HitmanPro-20160906-1844.log

Document joint : FIgsrhfCGDZ_HitmanPro-20160906-1844.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

ÿþ[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

Computer name . . . . : BOUCIF-A1F2C55C
Windows . . . . . . . : 5.1.2.2600.X86/2
User name . . . . . . : BOUCIF-A1F2C55C\Administrateur
License . . . . . . . : Free

Scan date . . . . . . : 2016-09-06 18:59:10
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 53s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 11
Traces . . . . . . . : 110

Objects scanned . . . : 442,837
Files scanned . . . . : 22,230
Remnants scanned . . : 61,395 files / 359,212 keys

Miniport ____________________________________________________________________

Primary
DriverObject . . . : 871CA9C8
DriverName . . . . : \Driver\atapi
DriverPath . . . . : atapi.sys
StartIo . . . . . : F6E747C6 atapi.sys+30662
IRP_MJ_SCSI . . . : 871681F8 +0
Cloud failed

Malware _____________________________________________________________________

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Temp\nsm15.tmp\MusicAppHelper.dll
Size . . . . . . . : 1,792,712 bytes
Age . . . . . . . : 486.2 days (2015-05-09 13:08:09)
Entropy . . . . . : 6.6
SHA-256 . . . . . : E0EF2B73CA9C6C9DBD0D2CFE71F0320D41AD47DCBFB669C278CF94CFFDE33E07
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.SearchSuite.n
Fuzzy . . . . . . : 99.0

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Temp\nsu197.tmp\Helper.dll
Size . . . . . . . : 2,159,304 bytes
Age . . . . . . . : 629.1 days (2014-12-17 15:44:02)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 938FF41E3CEA3A8D195FFF6CEA5DBCCE18C6B49CC3C605AC1A8C46D988D2A07C
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.SearchSuite.N
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.SearchSuite.n
Fuzzy . . . . . . : 99.0

C:\Program Files\InstallShield Installation Information\{AAC8AF92-DAEC-45D2-B77D-36699E3751A9}\Setup.exe
Size . . . . . . . : 166,912 bytes
Age . . . . . . . : 1533.0 days (2012-06-26 17:58:21)
Entropy . . . . . : 4.9
SHA-256 . . . . . : A295BF90F993E2A3563E72C95CFE1FA0CBB5E4ED5F72181C07847C22C57D3CC3
Product . . . . . : InstallShield (R)
Publisher . . . . : InstallShield Software Corporation
Description . . . : InstallShield (R) Setup Launcher
Version . . . . . : 6.30.100.1255
Copyright . . . . : Copyright (C) 1990-2001 InstallShield Software Corporation
LanguageID . . . . : 1033
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 105.0
References
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Eidos Interactive\Praetorians\Désinstaller Praetorians.lnk

C:\Program Files\Microsoft Office\Office12\CLVIEW.EXE
Size . . . . . . . : 205,824 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:42:43)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 3A31FAC4E7709BCF9C407325CB11255DCA2BE0A484DD5BA4698A98CC127CC893
Product . . . . . : Microsoft Office Help Viewer
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Office Help Viewer
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> Bitdefender . . . : Gen:Variant.Symmi.28612
Fuzzy . . . . . . : 133.0

C:\Program Files\Microsoft Office\Office12\DSSM.EXE
Size . . . . . . . : 107,008 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:42:47)
Entropy . . . . . : 6.6
SHA-256 . . . . . : D1A0D477578364323A79205A742308B46C192908BD17FE33BD6B2CBD82C6690F
Product . . . . . : Microsoft Office Document Update Utility
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Office Document Update Utility
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 137.0

C:\Program Files\Microsoft Office\Office12\GRAPH.EXE
Size . . . . . . . : 2,526,720 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:42:55)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 5EA02D6F097EC47A96AE61FD9AC51916BD5F5EF1CDF6DBDED2F10E42B0A54C64
Product . . . . . : 2007 Microsoft Office system
Publisher . . . . : Microsoft Corporation
Description . . . : 2007 Microsoft Office component
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 137.0

C:\Program Files\Microsoft Office\Office12\MSOHTMED.EXE
Size . . . . . . . : 68,096 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:43:13)
Entropy . . . . . : 6.3
SHA-256 . . . . . : ABFF83E12EB575B1A47517965827EA3C2449C2148D87C4F80CEC28FC329C6FB8
Product . . . . . : 2007 Microsoft Office system
Publisher . . . . : Microsoft Corporation
Description . . . : 2007 Microsoft Office component
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 133.0

C:\Program Files\Microsoft Office\Office12\MSTORDB.EXE
Size . . . . . . . : 833,024 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:42:56)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 1BB69E1F0FC227FB08EBAE4487C72A7ADEBDA79F7A237167BFBD72C0D702E6E3
Product . . . . . : Microsoft Clip Organizer
Publisher . . . . : Microsoft Corporation
Description . . . : Media Catalog Object
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> Bitdefender . . . : Gen:Variant.Symmi.15765
Fuzzy . . . . . . : 133.0

C:\Program Files\Microsoft Office\Office12\SELFCERT.EXE
Size . . . . . . . : 503,808 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:43:13)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 37463B21F33AEAED6F9529D16A449A9DBC06ED0958A80145A0BEF7C98BF6C821
Product . . . . . : SelfCert
Publisher . . . . : Microsoft Corporation
Description . . . : Create a self-signed digital certificate
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 134.0

C:\Program Files\Microsoft Office\Office12\VPREVIEW.EXE
Size . . . . . . . : 33,280 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:43:34)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 9935D63A6906E29F2C511C16F1F9BBB1240AFD67BBFA7FC5FDF4032EAE155DF8
Product . . . . . : 2007 Microsoft Office system
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Office Visio Previewer
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
> Bitdefender . . . : Gen:Variant.Symmi.15719
Fuzzy . . . . . . : 133.0

D:\shamela\bin\shamela.exe
Size . . . . . . . : 6,606,848 bytes
Age . . . . . . . : 418.0 days (2015-07-16 19:28:59)
Entropy . . . . . : 6.2
SHA-256 . . . . . : BF5560E13D4226211DBAEB7C7506ED75CABA7CB81104A210D98828E34AF26BE7
Product . . . . . : 'DEC*() 'D4'ED)
Publisher . . . . : Http://www.shamela.ws
Version . . . . . : 3.61
LanguageID . . . . : 1033
> Bitdefender . . . : Trojan.Generic.11567568
Fuzzy . . . . . . : 100.0
References
HKU\S-1-5-21-1292428093-117609710-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\shamela\bin\shamela.exe

Suspicious files ____________________________________________________________

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\11608\AcrobatUpdater.exe
Size . . . . . . . : 353,280 bytes
Age . . . . . . . : 1373.4 days (2012-12-03 08:35:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 7D1677C57C80017BAE0B17CD914A1343D120E953E38FB06BF4CD973524507F67
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\11987\AcrobatUpdater.exe
Size . . . . . . . : 353,280 bytes
Age . . . . . . . : 1373.4 days (2012-12-03 08:35:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 7D1677C57C80017BAE0B17CD914A1343D120E953E38FB06BF4CD973524507F67
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\11987\AdobeARM.exe
Size . . . . . . . : 946,688 bytes
Age . . . . . . . : 1373.4 days (2012-12-03 08:35:28)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 91ECBBDC264C4ED47C73E15E58FF5F552E5A71D571621E075AE15C32D77EEAE2
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.2.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\11987\AdobeARMHelper.exe
Size . . . . . . . : 353,280 bytes
Age . . . . . . . : 1373.4 days (2012-12-03 08:35:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 7D1677C57C80017BAE0B17CD914A1343D120E953E38FB06BF4CD973524507F67
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\11987\ReaderUpdater.exe
Size . . . . . . . : 353,280 bytes
Age . . . . . . . : 1373.4 days (2012-12-03 08:35:28)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 7D1677C57C80017BAE0B17CD914A1343D120E953E38FB06BF4CD973524507F67
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\1343\AcrobatUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\1343\AdobeARM.exe
Size . . . . . . . : 958,976 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 15F96167DA98C92BC19ABFA4642240AAC7D837126D6F86B81263BBAC9B7C0D06
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.4.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\1343\AdobeARMHelper.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\1343\ReaderUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\15479\AcrobatUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\15479\AdobeARM.exe
Size . . . . . . . : 958,976 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 15F96167DA98C92BC19ABFA4642240AAC7D837126D6F86B81263BBAC9B7C0D06
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.4.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\15479\AdobeARMHelper.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\15479\ReaderUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6284\AcrobatUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6284\AdobeARM.exe
Size . . . . . . . : 958,976 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 15F96167DA98C92BC19ABFA4642240AAC7D837126D6F86B81263BBAC9B7C0D06
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.4.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6284\AdobeARMHelper.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6284\ReaderUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6852\AcrobatUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6852\AdobeARM.exe
Size . . . . . . . : 958,976 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 15F96167DA98C92BC19ABFA4642240AAC7D837126D6F86B81263BBAC9B7C0D06
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.4.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6852\AdobeARMHelper.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\6852\ReaderUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\8495\AcrobatUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\8495\AdobeARM.exe
Size . . . . . . . : 958,976 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 15F96167DA98C92BC19ABFA4642240AAC7D837126D6F86B81263BBAC9B7C0D06
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.4.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\8495\AdobeARMHelper.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\8495\ReaderUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\9856\AcrobatUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\9856\AdobeARM.exe
Size . . . . . . . : 958,976 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 15F96167DA98C92BC19ABFA4642240AAC7D837126D6F86B81263BBAC9B7C0D06
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.7.4.0
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\9856\AdobeARMHelper.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\9856\ReaderUpdater.exe
Size . . . . . . . : 354,304 bytes
Age . . . . . . . : 1250.9 days (2013-04-04 22:06:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : DC4C1EE2A6C364CCE40639341721D54D97B4EEC5C3F1D1D8A2EC5982B6E42469
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.8\30247\AcrobatUpdater.exe
Size . . . . . . . : 343,040 bytes
Age . . . . . . . : 963.3 days (2014-01-17 12:41:08)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2EF2A0BD8E673DFF2EB609241D65CF09022A236951F5CBB2B4CB190D5971DCDA
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.8\30247\AdobeARM.exe
Size . . . . . . . : 960,000 bytes
Age . . . . . . . : 963.3 days (2014-01-17 12:41:08)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D58BE6C38DCB87530577CF78341A0BD1C55274738D2D28B4E847335E7F74B88A
Product . . . . . : Adobe Reader and Acrobat Manager
Publisher . . . . : Adobe Systems Incorporated
Description . . . : Adobe Reader and Acrobat Manager
Version . . . . . : 1.701.3.3014
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 31.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.8\30247\AdobeARMHelper.exe
Size . . . . . . . : 343,040 bytes
Age . . . . . . . : 963.3 days (2014-01-17 12:41:08)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2EF2A0BD8E673DFF2EB609241D65CF09022A236951F5CBB2B4CB190D5971DCDA
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.8\30247\ReaderUpdater.exe
Size . . . . . . . : 343,040 bytes
Age . . . . . . . : 963.3 days (2014-01-17 12:41:08)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2EF2A0BD8E673DFF2EB609241D65CF09022A236951F5CBB2B4CB190D5971DCDA
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Program Files\Microsoft Office\Office12\ACCICONS.EXE
Size . . . . . . . : 1,165,824 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:42:44)
Entropy . . . . . : 6.7
SHA-256 . . . . . : F1DDB366FA26EF6606E078F1914FA9B01ED96CBA15036A1526D877914917B11F
Product . . . . . : 2007 Microsoft Office system
Publisher . . . . : Microsoft Corporation
Description . . . : 2007 Microsoft Office component
Version . . . . . : 12.0.4518.1014
Copyright . . . . : © 2006 Microsoft Corporation. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
File belongs to an identified security risk.
The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Program Files\Microsoft Office\Office12\MSQRY32.EXE
Size . . . . . . . : 672,256 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:43:21)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 72A9C3E00A214752F8210F5A1C84953204302C5AC7E7C94852A699C0AD483779
Product . . . . . : 2007 Microsoft Office system
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Query
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 37.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
File belongs to an identified security risk.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Program Files\Microsoft Office\Office12\MSTORE.EXE
Size . . . . . . . : 145,920 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:42:56)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 5DEC88020941C98162256569CB979BAE017B4A02644A0045B21D8ED1B6D66B11
Product . . . . . : Microsoft Clip Organizer
Publisher . . . . : Microsoft Corporation
Description . . . : Clip Organizer
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 33.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
File belongs to an identified security risk.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\Program Files\Microsoft Office\Office12\OIS.EXE
Size . . . . . . . : 274,944 bytes
Age . . . . . . . : 3603.0 days (2006-10-26 20:00:08)
Entropy . . . . . : 6.0
SHA-256 . . . . . : A74916CCA3D4D520877F22BAD3E812C49F09AF5A7D170021B7BA64B83DB11811
Product . . . . . : Microsoft Office Picture Manager
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Office Picture Manager
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 27.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.
References
HKU\S-1-5-21-1292428093-117609710-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\MICROS~2\Office12\OIS.EXE

C:\Program Files\Microsoft Office\Office12\SETLANG.EXE
Size . . . . . . . : 34,304 bytes
Age . . . . . . . : 1441.0 days (2012-09-26 18:43:14)
Entropy . . . . . : 6.3
SHA-256 . . . . . : F2972C0E36FFEC5F000546761E301C5D6CB81C7AC409DC71902E6A3868B0FD8F
Product . . . . . : 2007 Microsoft Office system
Publisher . . . . : Microsoft Corporation
Description . . . : 2007 Microsoft Office component
Version . . . . . : 12.0.4518.1014
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 33.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
File belongs to an identified security risk.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file appears to be part of an installation package or setup program. This is typical for most programs.

C:\WINDOWS\system32\runouce.exe
Size . . . . . . . : 4,096 bytes
Age . . . . . . . : 437.3 days (2015-06-27 12:16:54)
Entropy . . . . . : 0.5
SHA-256 . . . . . : D7C8F639C520EF4961B4A66D68FAD5D3B9EB406EB281C87B6E743DEA66F044C4
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
The hidden file attribute bit is set. This is not common to most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

[/code]

Signaler le contenu de ce document