home

runme.exe

Microsoft Graphics Studio Home Publishing & Greetings

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from enhanced.charter.net.
Publisher:
Microsoft Corporation

Product:
Microsoft Graphics Studio Home Publishing & Greetings

Version:
4.0.0.0

MD5:
f4f4bed813340a3d30136e22521e2ca8

SHA-1:
c75a7872cd8ae6fb0131cdcdfc7bb8735750bbd4

SHA-256:
fa6f50558f60675c2a11c78f5cca6356977774aa325fb563972cad1a39073205

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 11:02:07 PM UTC  (a few moments ago)

File size:
132.9 KB (136,127 bytes)

Product version:
4.0.0.0

Copyright:
Copyright © 1999

Trademarks:
Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

Original file name:
GWIG.EXE

File type:
Executable application (Win16 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\runme.exe

File PE Metadata
OS version:
28.10877

OS bitness:
Win16

Subsystem:
Windows Console

Linker version:
2.0

CTPH (ssdeep):
3072:DbRb9bz82/tG4uuqzDBU2sx5n7kFBkY8J5:hb9v/tG2Zj7mkY8

Entry address:
0xC000B8

Entry point:
4D, 5A, 14, 01, 01, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 72, 65, 71, 75, 69, 72, 65, 73, 20, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 20, 57, 69, 6E, 64, 6F, 77, 73, 2E, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7909  (probably packed)

Code size:
256 KB (262,146 bytes)

The file runme.exe has been seen being distributed by the following URL.

http://enhanced.charter.net/viewattachment?clientId=1437010520332&locale=en-us&accountId=&folder=INBOX&uid=87919&part=1&disp=attachment

Scan runme.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.