home

flhwjyau.exe

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from cl7c1.pogoplug.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Version:
14.0.4730.1010

MD5:
aed12a13590267b2653be2aaa07a8fd1

SHA-1:
7c2f2d5f8c273724eec70a9efa2ddd800fe3265f

SHA-256:
9a120868ba7776fd784d1303e8bc90a1ab1519df73615b61f324c02ff2d2df44

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/17/2024 11:39:12 PM UTC  (a few moments ago)

File size:
718.5 MB (753,387,136 bytes)

Product version:
14.0.4730.1010

Copyright:
© 2010 Microsoft Corporation. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\flhwjyau.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/7/2009 11:40:29 PM

Valid to:
3/7/2011 11:40:29 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6101CF3E00000000000F

File PE Metadata
Compilation timestamp:
1/10/2010 5:21:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12582912:ZkcXnRfPK3kdUV+W32L5AnU/LGpt3CZdoZ6j31mU1q9QJjEDOnHYFxLoFP:ZLXnR3K0qV+k2QtyZd46jF31qqZ4/LoP

Entry address:
0x2DBC2

Entry point:
E8, 7B, 39, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 24, 03, 00, 00, 8B, FF, 51, C7, 01, 78, 97, 00, 2E, E8, F3, 39, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 2B, 3A, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 7C, 97, 00, 2E, 8D, 7D, E0, F3, A5...
 
[+]

Entropy:
7.9999  (probably packed)

Code size:
277 KB (283,648 bytes)

The file flhwjyau.exe has been seen being distributed by the following 50 URLs.

http://cl7c1.pogoplug.com/svc/files/XCLDPV8ZBR49ADSU2LGRDEHKJ6/XCLDPV8ZBR49ADSU2LGRDEHKJ6/TEq5Eqi5UOvt1i3X4Q-ilA/.../Office_Professional_Plus_2010_64Bit_English_X16-32213.exe

https://docs.google.com/uc?export=download&confirm=eV4h&id=0B112CmdU7UnEbGRWRDRlQlhINHM

https://docs.google.com/uc?export=download&confirm=TKv6&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

https://docs.google.com/uc?export=download&confirm=fBvq&id=0B112CmdU7UnEbGRWRDRlQlhINHM

http://www.digisoftstore.com/edownload.asp?eid1=188&eid2=L6hv0Ww718SvY7Q&file=1

https://docs.google.com/uc?export=download&confirm=VuZE&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

https://app.box.com/index.php?rm=box_download_shared_file&shared_name=iaugk9ehj4gx1q4pn3u0lpm5fnafxkue&file_id=f_131888454596

https://docs.google.com/uc?export=download&confirm=yRqq&id=0B0euU96RkvqcOGRHYS1xVlFhNFE

https://docs.google.com/uc?export=download&confirm=WpK9&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

https://docs.google.com/uc?export=download&confirm=WWhS&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

https://docs.google.com/uc?export=download&confirm=cO2a&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

https://docs.google.com/uc?export=download&confirm=kVCV&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

https://docs.google.com/uc?export=download&confirm=5euj&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

http://linkshrink.net/5sKtG

http://linkshrink.net/5aXqk

https://docs.google.com/uc?export=download&confirm=p10o&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

https://docs.google.com/uc?export=download&confirm=b2Bw&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

http://113.171.224.243/.../ProfessionalPlus.exe

https://docs.google.com/uc?export=download&confirm=fGuy&id=0B112CmdU7UnEbGRWRDRlQlhINHM

http://linkshrink.net/5Cejw

http://linkshrink.net/5ESou

http://linkshrink.net/5rn1J

http://linkshrink.net/5NsTz

https://docs.google.com/uc?export=download&confirm=HWc8&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

https://docs.google.com/uc?export=download&confirm=HYFS&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

https://docs.google.com/uc?export=download&confirm=-yZM&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

https://docs.google.com/uc?export=download&confirm=kfk2&id=0B_16l2MUEcNWMXdHa0c4YmFFb1U

http://www82.uptobox.com/d/.../ProfessionalPlus.exe

https://docs.google.com/uc?export=download&confirm=Xbn4&id=0B2H2_WfC2XI4ZGo5clRncUhldm8

https://docs.google.com/uc?export=download&confirm=BYrB&id=0B112CmdU7UnEbGRWRDRlQlhINHM

Latest 30 of 158 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.