microsoft office 2003.exe

XXXV-II laqueus

lactans

The application microsoft office 2003.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from get.wholerepo.com.
Publisher:
lactans

Product:
XXXV-II laqueus

Description:
aedificium

Version:
42.98.19.33

MD5:
44ef3ea254a8796bf825f988f50dc37c

SHA-1:
1c2a1d9f9cb4b03632ab99ea4caaac0b71989890

SHA-256:
0452ad21c0fbf2e9880a8093c14baf7d5670893013e3fe2b4adce3139f1a8742

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
12/27/2024 2:29:10 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Solimba-Z [PUP]
160518-2

AVG
Adware BundleApp_r.AV
2015.0.4568

Dr.Web
Adware.Downware.8763
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Razy.6451
11.5.0.6191

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
8.0.319.0

F-Secure
Cannot open a file in archive
5.15.96

Kaspersky
not-a-virus:Downloader.Win32.Morstar
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.1545.0

Norman
Gen:Variant.Razy.6451
28.05.2016 13:03:37

File size:
522.7 KB (535,295 bytes)

Product version:
13.58.3.34

Copyright:
Copyright 2014 tutis niveus

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\microsoft office 2003.exe

File PE Metadata
Compilation timestamp:
10/9/2014 8:19:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:EI4x2SFGIWTUukzHXc4RoSIANRjxx3pwJ+KIMmYUZli:EI40eWTnM/NRNHwJ+KDmYUW

Entry address:
0xDE9C

Entry point:
E8, A5, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, 6D, 42, 00, E8, FE, 15, 00, 00, E8, 76, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 38, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
113.5 KB (116,224 bytes)

The file microsoft office 2003.exe has been seen being distributed by the following URL.

Remove microsoft office 2003.exe - Powered by Reason Core Security