home

CVH.exe

Microsoft Office 2010

Microsoft Corporation

This is a setup program which is used to install the application. This is installed with multiple programs including Microsoft Office Click-to-Run 2010. The file has been seen being downloaded from webmail.moa.gov.my and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 2010

Description:
Microsoft Office Client Virtualization Handler

Version:
14.0.4750.1000

MD5:
2aa659e0814fc004a320775735c4ad54

SHA-1:
1f9e035eea22cd40b340bf03fb3af393bc722347

SHA-256:
286db1e4db55d42910f2ef6f65a2bdd8603f48690d89c44ba510c56270135345

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
5/13/2024 2:54:27 AM UTC  (today)

File size:
3.1 MB (3,207,072 bytes)

Product version:
14.0.4750.1000

Copyright:
© 2010 Microsoft Corporation. All rights reserved.

Original file name:
CVH.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\microsoft shared\virtualization handler\cvh.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/7/2009 11:40:29 PM

Valid to:
3/7/2011 11:40:29 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6101CF3E00000000000F

File PE Metadata
Compilation timestamp:
2/28/2010 10:25:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:nzYeKBUvdTKzpai+eQAP7xPgA6Vaq37SMUccgjHMXGLHkJEwAKD:t4ai427xPgZaASpqDI

Entry address:
0x1202F9

Entry point:
E8, 2C, FC, FF, FF, E9, 37, FD, FF, FF, FF, 25, 60, 11, 00, 2E, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, ED, 09, 12, 2E, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, B7, 01, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, CD, FF, FF, FF, 59, 8B, C6, 5E, EB, 14, E8, AC, 06, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, B6, FF, FF, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, FF, 25, 54, 11, 00, 2E, FF, 25, 48, 11, 00, 2E, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1...
 
[+]

Code size:
2.5 MB (2,634,240 bytes)

Shell Open Command
Open type:
wordhtmlfile

Command:
"C:\Program Files\common files\microsoft shared\virtualization handler\cvh.exe" "microsoft word starter 2010 90140066040e0000" "%1" %*


The file CVH.exe has been discovered within the following programs.

Hacer clic y ejecutar de Microsoft Office 2010  by Microsoft Corporation
Publisher's description - “Hacer clic y ejecutar es una nueva forma de entregar y actualizar Microsoft Office para los clientes de banda ancha. Hacer clic y ejecutar utiliza la virtualización de Microsoft y tecnologías de transmisión por secuencias.”
support.microsoft.com/kb/2028653/es
8% remove it
Microsoft Office « Démarrer en un clic » 2010  by Microsoft Corporation
Publisher's description - “Office « Démarrer en un clic » fait appel à la technologie d’émission en continu et de virtualisation de Microsoft. Celle-ci permet de réduire sensiblement la durée de téléchargement.”
office.microsoft.com
12% remove it
Microsoft Office a portata di clic 2010  by Microsoft Corporation
Publisher's description - “Microsoft Office a portata di clic è un nuovo sistema di distribuzione del software ottimizzato per gli utenti privati che dispongono di connessioni a banda larga (almeno 1 Mbps).”
5% remove it
Microsoft Office Click-to-Run 2010  by Microsoft Corporation
Office Click-to-Run is a new way for broadband customers to obtain Microsoft Office and to update Office 2010. Office Click-to-Run uses the virtualization and streaming technologies of Microsoft.
12% remove it
Microsoft Office Klick-und-Los 2010  by Microsoft Corporation
Publisher's description - “Klick-und-Los ist eine neue Technologie für die Bereitstellung und Aktualisierung von Microsoft Office für Kunden mit Breitbandverbindungen, der auf die Streaming- und Virtualisierungstechnologie von Microsoft aufsetzt.”
4% remove it
Microsoft Office Klik og kør 2010  by Microsoft Corporation
Publisher's description - “Opdateringerne af Klik og kør-produkter skubbes automatisk til computeren, men det kan være nødvendigt at lukke Office-programmerne, før opdateringerne kan anvendes.”
4% remove it
Microsoft Office Klik-en-Klaar 2010  by Microsoft Corporation
Publisher's description - “Microsoft Office Click-to-Run uses Microsoft streaming and virtualization technology to significantly reduce the time that is required for you to download and begin experiencing the new features of Microsoft Office 2010.”
4% remove it
Microsoft Office Klikk og bruk 2010  by Microsoft Corporation
7% remove it
Microsoft Office Klikni a spusti 2010  by Microsoft Corporation
1% remove it
Search Protect  by Conduit Ltd.
From the Terms of Service: "Search Protect is a separate piece of software installed on your hard-drive in connection with your installation of a Toolbar. It is designed to protect your Search settings from takeover by third parties.
84% remove it
 
Latest 20 of 14 programs
Powered by Should I Remove It?

The file CVH.exe has been seen being distributed by the following 5 URLs.

https://webmail.moa.gov.my/service/home/.../CVH.EXE

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-5OA3OPpw6Yc8xEuB_a3nS_ZEOg3Qv6YcADl582QSQIxDRj9XtsWBu25L1njq071Aq2B7MtMVu5YN8JowUs90aw/messages/@.id==AMu_imIAEEO1V8TSJgF66MpnQ54/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBY14kKhZKyXZPAkBsDXKxuhciuP5aOfiKd7kHLAZhaMl-bEbpgsxj23k5PYf47Qep-24ROmVzZmoO_UokIo2GAM&error=https://mg.mail.yahoo.com/.../iframemsg?id=5f1f480d-72dc-30f0-ba24-aeae0579491f&ymreqid=fc2053e0-a022-ced4-01ba-bc0027010000

http://s6748.chomikuj.pl/File.aspx?e=0r9h3W3Iz7fVkUkrjtMj4gEV1awYdB9zd9S0zbq-RZjizHS6xsdPaKwD4TquJ4FMXVJEWdpBbUDf8PVY_bhl1ZckXUeKuRXRvbSUgL994ky5JWWO8Ju84NXJ9nvSsaBvHRb-jTfM_s-qwvAEsEdhHg&pv=2

temp:CVH.EXE

http://s10217.chomikuj.pl/File.aspx?e=0r9h3W3Iz7fVkUkrjtMj4vPbQZNqdWjJ0DovXq3VvhNtXdzeSr6LgVOuRk5HOUEdJ4OfsMq_WzbMKqvXBPwqVMiPh9MYxvaVeFE49w4Vt_qnlA-0-rYfp3xv8Ox9QHkE-x9jXo-4u6e_M2ah-9DAJg&pv=2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.