» word.exe
Overview
Analysis
File Details
Behaviors (1)

word.exe

The executable word.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HKCU’.

File name:

word.exe

MD5:

df345071e909c6728184e52c82d81e7e

SHA-1:

4a1e92b9835f20bd6473d2c747704b346866d97c

SHA-256:

d2accf2171bffff5934b1498155d607e48e329f9536979f2d9a9f2fbb6abb0b4

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

5/5/2024 12:47:12 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Virtumod.11842

9.0.1.05190

ESET NOD32

Win32/Injector.DHVV trojan

6.3.12010.0

File size:

137.8 KB (141,152 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\office\word.exe

File PE Metadata

Compilation timestamp:

9/28/2016 4:40:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x11A8

Entry point:

68, 10, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 3F, 43, E5, CC, 00, 18, F5, 40, B5, 54, D4, 93, 5D, 6F, 32, DE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 49, 43, 4B, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, 00, 96, 2D, 62, 1C, 99, E6, 42, 8F, 89, 56, 8A, A5, DF, EF, 62, 09, EF, 8C, D2, 7A, 18, C7, 49, 87, 7F, 53, 5E, BA, C9, 2D, 13, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

100 KB (102,400 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HKCU

Command:

C:\users\{user}\appdata\roaming\office\word.exe

Remove word.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.