home

dwh38.exe

office13

Product:
office13

Version:
1.0.0.0

MD5:
7a22a10ab67adada5f9049c647e1b666

SHA-1:
332864864cedbbcf9ff95fffc5f6eab9e3fbe3d3

SHA-256:
986d2a5fd2f54ed146d1dd6b5c043b56b62be75813cdbe6026a1a5726281e3df

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 9:41:20 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Cloda4d.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt.Win32.ActivatorMS.~H
17561

McAfee
RDN/Generic.dx!cg3
5600.7267

Panda Antivirus
Suspicious file
13.12.29.10

Trend Micro House Call
TROJ_GEN.R03WH06IB13
7.2.363

File size:
140.5 KB (143,872 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
office13.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\dwh38.exe

File PE Metadata
Compilation timestamp:
4/18/2013 9:53:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:hxjUEl7YokJJ2L73+/egVljxg28VQXOZxIa6NeXrHWT9VNJt/Wz1KX7ePbOr:/jzl7Li/FjxJ8VMOZ+aPHWT9/WI6S

Entry address:
0x2471E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.4775

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
138 KB (141,312 bytes)

Scan dwh38.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.