home

installer_microsoft_office_2010_spanish.exe

Tunorobemo

Bem

The application installer_microsoft_office_2010_spanish.exe, “Tunorobemo Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.clearsharechuckle.com.
Publisher:
Bem

Product:
Tunorobemo

Description:
Tunorobemo Setup

Version:
3.2.1.7

MD5:
85f102fbc5b0ccb6e0a1bc3188422ba5

SHA-1:
bcf74ab420a91ea205331b71e0a13a512f9a1771

SHA-256:
ea16ac38c8ce5ff19f2e1f221f1855803698abf5dee1b2d81027530b61ab3cdd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 12:21:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler (M)
16.9.25.21

File size:
1.1 MB (1,106,128 bytes)

Product version:
2.1.0

Copyright:
Installer

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\installer_microsoft_office_2010_spanish.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:pC7/tbxCOOmBWN77+UtRzEJYabTZ8NKg9izYbTv6vRmxyu:pmFNYNeUthExPSNwoeg

Entry address:
0xA5F8

Entry point:
76, 0C, 15, 1F, CC, BC, 64, BB, 82, 73, 34, 46, FF, C7, 0F, B6, F5, 88, CB, C7, C7, EA, 65, 27, DD, F6, C1, C0, 87, ED, FE, CC, C6, C7, B9, C6, C1, 58, 69, DB, 0A, 2A, DB, FD, 84, E1, 49, FE, C2, E8, 26, 00, 00, 00, C6, C3, 22, 0F, AF, DF, 15, 76, 13, 55, EE, 02, C7, 8B, DF, 89, F0, 2C, DB, 8D, 0D, 0A, 18, 00, 00, 0F, AF, C6, B3, 08, B4, 68, 81, E9, 3F, 05, 00, 00, 0F, BE, DF, 8A, C1, 81, FA, B0, E6, 00, 00, 74, 03, 84, CF, 42, BF, 5A, 38, 00, 00, 81, F9, 6D, 1E, 00, 00, 78, 0C, F7, C2, 23, 6E, 0E, 19, 80...
 
[+]

Entropy:
7.9377  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file installer_microsoft_office_2010_spanish.exe has been seen being distributed by the following URL.

http://www.clearsharechuckle.com/WVl6OTRQVmxPVERoSFpHWnVKVEpDWkhSMll6VkVUekY2ZFVGdWVHVjBVbkYzWlhac1pVcEtiRTluVlhjM1ltaDBjeVV6UkNaalBWRkhhSGxUT1U1cVNuQnVOa1Y1VVZsQ1ZuTjZXazlZYVVwc2VGZG1lWEp6ZDBKd1oxaDFkMUZDVlVKYU5GSTFKVEpDWlVSTFJFTmlkR3BxWVZweEpUSkdZVEZsYjA1QlJWTk1kV1F6WjNJd05tNXBlbVl6ZG1aWUpUSkNURnBYV1U4eFVYSnlOeVV5UmxSQlZIbzRTRzFUU21JeGRHaENWR2hYTjJsd2FHcHZKVEpHYkc1RVNEaFhaeVprYjNkdWJHOWhaRUZ6UFdsdWMzUmhiR3hsY2w5dGFXTnliM052Wm5SZmIyWm1hV05sWHpJd01UQmZVM0JoYm1semFDNWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1o0Yld4cGJuTjBZM0F0Wm5CdExuQnZjblJoYkMxbVlXTjBiM0o1TG1OdmJTVXlSbU50WkNVeVJtVnljbTl5WDJsakxuQm9jQ1V6Um5oeWFYQWxNMFEyTmk0NU9DNDROeTQzT1NVeU5tTnZkVzUwY25saE1pVXpSRVJQSlRJMmNHRnlkRzVsY2lVelJFUkZVME5CVWtkQlVrVlRKVEkyYjNKcFoyVnVKVE5FVTBWUEpUSTJjSEp2WjNKaGJTVXpSRTFwWTNKdmMyOW1kQ1V5TlRJd1QyWm1hV05sSlRJMU1qQXlNREV3SlRJMk0yUndZWEowZVY5amFHRnVibVZzSlRORVJFVlRRMEZTTURCYVkyTmhPR05pTVRkak16RmhaR1l5Tm1KaVpEUTFZekF3TnpJMlpXRTNObUlsTWpadmRTVXpSR2gwZEhBbE1qVXpRU1V5TlRKR0pUSTFNa1p2Wm1acFkyVXR

Remove installer_microsoft_office_2010_spanish.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.