office key remover_cht.exe

Office Key Remover

Jonas Zimmermann

The application office key remover_cht.exe by Jonas Zimmermann has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
pXc-coding.com  (signed by Jonas Zimmermann)

Product:
Office Key Remover

Version:
1.0.0.7

MD5:
bc3b498e86aa9ac506f395f13c1594a1

SHA-1:
9d03ad0366e23a6822b790c96008e58233fa342f

SHA-256:
a65c850828b334f1d2aef97fdb834ea2bec8e380b6c86156ba48096df82dfeaf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 9:42:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.JonasZimmermann (M)
15.8.11.23

File size:
97.6 KB (99,928 bytes)

Product version:
1.0.0.7

Copyright:
版權所有 © pXc-coding.com

Original file name:
Office Key Remover.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\office key remover v1.0.0.7 - ??????? microsoft office office ??\office key remover_cht.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/14/2013 8:00:00 AM

Valid to:
3/15/2014 7:59:59 AM

Subject:
CN=Jonas Zimmermann, O=Jonas Zimmermann, STREET=Bellmannskamp 16, L=Lüneburg, S=Niedersachsen, PostalCode=21339, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0097B0E4EDFB699A04297A473C70575E9F

File PE Metadata
Compilation timestamp:
3/24/2013 3:19:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:ugMw3VTzgdtVCZ9taaQJGYJgMw3VTzgdtVCZ9tayhEftl:LVXgdtoZX0J9oVXgdtoZXWf3

Entry address:
0x103AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 78, 00, 00, 80, 18, 00, 00, 00, 90, 00...
 
[+]

Entropy:
6.0289

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
57 KB (58,368 bytes)

Remove office key remover_cht.exe - Powered by Reason Core Security