6kqnhv6c6ts6.exe

2007 Microsoft Office system

Media Skrins

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable 6kqnhv6c6ts6.exe, “Microsoft Script Editor” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by Media Skrins)

Product:
2007 Microsoft Office system

Description:
Microsoft Script Editor

Version:
12.0.6606.1000

MD5:
248c275f12b48914c0c73f12e5b26859

SHA-1:
facda1f0d6a85225e2ad70f1bd8d9a1fe8ab8f10

SHA-256:
f28f11eba995365b4c43a2d1837c7b69049340e096988fedd7dd8ab752b7650e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 4:17:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.3.4

File size:
575.5 KB (589,296 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
mse.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\6kqnhv6c6ts6.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/8/2016 2:00:00 AM

Valid to:
7/9/2017 1:59:59 AM

Subject:
CN=Media Skrins, O=Media Skrins, STREET="Sergeya Radonezhskogo, 1", L=Moscow, S=Moscowskaya, PostalCode=105120, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4306C63FF43EF33E0058941CF93B71D8

File PE Metadata
Compilation timestamp:
7/28/2016 6:32:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x5460

Entry point:
55, 8B, EC, 81, EC, BC, 02, 00, 00, 53, 56, 57, C6, 85, 67, FF, FF, FF, 1D, EB, 02, CD, 4F, EB, 02, 87, F7, 68, 83, 54, 40, 00, C3, CD, 83, EB, 01, 55, 8B, C0, 68, 90, 54, 40, 00, C3, 33, DD, 68, 97, 54, 40, 00, C3, 56, EB, 02, 2B, E3, C1, E8, 00, 68, B0, E9, 48, 00, FF, 15, 8C, 70, 48, 00, 68, 17, 17, 00, 00, A1, 54, F0, 48, 00, 50, FF, 15, EC, 71, 48, 00, 85, C0, 74, 05, E8, 9D, FF, FF, FF, 8B, 0D, 54, F0, 48, 00, 51, FF, 15, A8, 70, 48, 00, 8B, 95, 5C, FF, FF, FF, 2B, 95, 58, FF, FF, FF, 89, 95, 58, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
536 KB (548,864 bytes)

Remove 6kqnhv6c6ts6.exe - Powered by Reason Core Security