Windows Analysis Report
OlympusViewer-win2-4-1.exe

Overview

General Information

Sample name: OlympusViewer-win2-4-1.exe
Analysis ID: 1427879
MD5: 19ec441c0bfa8e22aae49acefe0ed8a6
SHA1: b691145b15142206e66c57401d7212448d296ce5
SHA256: aa268da45a8cfdb6848e516b6ffdb2b0c1b07c91d5f8860c7dca8f0e34282cee

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains executable resources (Code or Archives)
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: OlympusViewer-win2-4-1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Window detected: Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.EVIDENT END-USER LICENSE AGREEMENTAll titles and copyrights of the Software and the Manual (collectively called as gSoftwareh and if referring only to Manual or others called as gManualh) included in this program are owned by EVIDENT CORPORATION ("EVIDENT") and/or its licensors. The Software is also protected by copyright laws and other intellectual property laws and treaties. The Software is to be licensed not to be sold. The Software may include (i) some open source software and (ii) other third party software (collectivelly "Third Party Software"). Regarding the use of the Third Party Software you shall follow the license terms and conditions applied to such Third Party Software. Any part of this Agreement does not restrict change or alter any of your rights and obligations imposed by the license terms and conditions of the Third Party Software. EVIDENT grants to you a non-exclusive license to use the Software on the computer provided that you agree to the terms and conditions of this agreement. It is regarded that you agree to all provisions of this Agreement when you install the Software. Please read this Agreement carefully before installing the Software. If you do not agree to this Agreement you cannot install the Software. The descriptions in this Agreement may be changed by prior notice through this site. Also EVIDENT may modify stop or discontinue this site service without prior notice to you. Section 1 (Software)The Software may be modified by EVIDENT or its licensors for correcting bugs upgrading or any other purposes without any prior notice. After modifications are made only the modified Software is regarded as the Software under this Agreement and you may not use the Software before modification. Section 2 (Rental and Transfer)You may not rent or sublicense the Software or any of its copy. You may however transfer all of your rights under this Agreement provided you transfer all of the Software without retaining any copy and the recipient agrees to the terms and conditions of this Agreement.Section 3 (Restrictions)(1) You may not sell a whole or part of the Software without EVIDENTf written approval. (2) Unless otherwise provided in this Agreement or the Manual you may not make any copy of the Software without EVIDENTf approval other than backup purposes.(3) Unless otherwise provided in this Agreement or the Manual you may not create transfer sell or rent any derivative work of the Software.(4) You may not reverse engineer decompile disassemble or print out any part of the Software. (5) You agree that Software is subject to the export control laws and regulations of Japan U.S.A. and other countries.(6) You may not delete any copyright warning and other notices on the Software.(7) You may not alter or adapt a whole or part of the Software without EVIDENTf written approval. Section 4 (Waiver)(1) THE SOFTWARE IS PROVIDED TO Y
Source: Binary string: wextract.pdb source: OlympusViewer-win2-4-1.exe
Source: Binary string: wextract.pdbU source: OlympusViewer-win2-4-1.exe
PE file contains executable resources (Code or Archives)
Source: OlympusViewer-win2-4-1.exe Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 81872744 bytes, 1 file, at 0x2c +A "OlympusViewer-package.zip", ID 2533, number 1, 2589 datablocks, 0x1503 compression
Uses 32bit PE files
Source: OlympusViewer-win2-4-1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean0.winEXE@1/0@0/0
Source: OlympusViewer-win2-4-1.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Automated click: OK
Source: C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe Window detected: Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.EVIDENT END-USER LICENSE AGREEMENTAll titles and copyrights of the Software and the Manual (collectively called as gSoftwareh and if referring only to Manual or others called as gManualh) included in this program are owned by EVIDENT CORPORATION ("EVIDENT") and/or its licensors. The Software is also protected by copyright laws and other intellectual property laws and treaties. The Software is to be licensed not to be sold. The Software may include (i) some open source software and (ii) other third party software (collectivelly "Third Party Software"). Regarding the use of the Third Party Software you shall follow the license terms and conditions applied to such Third Party Software. Any part of this Agreement does not restrict change or alter any of your rights and obligations imposed by the license terms and conditions of the Third Party Software. EVIDENT grants to you a non-exclusive license to use the Software on the computer provided that you agree to the terms and conditions of this agreement. It is regarded that you agree to all provisions of this Agreement when you install the Software. Please read this Agreement carefully before installing the Software. If you do not agree to this Agreement you cannot install the Software. The descriptions in this Agreement may be changed by prior notice through this site. Also EVIDENT may modify stop or discontinue this site service without prior notice to you. Section 1 (Software)The Software may be modified by EVIDENT or its licensors for correcting bugs upgrading or any other purposes without any prior notice. After modifications are made only the modified Software is regarded as the Software under this Agreement and you may not use the Software before modification. Section 2 (Rental and Transfer)You may not rent or sublicense the Software or any of its copy. You may however transfer all of your rights under this Agreement provided you transfer all of the Software without retaining any copy and the recipient agrees to the terms and conditions of this Agreement.Section 3 (Restrictions)(1) You may not sell a whole or part of the Software without EVIDENTf written approval. (2) Unless otherwise provided in this Agreement or the Manual you may not make any copy of the Software without EVIDENTf approval other than backup purposes.(3) Unless otherwise provided in this Agreement or the Manual you may not create transfer sell or rent any derivative work of the Software.(4) You may not reverse engineer decompile disassemble or print out any part of the Software. (5) You agree that Software is subject to the export control laws and regulations of Japan U.S.A. and other countries.(6) You may not delete any copyright warning and other notices on the Software.(7) You may not alter or adapt a whole or part of the Software without EVIDENTf written approval. Section 4 (Waiver)(1) THE SOFTWARE IS PROVIDED TO Y
Source: OlympusViewer-win2-4-1.exe Static file information: File size 81938432 > 1048576
Source: OlympusViewer-win2-4-1.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x4e1b800
Source: OlympusViewer-win2-4-1.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wextract.pdb source: OlympusViewer-win2-4-1.exe
Source: Binary string: wextract.pdbU source: OlympusViewer-win2-4-1.exe
Source: OlympusViewer-win2-4-1.exe Binary or memory string: GHGfS
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1427879 Sample: OlympusViewer-win2-4-1.exe Startdate: 18/04/2024 Architecture: WINDOWS Score: 0 4 OlympusViewer-win2-4-1.exe 2->4         started       
No contacted IP infos