home

mazhor 1 sezon 2014 s ino.exe

Microsoft Office Outlook

Era Tehno

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable mazhor 1 sezon 2014 s ino.exe, “Microsoft Office Outlook OST Integrity Check” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from licence-rapidly.ru.
Publisher:
Microsoft Corporation  (signed by Era Tehno)

Product:
Microsoft Office Outlook

Description:
Microsoft Office Outlook OST Integrity Check

Version:
12.0.6606.1000

MD5:
26be16ededceed42a4d67fd9862cf3f9

SHA-1:
8448c8808a67f21372679c6fa2f320e122ff3963

SHA-256:
8a90c1615a4d45907f86a4e7887ab71f22a802da2ab8a55e23869ed508d895b5

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/6/2024 6:40:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.24.0

File size:
875.5 KB (896,488 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
ScanOST.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mazhor 1 sezon 2014 s ino.exe

Digital Signature
Signed by:
Era Tehno

Authority:
COMODO CA Limited

Valid from:
6/14/2016 10:00:00 AM

Valid to:
6/15/2017 9:59:59 AM

Subject:
CN=Era Tehno, O=Era Tehno, STREET="KIROVOGRADSKAJa Street, Building 42", L=Moscow, S=Moscow, PostalCode=117534, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
69A05FDE494793353A4495A3D4440917

File PE Metadata
Compilation timestamp:
7/12/2016 4:24:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, 10, 04, 00, 00, 68, 74, 14, 00, 00, A1, 94, 8A, 4D, 00, 50, FF, 15, 74, 35, 4B, 00, 85, C0, 74, 0A, E8, AD, 04, 00, 00, E8, D8, FF, FF, FF, FF, 15, 90, 35, 4B, 00, 8B, 4D, E0, 2B, 4D, C8, 89, 4D, E4, 8B, 55, F8, 03, 55, F4, 89, 55, F8, 8B, 45, E0, 8B, 4D, E0, D3, E8, 89, 45, F8, 8B, 4D, DC, 81, C1, DD, 56, 00, 12, 89, 4D, C8, 8B, 55, F0, 8B, 4D, D8, D3, EA, 89, 55, F4, FF, 15, 78, 34, 4B, 00, 8B, 45, C8, 50, FF, 15, 38, 35, 4B, 00, 8B, 4D, D4, 51, FF, 15, B0, 31, 4B, 00, 8B, 55, E4, 0F...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
709 KB (726,016 bytes)

The file mazhor 1 sezon 2014 s ino.exe has been seen being distributed by the following URL.

http://licence-rapidly.ru/MTE1ODE7aHR0cCUzQSUyRiUyRnRvMTEucnUlMkZwcm9maXQlMkZ0b3JyZW50JTJGX01hemhvci4tU0FUUmlwLnRvcnJlbnQ7bmFtZT1NYXpob3IrMStzZXpvbisyMDE0K3MraW5vO3NpemU9NDUwNDY7dHlwZT10b3JyZW50

Remove mazhor 1 sezon 2014 s ino.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.