home

mbox2eml.exe

Outlook Import Software

This is a setup program which is used to install the application. The file has been seen being downloaded from www.outlookimport.com and multiple other hosts.
Publisher:
Outlook Import Software

Version:
5.0.1.0

MD5:
867c287656b642553de0ed1b132f3fa7

SHA-1:
2f157702922c2130e85186fd3a5f35e5c7fbb426

SHA-256:
dd207f0e49d888ac7395edf0887ab31ab934959ceecf848ece5bc0d8f2c260ad

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 12:19:22 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

Quick Heal
(Suspicious) - DNAScan
3.14.12.00

File size:
451 KB (461,824 bytes)

Product version:
5.0.1.0

Copyright:
Outlook Import Software

Trademarks:
Outlook Import Software

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\outlook import wizard\mbox2eml.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:oust2EebI0Er5W5JrnqEAKEgMTsuW1K3Dnst1ZC+Hb:oh0ek5Jrq3rLpW4DstzCE

Entry address:
0x1000

Entry point:
68, 01, 40, 4E, 00, E8, 01, 00, 00, 00, C3, C3, 1C, 66, E0, 0C, FF, D1, BF, 26, 01, 03, 9B, F7, D0, 2B, CD, BB, 68, 70, 87, 1A, 29, 30, 98, 48, 09, D3, 56, A3, 7C, 1F, EB, CE, 5D, 9A, C8, 08, CF, 3C, 6E, 72, 32, 96, B2, 85, 8A, A7, 3D, 69, 09, 54, 79, 2F, B8, E4, 3E, C0, ED, 84, 31, 14, E0, 9E, 00, C2, C3, B5, 47, 86, FF, 32, B9, BE, 9C, 45, 10, F0, 79, 76, E0, 79, 7E, 6A, 93, 3F, BD, F1, 18, 36, 3D, F7, 28, 8A, 4D, 01, 70, 22, D6, 86, 75, D2, 05, 71, 61, CB, 84, 8E, 37, 87, AC, A0, 9E, 60, B5, 54, 89, FA...
 
[+]

Entropy:
7.9431

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
769.5 KB (787,968 bytes)

The file mbox2eml.exe has been seen being distributed by the following 3 URLs.

http://www.outlookimport.com/it/.../mbox-eml-extractor.exe

http://www.outlookimport.com/.../mbox2eml.exe

http://www.outlookimport.com/.../mbox-eml-extractor.exe

Scan mbox2eml.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.