» mtw6.7a.exe
Overview
Analysis
File Details
Programs (1)
Downloads (9)

mtw6.7a.exe

MathType 6.7a

Design Science Inc.

This is a setup program which is used to install the application. This file is installed with the program MathType 6. The file has been seen being downloaded from www.packagehostmeta.com and multiple other hosts.

File name:

mtw6.7a.exe

Publisher:

Design Science, Inc. (signed by Design Science Inc.)

Product:

MathType 6.7a

Description:

MathType for Windows version 6.7a

Version:

6.7a

MD5:

82b3071178861584dc26a5208d7a593a

SHA-1:

31a4cd339eacd79ea4ea4a2f114cdd4d46bb5a97

SHA-256:

addadc57c698c57d8abee5949297afdba7a9898cdd5f6177fb31268e475d3e20

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 11:21:10 AM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

DOC:Attention.APT-Bait.MaliciousFile/Heur!1.9DC3

23.00.65.14227

File size:

6 MB (6,253,776 bytes)

Product version:

6.7a

Original file name:

stub32i.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\mtw6.7a.exe

Digital Signature

Signed by:

Design Science Inc.

Authority:

Thawte, Inc.

Valid from:

7/19/2010 2:00:00 AM

Valid to:

9/2/2012 1:59:59 AM

Subject:

CN=Design Science Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Design Science Inc., L=Long Beach, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7653681CCE279A2BD2D942EF3C9C1E21

File PE Metadata

Compilation timestamp:

3/27/2000 8:09:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:Do+ySeXvP02w+jMWZ2NaeBSLqz7v2aMqjthiR3eNyDXJNbtBuFBMWOyoSy5K3Y:D1Y8ijrZ2pBnDNthiZeNyDXJJOBJO9/

Entry address:

0x83F7

Entry point:

55, 8B, EC, 6A, FF, 68, 10, 23, 41, 00, 68, 30, B5, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, E8, 21, 41, 00, 33, D2, 8A, D4, 89, 15, 30, 53, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 2C, 53, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 28, 53, 41, 00, C1, E8, 10, A3, 24, 53, 41, 00, 33, F6, 56, E8, E0, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 11, 2F, 00, 00, FF, 15, EC, 21, 41, 00, A3, E4, 68, 41, 00, E8... 
[+]

Entropy:

7.9897

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

68 KB (69,632 bytes)

The file mtw6.7a.exe has been discovered within the following program.

MathType 6 by Design Science, Inc.

Publisher's description - “MathType is a powerful interactive equation editor for Windows and Macintosh that lets you create mathematical notation for word processing, web pages, desktop publishing, presentations, elearning, and for TeX, LaTeX, and MathML documents.”

www.dessci.com

4% remove it

The file mtw6.7a.exe has been seen being distributed by the following 9 URLs.

http://www.packagehostmeta.com/a21qFDhFhjF1yH1DQuOKyiBkSvqORB6vGUy9zcpFSKcphlEbK1SWEwgqFaXdCVmN3lXWXxqjaMTMvVt_1agtPyA0T8ISVIRlzfC77EO2me QXcmSXtYRxf6gumxZlJ4aYKwLiA_GX3ZfpXgWbMbVGUF73N6YUqtzAsNRwAP4EzYSnoOrND7HpGh_e3VzN8870EF4H2daLr9llFCM6yeEHD7bUnnGqeHu1eej50SiT50sc7RfQqoZNo1QIK3SxdEKuZwoC67hhvaitGupEO7s7As5jpbCXBwik3z B4t6Pkwc3w5KNIDfrfbZcNBTa2WHI_gFey4Kqu5I_REq p621Na39F_vtbOBAQXEfGQMu2FgjXalR2S8 YJmdSIxBJTl9yAVAhGMZRggda2OS55yM5XlCc5apbnr1iXbKS GK58LS_0HgeEajbTNUjo0sZ Qh2LqF7_I4NV c7ab6jkcCy5mg4ELTJo4o8730mu1SJZQS3oOEs=-G24AAETn1poRQ2KmyD7HkIBuIDo5YP_3W4Ec2xIOgAO3IXj8QiOQPo90jSfwT llSYuGngfyuRwi8EMa5uofUq9zK3tiiFWCdDCuJKPxa75BzQw=

http://download776.mediafire.com/5l6a856zdeyg/.../MTW6.7a Rahatsoftware.blogspot.com.exe

http://down01.waxoo.com/c79d01a69e28ad9bd5d0bd0f9d7858ed.exe/mathtype?id_file=185&expire=1418150638/413/signature=6d3cb8bb254cb964a89a92ed08cb21cf/.../mathtype

http://download1751.mediafire.com/m464327hqwng/.../MTW6.7a Rahatsoftware.blogspot.com.exe

https://collab.itc.virginia.edu/access/content/group/6e1bbd04-9c80-41aa-beee-4e4db1ef3cdd/Software/.../MTW6.7a.exe

https://www.dessci.com/en/.../MTW6.7a.exe

http://down01.wxsrv.com/descargando/024/185/mathtype/.../mathtype.exe

http://www.cdmail.ru/.../go.php?action=download&id=13741&key=2732025

http://www.dessci.com/en/.../MTW6.7a.exe

Scan mtw6.7a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.