» StWrIV.exe
Overview
Analysis
File Details
Behaviors (1)

StWrIV.exe

StyleWriter 4

Editor Software (UK) Ltd

It runs as a scheduled task under the Windows Task Scheduler.

File name:

StWrIV.exe

Publisher:

Editor Software (UK) Ltd (signed and verified)

Product:

StyleWriter 4

Description:

StyleWriter 4 MFC Application

Version:

4, 0, 4, 6

MD5:

d8784d9c0f4e2f7792e3792268ff84c5

SHA-1:

dcc763759982f709a90d994f67f163861c093e08

SHA-256:

27657c0a4495a7e2f1dc0054fc6291ad192a06f764cd44d7e29019c8730b1f82

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 2:52:46 PM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Rising Antivirus

PE:Malware.AntiWare!1.9D9B

23.00.65.16723

File size:

2 MB (2,118,560 bytes)

Product version:

4, 0, 4, 6

Original file name:

StWrIV.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\editor software\stylewriter 4\stwriv.exe

Digital Signature

Signed by:

Editor Software (UK) Ltd

Authority:

VeriSign, Inc.

Valid from:

5/14/2012 8:00:00 PM

Valid to:

5/28/2014 7:59:59 PM

Subject:

CN=Editor Software (UK) Ltd, OU=Digital ID Class 3 - Microsoft VBA Software Validation v2, O=Editor Software (UK) Ltd, L=Dursley, S=Gloucestershire, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

564FBF0331C01C161D15A655FDC21DF4

File PE Metadata

Compilation timestamp:

5/20/2012 6:13:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:anf58omfT4pvdfsujLxvnkI1fmtWf7x/LD2cRaP3I9:aR8FT4pvFlvb+cxD2ceq

Entry address:

0xB83C8

Entry point:

0F, C8, 0F, C0, C0, EB, 04, B5, 52, AE, 4D, 60, C7, C2, 4B, 31, EE, 34, E8, 09, 00, 00, 00, B5, E1, D8, B4, A7, 97, 33, 92, 57, 5D, B0, 5B, 2A, D6, 0A, C2, 86, FB, 68, E0, 68, 7B, 08, 58, 0F, BA, E2, 9B, BA, D1, 0C, 06, 00, 0F, AB, E9, D3, DE, 29, E9, 68, B4, 00, 00, 00, 31, E9, 0F, BA, EF, DF, C1, DB, E6, 5B, 8B, FD, 89, C9, EB, 06, 67, FD, 3E, 9B, 17, 8D, 84, CB, BF, 77, 1C, 94, DD, 0F, AF, CD, 03, DD, 81, F1, AE, 71, 6A, AB, F7, D1, EB, 09, 92, B4, 70, 07, 55, 14, 50, 12, 1B, 8B, CA, C7, C1, 4E, C6, 95... 
[+]

Entropy:

7.9187 (probably packed)

Code size:

520 KB (532,480 bytes)

Scheduled Task

Task name:

{1C2951A4-1D41-44C5-923C-8B4717A9D944}

Trigger:

Registration (Runs on registration)

Scan StWrIV.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.