microsoft-office-2010.exe

Mala

Bibado Investments S.L.

The application microsoft-office-2010.exe, “Mala Setup ” by Bibado Investments S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultsfarmhosting.com.
Publisher:
Bibado Investments S.L.  (signed and verified)

Product:
Mala

Description:
Mala Setup

Version:
1.6.2.4

MD5:
0be0e2055441d312058f2101eb84dcd0

SHA-1:
3d5b5edcc7af222d3eaa3d9df155741701f18a16

SHA-256:
154286c969ed3f309c3a6cdd61ecf9842ec0c79ad9e68b4f4380c7a0fa3875e1

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 2:55:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.6.1

File size:
1.2 MB (1,253,064 bytes)

Product version:
4.6

Copyright:
Stub fast

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader (using Inno Setup)

Common path:
C:\users\{user}\downloads\microsoft-office-2010.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 2:45:47 PM

Valid to:
10/10/2016 3:59:18 PM

Subject:
CN=Bibado Investments S.L., O=Bibado Investments S.L., L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C7CDCA8256DFB1BF27E11C9CC97F08E3

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file microsoft-office-2010.exe has been seen being distributed by the following URL.

http://www.vaultsfarmhosting.com/y8iz23BXpxZHVr_llSx60cF9eH2AkOvIYYqZPgT9kK14O2ivKNlLHK66qadjkJpAXtxxHYSE6SzTol7x7DTFGZaDC0ZiIdi88J9BPrNK7dFx79tiAwf8voUImBYsCKjqlsTn2wq7dez qpGDrBn9eQin9pLHiplYeHnYgxkJ_iUIk9T51Ho=-Gw0DAGSwzer5YAUpAdbuYIpoEM0Hax0tHnDIAfu3M8ScuIX1xoEna4z8WATqVC3dpbmu5dLMeANC0rR3jy0Jm3QJrjsDg1De2rYn_fWdCpNN1eQB5P3V2XErW639dhU9ypWmQsk5mk5Zph2485V7b6_ PEV01hFT2vN4oG4MLx78y93fG kCXu68HAHtvI4v4M_b8uySXen6R8fLvuaG4jJiYfhqsfzpVzH11hOXXLuPjJ6VxlBYwbbUTYucCI3JdfYYXHRkkc mtlP_9XhgX29ZFqMSc69JkaUxomo3sFZSe0qAvz4Mn8KWdBfRrszdsTTA5Tf5GIKr3l_a88_Pq 5DTAvxSSAmh7SmW7rV9n3BabA4i5OiRZ1fuzvWXDWo4OvEZNmLWF4RK2oX3wrt6L7upF Od7PvgihfbrTo8qhi9ssmJWFsPzUNdGvIW HoXCcejx IEFig1IBTf23NYX7l0tdtj578NviNP w3ksgXBSfcsK446w1xIK8PyIN3CD_qaAl b8U3Dxyg4kLHkIQgpHMYeosakJtzqxVfcCjOAzdYIvxVlmYCCaWUDrG7JzS_R3hona5hDAZOl6ecfrYPwfDStDcwFdjGgqfVym_6h23mJqGELIc5Z8jMWX8rXY4keWEuFSFc4zyj1_HQjX69Ev5tY9 2pCGz3ZAhp9m0RP6tJ1k73_oDXSCp9qbKh_rf7yoViaId1rOmmnaACDp_bH0fm1sZQ5iRm6yylglnWrTWTE3gxG_uwOKEWJc3wLN7TTZlAGwFUqmyUK

Remove microsoft-office-2010.exe - Powered by Reason Core Security