home

dwtrig20.exe

Watson Subscriber for SENS Network Notifications

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Watson Subscriber for SENS Network Notifications

Version:
12.0.4518.1014

MD5:
29e177c7bb7343f365f12ad9a8af4c48

SHA-1:
116569c0e97853f01a2bd1c2c8b5a9c0c8e1c6b3

SHA-256:
197fc8bbd50333cde901ca625937407b6c11a393d019dfe56fcee17719f1053c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/27/2024 3:37:44 PM UTC  (today)

File size:
424.3 KB (434,528 bytes)

Product version:
12.0.4518.1014

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
dwtrig20.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\office\office.en-us\dwtrig20.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/4/2006 3:43:46 PM

Valid to:
10/4/2007 3:53:46 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
10/26/2006 10:47:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:cUTxxIXB0iS0GaYApLhTrKUfdOtvHtKrr4Kdyj7XKUTa8m23d7KJqKWMJcjo+eCO:cUtNL8YcL5YHaI7XHgZQKhJgeCmdN

Entry address:
0x30E08

Entry point:
E8, 11, F7, FF, FF, E9, 9E, FD, FF, FF, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 8E, 16, 03, 30, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 0C, 07, 00, 00, F6, C3, 01, 74, 07, 57, E8, CB, E8, FE, FF, 59, 8B, C7, 5F, EB, 13, E8, 46, 08, 00, 00, F6, C3, 01, 74, 07, 56, E8, B5, E8, FE, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, FF, 25, BC, 10, 00, 30, FF, 25, B4, 10, 00, 30, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24...
 
[+]

Entropy:
7.2941

Code size:
209.5 KB (214,528 bytes)

The file dwtrig20.exe has been seen being distributed by the following 11 URLs.

ftp://172.24.1.22/downloads/Office 2007/.../dwtrig20.exe

ftp://192.168.200.1/Software/Office2007Br/.../DWTRIG20.EXE

http://online.b1.org/rest/online/download/office 2007.rar/office 2007/.../dwtrig20.exe

ftp://10.4.15.111/Software/Microsoft Products/MS Office 2007 Enterprise Edition/.../dwtrig20.exe

http://site.majesticeagleknives.net/download/MicrosoftOffice/.../dwtrig20.exe

https://drive.google.com/uc?id=0Bz2adO8bcWheMlVPajdoeWZWaE0&export=download

ftp://192.168.12.100/Microsoft.Office.2007.Enterprise.SP2.Integrated-GROUPNAMEHERE/.../dwtrig20.exe

ftp://10.23.123.8/Standart App/MS Office 2007 x/.../dwtrig20.exe

ftp://10.0.71.99/software/office 2007/.../dwtrig20.exe

ftp://192.168.2.254/mnt/dysk/ftpuser/programy/office 2007/.../dwtrig20.exe

about:internet

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.