EXCEL.EXE
- File Path:
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
- Description: Microsoft Excel
Screenshot
Hashes
Type | Hash |
---|---|
MD5 | 3003BFEBF21C97DEA1FAC436BABCCFFA |
SHA1 | 1319B94DB6992691A918829373E9F5139EADEE52 |
SHA256 | 00D8FCDB9E2B315BFFF3D16FFB2F50ED55A64A84BF2F0E1127BD476ADD58705F |
SHA384 | 229CA2807347AFB0D882C55CE00021600A4E046AA835E670CACF5B3C1F7B29611851549A8F5FD579AE74DB22F358F944 |
SHA512 | B2339CC34E1C45034E3776D007E6BA5F1B94DE8B1827008FBC14F1A7AF7E506B2952098E033B62B9BCAA931D29F51CB72D44064F8AFDC5A26231B52C448B065A |
SSDEEP | 786432:FL3CjxyO885kaEYAg4HV9N/+DJtste99aOjg7zznUikcvKzGri:FLSFyO885kaEYP4HVb+DJtstefa6g7cK |
IMP | 0EDEE5E175F78644C9182A41C9B960D8 |
PESHA1 | E72B55B473D77B4FAE8A45EFD3FDDE3320487491 |
PE256 | C5DA3915FA28081E6738DE32E88634E543B843DAE73D726B438DADC1DC429033 |
Runtime Data
Window Title:
Excel (Read Only)
Open Handles:
Path | Type |
---|---|
(R–) C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker | File |
(R-D) C:\Windows\Fonts\StaticCache.dat | File |
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui | File |
(R-D) C:\Windows\System32\en-US\d2d1.dll.mui | File |
(R-D) C:\Windows\System32\en-US\dnsapi.dll.mui | File |
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui | File |
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui | File |
(R-D) C:\Windows\System32\en-US\propsys.dll.mui | File |
(R-D) C:\Windows\System32\en-US\Windows.Security.Authentication.Web.Core.dll.mui | File |
(R-D) C:\Windows\System32\en-US\winnlsres.dll.mui | File |
(R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui | File |
(RW-) C:\Users\user\Documents | File |
(RW-) C:\Windows | File |
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 | File |
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94 | File |
(RWD) C:\Windows\Fonts | File |
(RWD) C:\Windows\Fonts\segoeui.ttf | File |
\BaseNamedObjects__ComCatalogCache__ | Section |
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000a.db | Section |
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
\BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 | Section |
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
\BaseNamedObjects\windows_shell_global_counters | Section |
\Sessions\1\BaseNamedObjects\10FM_ACB_S-1-5-5-0-257318 | Section |
\Sessions\1\BaseNamedObjects\10FM_ACBBD_S-1-5-5-0-257318 | Section |
\Sessions\1\BaseNamedObjects\1958HWNDInterface:75031c | Section |
\Sessions\1\BaseNamedObjects\UrlZonesSM_user | Section |
\Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
\Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 | Section |
\Sessions\1\Windows\Theme64749523 | Section |
\Windows\Theme1120315852 | Section |
Loaded Modules:
Path |
---|
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
C:\Windows\SYSTEM32\ntdll.dll |
C:\Windows\System32\wow64.dll |
C:\Windows\System32\wow64cpu.dll |
C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000002CE7C9ACE7D905ED2B70000000002CE
- Thumbprint:
B10607FB914700B40F794610850C1DE0A21566C1
- Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: Excel.exe
- Product Name: Microsoft Office
- Company Name: Microsoft Corporation
- File Version: 16.0.12527.20482
- Product Version: 16.0.12527.20482
- Language: Language Neutral
- Legal Copyright:
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/00d8fcdb9e2b315bfff3d16ffb2f50ed55a64a84bf2f0e1127bd476add58705f/detection/
Possible Misuse
The following table contains possible examples of EXCEL.EXE
being misused. While EXCEL.EXE
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.