» ODServ.exe
Overview
Analysis
File Details
Behaviors (1)

ODServ.exe

Office Diagnostics Service

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable ODServ.exe, “Microsoft Office Diagnostics” has been detected as malware by 13 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Microsoft Office Diagnostics Service”.

File name:

ODServ.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Office Diagnostics Service

Description:

Microsoft Office Diagnostics

Version:

12.0.4518.1014

MD5:

693287dcb8a50d76b754741397eb12f9

SHA-1:

fa62bbd8abdf918ab8dfce4bd2de7d4037e0ab14

SHA-256:

1a3defb3964108ee4ff71fa023eecc3b5241f3624d23490e802be20a222b1a9e

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

4/23/2024 4:57:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.133875

834

AegisLab AV Signature

W32.Sality

2.1.4+

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Win32:WrongInf-A [Susp]

2014.9-141024

AVG

Win32/Sality

2015.0.3312

Bitdefender

Gen:Variant.Kazy.133875

1.0.20.1485

Bkav FE

W32.HfsAutoA

1.3.0.4959

Emsisoft Anti-Malware

Gen:Variant.Kazy.133875

14.10.24

F-Secure

Gen:Variant.Kazy.133875

11.2014-24-10_6

G Data

Gen:Variant.Kazy.133875

14.10.24

MicroWorld eScan

Gen:Variant.Kazy.133875

15.0.0.891

NANO AntiVirus

Virus.Win32.Virut-Gen.bwpxnc

0.28.2.62841

VIPRE Antivirus

Threat.4758034

33706

File size:

428.3 KB (438,550 bytes)

Product version:

12.0.4518.1014

Original file name:

ODServ.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\common files\microsoft shared\office12\odserv.exe

File PE Metadata

Compilation timestamp:

10/27/2006 9:48:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:T0ASTRxIXnkixpOv5KF5nThYMBTRHROIr4Kdyj7XKUTa8m23d7KJqKWMJcjo+eCR:T09V/ai0FNHVI7XHgZQKhJgeCmMR

Entry address:

0x32398

Entry point:

E8, 8C, FC, FF, FF, E9, 9E, FD, FF, FF, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 1E, 2C, 03, 30, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 0C, 07, 00, 00, F6, C3, 01, 74, 07, 57, E8, 70, EC, FE, FF, 59, 8B, C7, 5F, EB, 13, E8, 46, 08, 00, 00, F6, C3, 01, 74, 07, 56, E8, 5A, EC, FE, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, FF, 25, 84, 12, 00, 30, FF, 25, 80, 12, 00, 30, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24... 
[+]

Code size:

208.5 KB (213,504 bytes)

Service

Display name:

Microsoft Office Diagnostics Service

Service name:

odserv

Description:

Run portions of Microsoft Office Diagnostics.

Type:

Win32OwnProcess

Remove ODServ.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.