ep_ms_word_2010_addin_v2_3.exe

Deutsche Post AG

This is a setup program which is used to install the application. The file has been seen being downloaded from www.deutschepost.de and multiple other hosts.
Publisher:
Deutsche Post AG  (signed and verified)

MD5:
876112ba7bb404db8bdc4ef51da03f10

SHA-1:
3408f70f14bfe64c6994bebf03698494e4f021e5

SHA-256:
606de31b472b4579e43a7a80d939e0e1393cc4ed283ba245c1b802c8ef11da91

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
2/23/2018 3:06:17 PM UTC  (today)

File size:
2.7 MB (2,877,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ep_ms_word_2010_addin_v2_3.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/27/2010 2:00:00 AM

Valid to:
5/27/2013 1:59:59 AM

Subject:
CN=Deutsche Post AG, OU=Mail, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Deutsche Post AG, L=Bonn, S=Nordrhein-Westfalen, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
325C9D59668FB1E0D50FD00E896CC130

File PE Metadata
Compilation timestamp:
5/28/2011 6:04:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:n4R1VnMYUFqAYZiH2gCI32qiGizd2HkBAm4XNst3hnDXdzYKqNnYozePVGPOmwq:n4RELgAggCJGiRNQXi3hnDNcjBOVG2mZ

Entry address:
0x9AFD

Entry point:
E8, 1E, FF, FF, FF, 33, C0, 50, 50, 50, 50, E8, 40, 2C, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 78, 98, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 22, 9D, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 18, E2, 40, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 1C, E2, 40, 00, 8D, 45, E4...
 
[+]

Code size:
51.5 KB (52,736 bytes)

The file ep_ms_word_2010_addin_v2_3.exe has been seen being distributed by the following 2 URLs.

Scan ep_ms_word_2010_addin_v2_3.exe - Powered by Reason Core Security