res - elc230 - d1im1103c - 121015.exe

XLtoEXE

Orlando's VBA and Excel Site

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0k-9s-docs.googleusercontent.com.
Publisher:
Orlando's VBA and Excel Site

Product:
XLtoEXE

Description:
Excel application converted by XLtoEXE utility.

Version:
2.00.0005

MD5:
e22ce48b1e24f04370ecdd803fc4e94c

SHA-1:
e172ec1b29f5b6c55316cd9b3ca1f1888c20310f

SHA-256:
a8e5c406f561f2ea91dd8ed16cfc3cc05d33b279d7fb1e0e742cd1c3b7d7ee62

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 7:38:54 PM UTC  (today)

File size:
695.5 KB (712,228 bytes)

Product version:
2.00.0005

Copyright:
Copyright © 2003-2013 Fco Orlando Magalhaes Filho. All rights reserved.

Trademarks:
Microsoft® Excel® is a registered trademark of Microsoft Corporation.

Original file name:
XLtoEXE.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\res - elc230 - d1im1103c - 121015.exe

File PE Metadata
Compilation timestamp:
8/1/2013 2:52:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sRXToTh2bJjCXlY6e2Ht5n8NKfnwY93tlE3MNJ8eL6RFTiZuuVq01Je:sRDM2lIxe2N5TltlWoJ8LRFTiZuuVqEe

Entry address:
0x1BD0

Entry point:
68, F8, 1D, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 38, 00, 00, 00, A1, 40, 86, 60, 57, F4, 5D, 4C, A0, 42, 73, 74, C1, 62, 2C, 46, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 20, A2, FB, 00, 58, 4C, 74, 6F, 45, 58, 45, 00, 54, 6F, 20, 63, 6F, 6E, 76, 65, 72, 74, 20, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 20, 45, 78, 63, 65, 6C, 20, 66, 69, 6C, 65, 73, 20, 74, 6F, 20, 45, 58, 45, 2E, 00, C1, 40, 00, D8, C0, 40, 00, 00, 00, 00, 00, 01, 00, 01, 00, 04, 22, 40, 00...
 
[+]

Entropy:
7.8986

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
48 KB (49,152 bytes)

The file res - elc230 - d1im1103c - 121015.exe has been seen being distributed by the following URL.

Scan res - elc230 - d1im1103c - 121015.exe - Powered by Reason Core Security