home

openal32.exe

2007 Microsoft Office system

Media Skrins

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable openal32.exe, “Microsoft Script Editor” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by Media Skrins)

Product:
2007 Microsoft Office system

Description:
Microsoft Script Editor

Version:
12.0.6606.1000

MD5:
0e9ddeb076ad987fef5e86406479ceae

SHA-1:
b8568b1b8c4224d3aae2abb088a60db3f5b60850

SHA-256:
c86072d9b628e66bed0803a0abedae99f3a5aa76eb22673ad5e233cfed611e17

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 10:42:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.10.8

File size:
575.5 KB (589,328 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
mse.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\openal32.exe

Digital Signature
Signed by:
Media Skrins

Authority:
COMODO CA Limited

Valid from:
7/8/2016 3:00:00 AM

Valid to:
7/9/2017 2:59:59 AM

Subject:
CN=Media Skrins, O=Media Skrins, STREET="Sergeya Radonezhskogo, 1", L=Moscow, S=Moscowskaya, PostalCode=105120, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4306C63FF43EF33E0058941CF93B71D8

File PE Metadata
Compilation timestamp:
8/1/2016 3:50:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x15A0

Entry point:
55, 8B, EC, 81, EC, BC, 02, 00, 00, 53, 56, 57, C6, 85, 67, FF, FF, FF, 1D, EB, 02, CD, 4F, EB, 02, 87, F7, 68, C3, 15, 40, 00, C3, CD, 83, EB, 01, 55, 8B, C0, 68, D0, 15, 40, 00, C3, 33, DD, 68, D7, 15, 40, 00, C3, 56, EB, 02, 2B, E3, C1, E8, 00, 68, 40, E1, 48, 00, FF, 15, 30, 61, 48, 00, 68, 17, 17, 00, 00, A1, 94, ED, 48, 00, 50, FF, 15, 44, 65, 48, 00, 85, C0, 74, 05, E8, 9D, FF, FF, FF, 8B, D2, 8B, 55, 08, 8B, D2, 89, 15, 9C, ED, 48, 00, 89, 2D, 7C, ED, 48, 00, 68, 61, 1E, 00, 00, 8B, 0D, 94, ED, 48...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
530.5 KB (543,232 bytes)

Remove openal32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.