home

yhhq1xqbn7gr.exe

2007 Microsoft Office system

Dragon Service

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable yhhq1xqbn7gr.exe, “Microsoft Script Editor” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by Dragon Service)

Product:
2007 Microsoft Office system

Description:
Microsoft Script Editor

Version:
12.0.6606.1000

MD5:
247051043daaf59663b203be915fa972

SHA-1:
41c9f075bfdb3e59b62719cdae6d16c38f4cd5fd

SHA-256:
7e5304a9a9e73dca34b5e189661ebf8ecfcf63d6f627a8f01a5495cf574bae5a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/10/2025 3:49:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.10.16

File size:
590.5 KB (604,696 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
mse.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\yhhq1xqbn7gr.exe

Digital Signature
Signed by:
Dragon Service

Authority:
COMODO CA Limited

Valid from:
7/11/2016 3:00:00 AM

Valid to:
7/12/2017 2:59:59 AM

Subject:
CN=Dragon Service, O=Dragon Service, STREET="street of Zelenograd, 39", L=Moscow, S=Moscow, PostalCode=125475, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A6779A3F190265247A97BACBB2FD05D7

File PE Metadata
Compilation timestamp:
8/2/2016 1:17:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, BC, 02, 00, 00, 53, 56, 57, C6, 85, 67, FF, FF, FF, 1D, EB, 02, CD, 4F, EB, 02, 87, F7, 68, 23, 10, 40, 00, C3, CD, 83, EB, 01, 55, 8B, C0, 68, 30, 10, 40, 00, C3, 33, DD, 68, 37, 10, 40, 00, C3, 56, EB, 02, 2B, E3, C1, E8, 00, 68, 80, 20, 49, 00, FF, 15, D8, A0, 48, 00, 68, 17, 17, 00, 00, A1, 94, 2E, 49, 00, 50, FF, 15, 44, A5, 48, 00, 85, C0, 74, 05, E8, 9D, FF, FF, FF, 8B, D2, 8B, 55, 08, 8B, D2, 89, 15, 9C, 2E, 49, 00, 89, 2D, 7C, 2E, 49, 00, 68, 61, 1E, 00, 00, 8B, 0D, 94, 2E, 49...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
545 KB (558,080 bytes)

Remove yhhq1xqbn7gr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.