» mtw6.5c.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

mtw6.5c.exe

MathType 6.5c

Design Science Inc.

This is a setup program which is used to install the application. This file is installed with the program MathType 6. The file has been seen being downloaded from mathtype.jp.brothersoft.com and multiple other hosts.

File name:

mtw6.5c.exe

Publisher:

Design Science, Inc. (signed by Design Science Inc.)

Product:

MathType 6.5c

Description:

MathType for Windows version 6.5c

Version:

6.5c

MD5:

593b1c489362bea188280926105cbfb3

SHA-1:

1cbfd665e3da2a0f2c3b1536ab218a0c2beba15c

SHA-256:

4468bb374f53182d5b467ad0a351e7f1c26ed3af39767f7c540f34a1cc4171e1

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/27/2024 5:48:51 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

DOC:Attention.APT-Bait.MaliciousFile/Heur!1.9DC3

23.00.65.14219

File size:

5.2 MB (5,469,192 bytes)

Product version:

6.5c

Original file name:

stub32i.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\docs\les maths au cem\???? ??????\log\mathtype 6.5\mtw6.5c.exe

Digital Signature

Signed by:

Design Science Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/9/2008 1:00:00 AM

Valid to:

9/3/2010 12:59:59 AM

Subject:

CN=Design Science Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Design Science Inc., L=Long Beach, S=California, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

0F85F29666EA9EB593D7EA0348ABA500

File PE Metadata

Compilation timestamp:

3/27/2000 7:09:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:rJx1VCA9NBm+erW68udn8+hI3zlKFHbI4mIu7U410UNC+bHyEMBEVeLIa6zcotX:rpNBIZfhs4VA4N+TyEoEVe0QotX

Entry address:

0x83F7

Entry point:

55, 8B, EC, 6A, FF, 68, 10, 23, 41, 00, 68, 30, B5, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, E8, 21, 41, 00, 33, D2, 8A, D4, 89, 15, 30, 53, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 2C, 53, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 28, 53, 41, 00, C1, E8, 10, A3, 24, 53, 41, 00, 33, F6, 56, E8, E0, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 11, 2F, 00, 00, FF, 15, EC, 21, 41, 00, A3, E4, 68, 41, 00, E8... 
[+]

Entropy:

7.9875 (probably packed)

Code size:

68 KB (69,632 bytes)

The file mtw6.5c.exe has been discovered within the following program.

MathType 6 by Design Science, Inc.

Publisher's description - “MathType is a powerful interactive equation editor for Windows and Macintosh that lets you create mathematical notation for word processing, web pages, desktop publishing, presentations, elearning, and for TeX, LaTeX, and MathML documents.”

www.dessci.com

4% remove it

The file mtw6.5c.exe has been seen being distributed by the following 2 URLs.

http://mathtype.jp.brothersoft.com/soft-66775.download

http://www.dessci.com/en/.../MTW6.5c.exe

Scan mtw6.5c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.