home

octres.dll

Microsoft Office Customization Tool Resources

Microsoft Corporation

OCTres provides the localized resources of the Korean language version (strings, images, icons, menu items) for the MS Office Customization tool. OCT is part of the Setup program and used to customize the installation of the Windows Installer-based Office. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office Customization Tool Resources

Version:
14.0.4759

MD5:
51beebb7fd80211a28dc6893aebff572

SHA-1:
c63b6e3d1c145225098d00860af302fc00ccc3db

SHA-256:
891aff3f55e8398c9186dade462edf8981f887834bcf85d24d0a7257d8440e42

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
5/4/2024 9:46:10 AM UTC  (today)

File size:
385.9 KB (395,160 bytes)

Product version:
14.0.4759

Copyright:
© 2010 Microsoft Corporation. All rights reserved.

Original file name:
octres.dll

File type:
Dynamic link library (Win64 DLL)

Language:
Korean (Korea)

Common path:
C:\windows\temp\microsoft office professional plus 2010 sp1 x64\admin\ko-kr\octres.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/8/2009 2:10:29 AM

Valid to:
3/8/2011 2:10:29 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6101CF3E00000000000F

File PE Metadata
Compilation timestamp:
3/11/2010 8:05:24 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:d2Gh8/0D7UGIPCDT3iek/o3Dt0em/OZWT7tw1/i950:d337nhP3iN/o6cWf6

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7367

The file octres.dll has been seen being distributed by the following 4 URLs.

https://mega.nz/temporary/.../e5tmBLKJ

ftp://192.168.2.250/YEDEK PROGRAMLAR/OFFICE2010/OFFICE 2010 Professional Plus VL (64 BIT)/Admin/.../octres.dll

ftp://dl.sbu.ac.ir/Programs & Tools/OFFICE/Microsoft Office 2010 Professional Plus SP1 64bit/Admin/.../octres.dll

ftp://smftp.sundarammutual.com/sbfs/Office 2010 64 Bit/Admin/.../octres.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.