WinWord.exe

2007 Microsoft Office system

Microsoft Corporation

The WinWord executable is the primary user interface for Microsoft Word. The file is part of Microsoft Office 2007. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
2007 Microsoft Office system

Description:
Microsoft Office Word

Version:
12.0.6700.5000

MD5:
1938af3906c6241cdb5bb14c417e9e15

SHA-1:
191bdc8b822328c740ee9051cef2db42df55311c

SHA-256:
48c1cad2576204fd96af7546cb8c531c5c43a30f8f7a9db097b355a0957f7173

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/10/2016 5:48:26 PM UTC  (today)

File size:
400.2 KB (409,776 bytes)

Product version:
12.0.6700.5000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
WinWord.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\microsoft office\office12\winword.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
4/22/2014 7:39:00 PM

Valid to:
7/22/2015 7:39:00 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000CA6CD5321235C4E1550001000000CA

File PE Metadata
Compilation timestamp:
5/16/2014 10:49:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:NMsHe0BivO39zYpmH+kAzkA7ZUgbc6AYJ8rEdrEbAgMMV6NX5ZNeVgjYfhTHr:N1nIO39YAeNLFjAYarEdrEb5P6VxY1L

Entry address:
0x10DC

Entry point:
E8, 05, 00, 00, 00, E9, DD, 00, 00, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 57, 68, B0, 11, 00, 30, 68, 94, 11, 00, 30, FF, 15, 38, 10, 00, 30, 50, FF, 15, 08, 10, 00, 30, 8B, F0, 85, F6, 74, 0F, 6A, 00, 6A, 00, 6A, 01, FF, 15, 3C, 10, 00, 30, 50, FF, D6, 8D, 45, F4, 50, FF, 15, 40, 10, 00, 30, 8B, 75, F8, 33, 75, F4, FF, 15, 44, 10, 00, 30, 33, F0, FF, 15, 48, 10, 00, 30, 33, F0, FF, 15, 4C, 10, 00, 30, 33, F0, 8D, 45, EC, 50, FF, 15, 50, 10, 00, 30, 8B, 45, F0, 33, 45, EC, 8B, 3D, 54, 10, 00, 30, 33, F0, 8D...
 
[+]

Code size:
5.5 KB (5,632 bytes)

Scheduled Task
Task name:
{859C699E-71F7-4B46-8E64-9D23A16F6288}

Trigger:
Registration (Runs on registration)


Shell Open Command
Open type:
wordhtmlfile

Command:
"C:\Program Files\microsoft office\office12\winword.exe"