» ose.exe
Overview
Analysis
File Details
Behaviors (1)

ose.exe

Office Source Engine

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable ose.exe has been detected as malware by 12 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Office Source Engine”.

File name:

ose.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Office Source Engine

Version:

15.0.4454.1000

MD5:

1a5ded104be5dd30b3ea2cbc3dabdf11

SHA-1:

8c726194245e9400d80b12bc222906d19e6fb69b

SHA-256:

dad56812a6b0142fd939c3efdc40c04935e0d27f8cac7cbff54e5af1d8e79289

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/18/2024 12:35:40 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160118-1

AVG

Win32/Floxif.A

2015.0.4489

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

10.0.0.5366

ESET NOD32

Win32/Floxif.H virus

7.0.302.0

F-Prot

W32/Floxif.B

4.6.5.141

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!1A5DED104BE5

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5568.0

Norman

Win32.Floxif.A

03.02.2016 07:38:05

Sophos

Virus 'W32/Floxif-C'

5.23

VIPRE Antivirus

Threat.4760052

46830

File size:

223.5 KB (228,879 bytes)

Product version:

15.0.4454.1000

Original file name:

ose.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\common files\microsoft shared\source engine\ose.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

9/4/2012 9:42:09 PM

Valid to:

3/4/2013 9:42:09 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000009D1E8D27AEB8F3D83800010000009D

File PE Metadata

Compilation timestamp:

11/7/2012 6:37:38 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

3072:1Uu5AVloLzF4R+iA9aI6Ks2pyahou2lQBV+UdE+rECWp7hKuc:1UtoLzFbi9I6KoQVBV+UdvrEFp7hKuc

Entry address:

0x10F52

Entry point:

E9, A5, F7, FF, FF, E9, 81, FE, FF, FF, 3B, 0D, 4C, 10, 42, 00, 0F, 85, 7B, 30, 00, 00, F3, C3, FF, 35, 3C, 29, 42, 00, FF, 15, 5C, 11, 40, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 5A, 1F, 00, 00, 6A, 01, 6A, 00, E8, 8A, 31, 00, 00, 83, C4, 0C, E9, 4F, 31, 00, 00, C7, 01, D8, 21, 40, 00, E9, 64, 32, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, D8, 21, 40, 00, E8, 51, 32, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, A5, 00, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8... 
[+]

Entropy:

7.1900

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

128 KB (131,072 bytes)

Service

Display name:

Office Source Engine

Service name:

ose

Description:

Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.

Type:

Win32OwnProcess

Remove ose.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.