» nospread by slonoboyko.exe
Overview
Analysis
File Details
Downloads (1)

nospread by slonoboyko.exe

2007 Microsoft Office system

Dragon Service

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable nospread by slonoboyko.exe, “Microsoft Script Editor” has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from chunkhammer.ru.

File name:

Publisher:

Microsoft Corporation (signed by Dragon Service)

Product:

2007 Microsoft Office system

Description:

Microsoft Script Editor

Version:

12.0.6606.1000

MD5:

3e094d922f7f4efaaab8b504208e6248

SHA-1:

5ac44a589a1c1073bf4e8acfbd6d1df14674961f

SHA-256:

283367eaf2f98ebf5f60fe592a4acb9e2f4cf0e4ed27fc00f835b0d2ceb3de8f

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

1/10/2025 3:41:39 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.10.19.22

File size:

590.5 KB (604,696 bytes)

Product version:

12.0.6606.1000

Original file name:

mse.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\nospread by slonoboyko.exe

Digital Signature

Signed by:

Dragon Service

Authority:

COMODO CA Limited

Valid from:

7/11/2016 4:00:00 AM

Valid to:

7/12/2017 3:59:59 AM

Subject:

CN=Dragon Service, O=Dragon Service, STREET="street of Zelenograd, 39", L=Moscow, S=Moscow, PostalCode=125475, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A6779A3F190265247A97BACBB2FD05D7

File PE Metadata

Compilation timestamp:

8/2/2016 2:17:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:JrvDMiISOTbv2K7pJXkehmRGKpzN8d1eBMSaLR:xAxTCmpJ0ehmRn0WMSaLR

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, BC, 02, 00, 00, 53, 56, 57, C6, 85, 67, FF, FF, FF, 1D, EB, 02, CD, 4F, EB, 02, 87, F7, 68, 23, 10, 40, 00, C3, CD, 83, EB, 01, 55, 8B, C0, 68, 30, 10, 40, 00, C3, 33, DD, 68, 37, 10, 40, 00, C3, 56, EB, 02, 2B, E3, C1, E8, 00, 68, 80, 20, 49, 00, FF, 15, D8, A0, 48, 00, 68, 17, 17, 00, 00, A1, 94, 2E, 49, 00, 50, FF, 15, 44, A5, 48, 00, 85, C0, 74, 05, E8, 9D, FF, FF, FF, 8B, D2, 8B, 55, 08, 8B, D2, 89, 15, 9C, 2E, 49, 00, 89, 2D, 7C, 2E, 49, 00, 68, 61, 1E, 00, 00, 8B, 0D, 94, 2E, 49... 
[+]

Entropy:

6.8258

Developed / compiled with:

Microsoft Visual C++

Code size:

545 KB (558,080 bytes)

The file nospread by slonoboyko.exe has been seen being distributed by the following URL.

http://chunkhammer.ru/MTExNTk7aHR0cCUzQSUyRiUyRm1lZGlhLWFuZHJvaWQucnUlMkYlMjFlNTg1Y2FlMDRhMTZjNjBlOGJmYzJjZWYxODYzN2EzNmE0MjE1Mzg1NzUxNGY3ZTJmMDM2YjYzZTM2ZTM3MjRjO25hbWU9Tm9TcHJlYWQrYnkrU2xvbm9Cb3lrby5zZjtzaXplPTExMjEyODt0eXBlPWFyY2hpdmU7dXRtPWV5SnpiM1Z5WTJVaU9pSTFOelU0SWl3aWJXVmthWFZ0SWpvaUlpd2lZMkZ0Y0dGcFoyNGlPaUlpTENKMFpYSnRJam9pSWl3aVkyOXVkR1Z1ZENJNklpSjk7cmVhbF9yZWZlcmVyPTtmb3JjZV9maWxlPXRydWU=

Remove nospread by slonoboyko.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.