home

ghost master the gravenville chronicles rus tfile me torrent.exe

Microsoft Office Help Viewer

Media Skrins

The executable ghost master the gravenville chronicles rus tfile me torrent.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Mi crosoft Corporation  (signed by Media Skrins)

Product:
Microsoft Office Help Viewer

Version:
12.0.6606.1000

MD5:
6e68ba7ac45388028050016d8dbc80d9

SHA-1:
fca51918cff038e5daad1d6a2419d9df83f7649d

SHA-256:
82c66f27f94fd5b1928124873973c084f02658428d13891ab2d9b4890bcc2cd4

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 11:05:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.13.20

File size:
920 KB (942,096 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
clview.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ghost master the gravenville chronicles rus tfile me torrent.exe

Digital Signature
Signed by:
Media Skrins

Authority:
COMODO CA Limited

Valid from:
7/8/2016 5:00:00 AM

Valid to:
7/9/2017 4:59:59 AM

Subject:
CN=Media Skrins, O=Media Skrins, STREET="Sergeya Radonezhskogo, 1", L=Moscow, S=Moscowskaya, PostalCode=105120, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4306C63FF43EF33E0058941CF93B71D8

File PE Metadata
Compilation timestamp:
7/23/2016 12:41:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, E8, 03, 00, 00, 8B, 45, DC, 8B, 4D, DC, D3, E0, 89, 45, DC, 68, 4C, 00, 4D, 00, FF, 15, 28, D0, 49, 00, 68, 64, 00, 4D, 00, 6A, 00, FF, 15, 34, D0, 49, 00, 68, CA, 14, 00, 00, 8B, 0D, 34, DE, 4D, 00, 51, FF, 15, 40, D0, 49, 00, 85, C0, 74, 07, 33, C0, E9, 4B, 02, 00, 00, 8B, 55, D0, C1, E2, D0, 89, 55, C4, 8B, 45, D4, 8B, 4D, C8, D3, E0, 89, 45, CC, 8B, 4D, C0, C1, E9, 6C, 89, 4D, C8, FF, 15, 14, D0, 49, 00, 6A, 00, FF, 15, 18, D0, 49, 00, 8B, 55, C4, C1, E2, 47, 89, 55, BC, 8B, 45, D4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
623.5 KB (638,464 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.