» editscript 10.12.exe
Overview
Analysis
File Details
Downloads (1)

editscript 10.12.exe

eScriptionDownloader

Axiom Technologies

The executable editscript 10.12.exe has been detected as malware by 16 anti-virus scanners. The file has been seen being downloaded from umichhs.escriptionasp.com.

File name:

Publisher:

Axiom Technologies

Product:

eScriptionDownloader

Version:

10.12

MD5:

ddc7800f67344ee9ed83bf2d17f9d500

SHA-1:

daefa4f7ae45c3f94f138a5f0bf0320285d51f59

SHA-256:

23025d94dab2c354651ed706dc1ee83c4772b46eafbf0c7f2d149aaf3276ae26

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

7/17/2025 1:27:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.44428

682

Bitdefender

Gen:Variant.Kazy.44428

1.0.20.415

Comodo Security

UnclassifiedMalware

21432

Emsisoft Anti-Malware

Gen:Variant.Kazy.44428

8.15.03.24.03

F-Prot

W32/VB-Dialog-Spyer-based!Maxim

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.44428

11.2015-24-03_3

G Data

Gen:Variant.Kazy.44428

15.3.25

herdProtect (fuzzy)

variant of escriptiondownloader.exe

2015.6.29.14

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

McAfee

Artemis!DDC7800F6734

5600.6816

MicroWorld eScan

Gen:Variant.Kazy.44428

16.0.0.249

Qihoo 360 Security

Win32/Trojan.496

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.8.22

Trend Micro House Call

TROJ_GEN.R047C0ECE15

7.2.83

Trend Micro

TROJ_GEN.R047C0ECE15

10.465.24

VIPRE Antivirus

Trojan-Spy.Win32.VB.Dialog!cobra

38474

File size:

276.1 KB (282,697 bytes)

Product version:

10.12

Original file name:

eScriptionDownloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\editscript 10.12.exe

File PE Metadata

Compilation timestamp:

5/17/2013 11:58:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:kl3oVKAou9iHzubHh6Z4AcgvlsBNv1w2NO3w08B91EcBsp1scViwzmjfum8aM5U2:e4RI1/aChj

Entry address:

0x72DC

Entry point:

68, 8C, 96, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 0E, 03, 67, F8, 4A, 3E, D2, 4E, A4, 44, 18, 4B, 87, F0, 2F, A7, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, 86, 50, 82, 01, 45, 53, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 56, 31, 30, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, BF, EB, B8, 06, DA, A3, 97, 4A, 9F, 2C, 14, 9B, E9, F0, 0D, CF, 4E, E2, 1E, FB, DD, B9, 82, 4B, AE, E5, 31, 7D, 9D, 36, B2, 26, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

5.6017

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

256 KB (262,144 bytes)

The file editscript 10.12.exe has been seen being distributed by the following URL.

https://umichhs.escriptionasp.com/Downloads/.../downloader.exe

Remove editscript 10.12.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.