EIOffice.exe

EIOffice

Wuxi Evermore Software, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EIOPersonal’.
Scan EIOffice.exe - Powered by Reason Core Security
Publisher:
Wuxi Evermore Software, Inc.  (signed and verified)

Product:
EIOffice

Description:
Evermore Integrated Office

Version:
5.0.10.0

MD5:
b115cedab0f80fdcdbd2238d3ec74f62

SHA-1:
bdfb0bdb6702b2a9fcc1d5ad2b45f254bfa6666a

SHA-256:
53018902a3a4487242e7e9528e3fb322c3ebb48dcd800e208a777a39695cddcc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/9/2016 10:53:17 AM UTC  (today)

File size:
79.8 KB (81,752 bytes)

Product version:
5.0

Copyright:
Copyright (C) 2001-2008 Wuxi Evermore Software, Inc. All rights reserved.

Original file name:
EIOffice.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
WoSign, Inc.

Valid from:
5/16/2008 8:00:00 AM

Valid to:
5/17/2009 7:59:59 AM

Subject:
CN="Wuxi Evermore Software, Inc.", OU=Class 3 - for Microsoft Authenticode Signing, O="Wuxi Evermore Software, Inc.", L=Wuxi, S=Jiangsu, C=CN

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
008936FF00FF8ED4D92556D8CE05214E49

File PE Metadata
Compilation timestamp:
8/22/2008 1:59:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:0ot2grz3NYHoZUSGj0gH6lhox9S1fiBPQn:Jh/9mqUS2Na3ox01KPQn

Entry address:
0x5538

Entry point:
55, 8B, EC, 6A, FF, 68, B8, D1, 40, 00, 68, 20, 87, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 18, D1, 40, 00, 33, D2, 8A, D4, 89, 15, 84, 08, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 80, 08, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 7C, 08, 41, 00, C1, E8, 10, A3, 78, 08, 41, 00, 33, F6, 56, E8, DF, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, AF, 00, 00, 00, 59, 89, 75, FC, E8, D0, 2E, 00, 00, E8, 2A, 2E, 00, 00, A3, 00, 1F, 41, 00, E8, B3...
 
[+]

Entropy:
5.7580

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EIOPersonal

Command:
C:\instill\eioffice\eioffice.exe "?q?"


Scan EIOffice.exe - Powered by Reason Core Security