home

microsoft-office-suite-2007-sp1-service+pack+2.exe

Microsoft Office 2007

Innovative Systems LLC

The application microsoft-office-suite-2007-sp1-service+pack+2.exe by Innovative Systems has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.joydownload.com and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Microsoft Office 2007

Version:
1.0.0.0

MD5:
51956addd95a080a299a6e4817116573

SHA-1:
88cb915e6c978434e763a962b1ea7f4863232370

SHA-256:
14f1fef70f82a3a0d4d4bb3d60eef5c70e86027f06c11c5fd10e8a447d65f93b

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
2/25/2025 2:16:20 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.Du3@xSSWZeii
479

Agnitum Outpost
Riskware.OpenCandy
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-151013

AVG
Downloader
2016.0.2957

Bitdefender
Gen:Trojan.Heur.Du3@xSSWZeii
1.0.20.1430

Comodo Security
Application.Win32.OpenCandy.~WD
18507

Dr.Web
Adware.OpenCandy.10
9.0.1.0286

Emsisoft Anti-Malware
Gen:Trojan.Heur.Du3@xSSWZeii
8.15.10.13.07

ESET NOD32
Win32/OpenCandy
9.9928

F-Secure
Gen:Trojan.Heur.Du3@xSSWZeii
11.2015-13-10_3

G Data
Gen:Trojan.Heur.Du3@xSSWZeii
15.10.24

K7 AntiVirus
Unwanted-Program
13.1712358

Malwarebytes
PUP.Optional.OpenCandy
v2015.10.13.07

McAfee
Artemis!51956ADDD95A
5600.6613

MicroWorld eScan
Gen:Trojan.Heur.Du3@xSSWZeii
16.0.0.858

NANO AntiVirus
Riskware.Win32.OpenCandy.cxlnia
0.28.0.60253

Reason Heuristics
PUP.InnovativeSystems.Installer (M)
15.10.13.19

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.151011

Sophos
OpenCandy
4.98

Trend Micro House Call
TROJ_GEN.F47V0602
7.2.286

VIPRE Antivirus
Trojan.Win32.Generic
30186

File size:
470.5 KB (481,792 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\microsoft-office-suite-2007-sp1-service+pack+2.exe

Digital Signature
Signed by:
Innovative Systems LLC

Authority:
VeriSign, Inc.

Valid from:
5/19/2014 5:00:00 AM

Valid to:
5/20/2015 4:59:59 AM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata
Compilation timestamp:
5/20/2013 4:52:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:GaCEI/CvFhjs17FEUDTTup+Ts9PJYz5jtNcB+/TRfs:4EIOFhm7FjDHuzJYz5jtXTBs

Entry address:
0x31B1

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00...
 
[+]

Entropy:
7.8476

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file microsoft-office-suite-2007-sp1-service+pack+2.exe has been seen being distributed by the following 3 URLs.

http://www.joydownload.com/wi/_3fptX0TRFGN5PftpwDyoQ/1402642076/.../10/.../1/microsoft-office-suite-2007-sp1-Service Pack 2.exe

http://ar.joydownload.com/wi/cRQF35N5NhgXCavu6TdIxg/1403472173/.../10/.../1/microsoft-office-suite-2007-sp1-Service Pack 2.exe

http://www.joydownload.com/wi/1l8dD664wxjbaI2LPCQY5Q/1402804928/.../10/.../1/microsoft-office-suite-2007-sp1-Service Pack 2.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.