205b91f95f3c56ef972be0264b35c865450fb69b9861fd82748e69b
ssdeep
1536:DWiGnU/wgTQabGnU/wgTQabGnU/wgTQabGnU/wgTQaLnIv5+4+wAQnkZx+cju+gM:aDGv4Gv4Gv4GvnltbnVTgMj

authentihash c490a5e40de32fa20e6a768986c2d3c9ee81fc39e05035df170f2f76a8e519d2
imphash ba2e50054f96ef19615e4e590484b2e3
File size 98.5 KB ( 100864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-22 11:02:51 UTC ( 1 year, 7 months ago )
Last submission 2018-02-20 10:56:35 UTC ( 1 year, 3 months ago )
File names 1002-bc34267b2cf868dd74a0c8c4a9c9d4754fa12611
ms_office_update.ex_
ms_office_update.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs