» hofficeviewer2010se.exe
Overview
Analysis
File Details
Downloads (1)

hofficeviewer2010se.exe

POSTMEDIA Co.,Ltd

The application hofficeviewer2010se.exe by POSTMEDIA Co.,Ltd has been detected as adware by 12 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.winutil.co.kr.

File name:

Publisher:

POSTMEDIA Co.,Ltd (signed and verified)

Description:

utiltop

Version:

1.1.0.1

MD5:

e461d53953150b9248aba7c52223a9af

SHA-1:

d75df5e42988044a1ac5c54b23bc246034164b21

SHA-256:

2f5559ed64f9e87b9503706f70e76767ff92ad922a8b74714fb6e38e3dc8a502

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/26/2024 3:48:54 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downware

7.1.1

AhnLab V3 Security

PUP/Win32.UtilTop

2014.09.21

AVG

Generic5

2015.0.3263

Dr.Web

Adware.Downware.1922

9.0.1.0345

Malwarebytes

Adware.KorAd

v2014.12.11.12

McAfee

Artemis!1310EAD5DC02

5600.6919

NANO AntiVirus

Trojan.Win32.Downware.cudbhg

0.28.2.62151

nProtect

Adware/W32.KrAdword.1895824

14.03.15.01

Reason Heuristics

PUP.POSTMEDIACoLtd.T

14.12.11.23

SUPERAntiSpyware

PUP.UtilTop/Variant

10184

Trend Micro House Call

TROJ_GEN.F47V0122

7.2.345

VIPRE Antivirus

Trojan.Win32.Generic

33300

File size:

1.8 MB (1,895,824 bytes)

Product version:

1.1.0.1

Original file name:

utiltop.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\hofficeviewer2010se.exe

Digital Signature

Signed by:

POSTMEDIA Co.,Ltd

Authority:

Thawte, Inc.

Valid from:

10/15/2012 8:00:00 PM

Valid to:

1/15/2015 6:59:59 PM

Subject:

CN="POSTMEDIA Co.,Ltd", OU=Dev Team, O="POSTMEDIA Co.,Ltd", L=Nam-gu, S=Busan, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1A0F99EE00FE980DD6E95535BDC8BB31

File PE Metadata

Compilation timestamp:

8/22/2013 12:52:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:r5SQhikuLR9AV1bGUxVGdMsB4FgNhmUiZ20fGC35Liynuhn+O:MQhikuUVEUxVGdPB4FgnafX35Liyo+O

Entry address:

0x10CAF4

Entry point:

E8, 0F, 7B, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 90, 5C, 58, 00, 75, 02, F3, C3, E9, 96, 7B, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, 98, 23, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 7E, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, 7A, 23, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, F8, 06, 00, 00, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 10, 85, C9, 74, 1B, 8B, 45, 0C, 0F, B7, D0, 8B, C2... 
[+]

Entropy:

6.3736

Code size:

1.2 MB (1,257,984 bytes)

The file hofficeviewer2010se.exe has been seen being distributed by the following URL.

http://www.winutil.co.kr/dn.asp?pcode=1001&seq=29196

Remove hofficeviewer2010se.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.