× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7cfeec070912c721e00be23a98f4c3a3d7e2d2359ed4699c433f8bde974d9e82
File name: 2298.tmp.exe
Detection ratio: 11 / 68
Analysis date: 2018-09-23 03:30:23 UTC ( 5 months, 4 weeks ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware12 20180921
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180923
Cyren W32/Trojan.JKCK-8935 20180923
Endgame malicious (high confidence) 20180730
Kaspersky UDS:DangerousObject.Multi.Generic 20180923
Malwarebytes Trojan.MalPack.GS 20180923
Microsoft Trojan:Win32/Fuerboos.C!cl 20180923
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180923
TrendMicro-HouseCall Suspicious_GEN.F47V0921 20180923
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180923
Ad-Aware 20180923
AegisLab 20180923
AhnLab-V3 20180922
Alibaba 20180921
Antiy-AVL 20180922
Arcabit 20180923
Avast 20180923
Avast-Mobile 20180922
AVG 20180923
Avira (no cloud) 20180922
AVware 20180923
Babable 20180918
Baidu 20180914
BitDefender 20180923
CAT-QuickHeal 20180922
ClamAV 20180923
CMC 20180922
Comodo 20180923
Cybereason 20180225
DrWeb 20180923
eGambit 20180923
Emsisoft 20180923
ESET-NOD32 20180923
F-Prot 20180923
F-Secure 20180923
Fortinet 20180923
GData 20180923
Ikarus 20180922
Sophos ML 20180717
Jiangmin 20180922
K7AntiVirus 20180922
K7GW 20180922
Kingsoft 20180923
MAX 20180923
McAfee 20180922
McAfee-GW-Edition 20180923
eScan 20180923
NANO-Antivirus 20180923
Palo Alto Networks (Known Signatures) 20180923
Panda 20180922
Qihoo-360 20180923
SentinelOne (Static ML) 20180830
Sophos AV 20180923
SUPERAntiSpyware 20180907
Symantec 20180922
Symantec Mobile Insight 20180918
TACHYON 20180922
Tencent 20180923
TheHacker 20180920
TotalDefense 20180922
TrendMicro 20180923
Trustlook 20180923
VBA32 20180921
VIPRE 20180923
ViRobot 20180922
Webroot 20180923
Yandex 20180922
Zillya 20180922
Zoner 20180922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Design Science, Inc. 1990-2000

Product Microsoft Equation Editor
Original name EQNEDT32.EXE
Internal name Equation Editor
File version 00110900
Description Microsoft Equation Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-17 12:18:40
Entry Point 0x0000143A
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
SetTapeParameters
GetTapeStatus
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
CreateTapePartition
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetTapeParameters
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
GetCurrentProcessId
SetTapePosition
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
BackupWrite
GetCommandLineA
GetUserDefaultLCID
QueryPerformanceCounter
TlsFree
GetLocaleInfoW
ExitProcess
CompareStringW
FreeEnvironmentStringsA
GetCPInfo
GetProcAddress
GetStringTypeA
TlsSetValue
GetCurrentThreadId
InterlockedExchange
BackupRead
WriteFile
InterlockedIncrement
GetTimeFormatA
GetSystemTimeAsFileTime
GetDateFormatA
GetACP
HeapReAlloc
GetStringTypeW
GetTapePosition
SetEnvironmentVariableA
FreeLibrary
TerminateProcess
GetTimeZoneInformation
TlsGetValue
SetUnhandledExceptionFilter
IsValidCodePage
HeapCreate
VirtualFree
FatalAppExitA
HeapDestroy
Sleep
GetCurrentThread
SetConsoleCtrlHandler
BackupSeek
GetTickCount
PrepareTape
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
SetLastError
CompareStringA
ChangeDisplaySettingsW
EnumDesktopsA
DdeAccessData
LoadBitmapW
SetSystemCursor
BroadcastSystemMessageW
LockSetForegroundWindow
GetClipboardViewer
DlgDirSelectComboBoxExW
DdeCreateStringHandleW
SetCaretBlinkTime
GetClipboardSequenceNumber
GetDC
GetCursorPos
GetClipCursor
GetNextDlgTabItem
DdeFreeDataHandle
IsClipboardFormatAvailable
ShowCursor
SetDlgItemTextW
EnumClipboardFormats
DdeSetQualityOfService
GetClipboardOwner
GetCursorInfo
DdeCmpStringHandles
DlgDirListComboBoxW
CheckRadioButton
CreateCaret
SetProcessDefaultLayout
GetCaretPos
DdeConnectList
ChangeDisplaySettingsExW
SetWindowPlacement
GetClipboardData
DdeEnableCallback
SetClipboardData
CreateCursor
SetParent
BroadcastSystemMessageExW
DdeConnect
EnumDisplayDevicesW
GetPriorityClipboardFormat
GetDCEx
DdeClientTransaction
SwitchToThisWindow
DdeCreateDataHandle
RealChildWindowFromPoint
MapWindowPoints
DdeAbandonTransaction
GetOpenClipboardWindow
SetCaretPos
ClipCursor
SetClipboardViewer
DdeAddData
EnumDisplaySettingsExW
SendDlgItemMessageW
RegisterDeviceNotificationW
CheckDlgButton
RegisterShellHookWindow
SetWindowTextW
ScreenToClient
CountClipboardFormats
DialogBoxIndirectParamW
GetSysColorBrush
SetDlgItemInt
LoadCursorW
EnumDisplaySettingsW
ReuseDDElParam
SetForegroundWindow
ExitWindowsEx
OpenClipboard
SetLayeredWindowAttributes
LockWorkStation
FreeDDElParam
MessageBoxW
DialogBoxParamW
ChangeClipboardChain
MessageBoxExW
LoadCursorFromFileW
MessageBoxIndirectW
RegisterClipboardFormatW
RealGetWindowClassW
UnpackDDElParam
SetCursorPos
GetCursor
DefDlgProcW
SetCursor
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 3
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2000.11.9.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Equation Editor

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
248320

EntryPoint
0x143a

OriginalFileName
EQNEDT32.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright Design Science, Inc. 1990-2000

FileVersion
00110900

TimeStamp
2018:09:17 13:18:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Equation Editor

ProductVersion
3.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Design Science, Inc.

CodeSize
74752

ProductName
Microsoft Equation Editor

ProductVersionNumber
3.10.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d2e3d0d1d6a1610eb7b98dc838f6161f
SHA1 1811e4211763d9623522a50992b6edf458b25e31
SHA256 7cfeec070912c721e00be23a98f4c3a3d7e2d2359ed4699c433f8bde974d9e82
ssdeep
6144:icZEtU+I+HMG9/NX6JdnpznPruiIbpmou:icZENdP9/kJnaDo

authentihash 7131d5263d278f74142f5212d4810f0ba3b0afab0ea85c2d3426da6cec542c7f
imphash 1c66238032810af3cb8b27e04b4c4bd0
File size 316.5 KB ( 324096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.3%)
Win32 Executable (generic) (23.5%)
OS/2 Executable (generic) (10.6%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-20 19:28:12 UTC ( 6 months ago )
Last submission 2018-09-20 19:28:12 UTC ( 6 months ago )
File names 2298.tmp.exe
EQNEDT32.EXE
Equation Editor
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs