microsoft-word-2013.exe

Cagolig

Destiny Dream S.A.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application microsoft-word-2013.exe, “Cagolig Setup ” by Destiny Dream S.A has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.toursheartbits.com and multiple other hosts.
Publisher:
Huful   (signed by Destiny Dream S.A.)

Product:
Cagolig

Description:
Cagolig Setup

Version:
3.6.3.0

MD5:
542f4f3cee47082f83b9582d66d06a00

SHA-1:
14c18aa8da2e5f8b1ed6b1055e7d0356453559be

SHA-256:
3cb3b8ae06c10bb0061e67c410acce42bc229a011d7ae14613c74b62cc346389

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 11:54:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.DestinyD.Installer (M)
16.4.10.13

File size:
989.7 KB (1,013,448 bytes)

Product version:
2.0

Copyright:
program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\microsoft-word-2013.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 2:55:11 PM

Valid to:
10/2/2016 4:36:18 PM

Subject:
CN=Destiny Dream S.A., O=Destiny Dream S.A., L=Clarens, S=Vaud, C=CH

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217A75EB912AE2167326222C18D9E2357F

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ho9v/Sb8ISdMPNf/kLkfz8HF2+7jDBVCyP39KvlDVJx:h6SkaPNXkQfziF2sjL8l/x

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9262

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file microsoft-word-2013.exe has been seen being distributed by the following 50 URLs.

http://www.toursheartbits.com/c?x=aU443T 0MR VwnWePl ZlR5KjTSiItZ3nd9L70yYQQ8=&c=0O2YoVATaz8LJpKaCCXuUfvL drCmyfc0netxn91rDVUzyq20EupprvygIknSp/5B4tT/lb3T3T8GG35SBzCGIM4VAxtL02qT01MOzSZH6mo6ZvKJgonXxA4xgHF16aKm5mtjwJiQbLOO1mov1S9/w==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.presentsendquick.com/c?x=alleZKS6tVdxOVCUbk6Iy0pkHWzDL/K8ZgSl9wcH/5A=&c=vyp0WF7jXO/fbDIyyf39o5/sSiRZYM10PR W837QiICD8N1YyLtn 4JmFCrsUrj0kjW36RQ1xMkJ4sh8YwY j40hYUjei/T 8YRa4XpsV2cZdMHjR7X345bhrIRGw0HrZqn/U1MPvPWYlhhroJ6jVg==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.deliveryvaultsdelivery.com/c?x=Xsbe5BuI3uVQ43DRdRVryvZNYFu4VlnTZS5X1UT8YfA=&c=cQytaBXhBPi33jRrUqAb06p3dNsjKtv5St9ilhgZdq1b5RbePYf uGIgQM7KO9bZRQiY8IX6KxZUapDyc/lCPxus6cPz2uWfLV8bEBaTF0WXrrOVnViuuUCV4NhhCr63OgRWHu0pgAes 6ueYLZsXg==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.bulkcyclecenter.com/c?x=VdMQ7pnQFHewitzCjZ2mtQIaSKxu/DpDUDKysDHxOII=&c=J0OYy7tMl152HXjGcmD2dO1natzd3VDCmeu6GCPdiLHlaUWZY5nXIcQRPccF3 zz7h297fw9dBVvMRvvdNR2za00z5ZK/jS8DN0NrPIYE/IhvbPfP1UsNPT9o0enMwShM2JWDwzVjPl8xpMeFlqkTUCdq98qVZzUz36smZPYd5cjm8i7JRShYlSgUmjywPL5&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.hostnewbits.com/c?x=4Q4kC2WAa8gmRRPOKXnrKGMFa88Q8Ugy5i6iZIDwPK8=&c=pDxeQ63YC0ctLjVA y4iIWaRby8QnJQ5BKek3kpVheml1R1HQfK539asP8hZe9Lgt1iyMxkF5CtzTXBxjBk5rCJc9L/wzFz1rsmgguAtfRhmKBIxtULCh7U695Bsvt nXDODPb//Xeh75bpVA0HnUg==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.todaytowerschuckle.com/c?x=GiHmofqQHiQtfZZ6 kBhw/BJDQNj5/9ttRuVi 87qZA=&c=D1VAtmjDsHlaXEfckdKsq6s7Xp30vHk1a97CaY4qz II7fxLjzZdwgzO LdPzgtXnk/kEr3m7bf1ezdXUl9739jCnWqor5jUffYx26F4ks8/FjC7AFmVu13/hARn4FBzqC5jo/m8fFrSybKdf5RASooVR1YwLBPQchnwUDpKPUi5UDK0ciAfT4BUVcy3B26E&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.toursheartbits.com/c?x=MNDegi 0Vyu3I50Zj7uT2jk6jrAYLRLWpXmdPK8U A0=&c=QAFq/zN5ikYozYOsSUdfdBsvzP7bUjTqgsIdZhRGZgm33HAdldUJqsb8LB3Agk2NShNcMzpD1NfTuGy Puo3g dHXemdbeN63AeMX6F2nqY8 bX3C5xIZw/MHgiG0Xc2HO9YbP3 cO6cpDd5DqyJYbxahxdOPKdg8XYPrKpTkVxIBgpF iSsxjyQqO mbCwM&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.sharecapitalbulk.com/c?x=Xgh86bdGem7Y/jTV6p1HBBUecwLztlHkJJOS3bs3cxE=&c=gQT3aEpebx7GlcikwMz8lJakZrV5ZKVzeJF2L3MQOF/HsVRQoz9k06a3y87NAbUK7o1HqvNFrYkXpwT/5cdVlI1RmrgvhqEHmzp10rR3AmfeuTYMQ8d4GvbLqFMbJb76NK5c/Jl0o32UrD5GLdvuRA==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.tagsendheart.com/c?x=eku9w/37PhDROLJIY1ZzwzpgrjdVGT0HzHHbBrPpfSo=&c=wUWmLqDRh1LRE8tKbDgMg8WhnqVaIUtQdyWCuqTf0FoqurpyUDR eWzyyCCzp7LpoJmsdLmLhPCdtmSAJ4S0AuS0Ta8U7a094V/WlIpWJ7azETVsg2TXezGqHSKW1RKMYoAbzyIlq1t0 pFLeOTavaPKvyg5CO5mR5jIF5x QHU=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.tagsendheart.com/c?x=v HkDuhUXG/lH0kc4aGwaJkZlv/0eTuhVbXUKgLBJhs=&c=aDjZzbaCthrdfdw2pS6ovgfP7dc01jhAt1e3sKBuuDNqce1z8sHscJ00SWl3f2giI5SNVOf3pfqUmE7Mus3b2spo3nUyXDtOBVPTN h6WKzkuBUGjWR xT/ebRWPoeG9e6qRlNsa4A76puGGhh3D8vR9/dQ2aqdKbxyswVUcR4=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.newgiftcontent.com/c?x=E rMEnHIWmxv09iK4 AU5EoTbC0kfMg6q9R8O5nHMSU=&c=t7XVad4yiVW gCFYPjy0qEesHIQpqhrmXTUso/64iwa6AlcjfT0rTYU8F1qkfiQF1QGhzZoZiwX5dDHFie0oOm FGJ qai6eNppdVNWdEgg4TJHsPU3dPC CI8Tq23gXOlVv5 zEC6Sx1MLq9DJloQ==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.gifttowndelivery.com/c?x=KIoztoSD67MK1cIbGCyjDxZW6RDeP7lrKNk0Yg5k5lM=&c=ARl7WEBnr3pjpfsHGBgBiNNPxDD/dn4r7lWGRsusm21JIDSPDpxBXQGfVo/A4y3XQPgywwHLekWyz8Hqz ZTZN1bSVfQkcAIZllocFqpVqP8YjH0AaNUQfIPwUQErHcqBQdM0AsEB4SXH0rsfMb2 xadiiPLokTqJpOpbKJLnTQ=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.presentupdateguard.com/c?x=wQ/j00UDSIMOo83qHu4DbFHH0KHYbBoUVWGrgFfki8U=&c=XRf2S CvQ9qBTat9YBhhbMHDlKPj9Xc 2vtQOVYQHm5AXp z7BYtPubSJ0rerFMrnMsJRb3eeS6Qkh30zK9nH2EEi7mwKnFGyCBgJflbnjd9Wdq0JxJF9deiBPMGBAvVvMQPIHrnqOVRa tZBzvkyNE5vzXShRH pFaRPNpJFCU=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.bundlesbinariesnew.com/c?x=2TMo543VCQ yyCHRvYmU2n rY9q2dVNF3slDgA1wjsU=&c=hriHEMu5g3 srDSd7Z1vDCigWjzOy/lfhe2n2fxz4gwpF8kmQe2e1Gqrdb5067YPH b l2RXZKfvTLTm9008m9pv1WIcZVJcmrwQ7OgiMnhdxgDJXoQZXou8gIh07Y61egBVa G6zZSqgU1kkLvpJw==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cyclecleansign.com/c?x=dfGF2FczUbfHFWB7zSQtkLdH6w2AuzLcMsP6adDO8Fw=&c=5lkQD6 BqarkpZDgVyDotfiI54bnRLeAQlFObqW78SIND1Ge8HPovtgLv9ErHJ2WPzPuhi5iBOeJJ434DWPGmA ODRyPkcZ/0aWNcdI9BiWFndfEw0vRnxkPgfUJDHamPxJTLYwWI1sQUAmEEf4YIAv8wWYr1BPCUQJD9NeNkh9dJX224ZJMAaLgtGlnBSne&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.toursheartbits.com/c?x=tzYH//mhgqNILS1g4pypVFVjq7gVwA70RSbVtgdnyn4=&c=NvQs4Xo5E2KkRrlE24zxjjAymY1uL2PhhxY4/utU2WO27J7vQxJX44URjkd5qT1vwStkKlKn 1Kx9ARMPEmR61vhzWZnDgdbXHcUydrfNO1OZx05teeeGDOwKpSfUH1pYKA8FRb64yTXl KlgG36kQ==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleansignsconecpt.com/c?x=aNRcsutchxaxYOCsQtdXcvhqe5X48qOEbSrjJWPzKVE=&c=FFvlcRpb0rAq64kdQkup/vZQWz/6b4v/myuYgtEzV1PqP3yHM86l7/m/QazZGdX3xhOd/JgVT8R87Q3iN u1GUcPgOl7I8Y6Q08yTcSRBe0LVgziDogYUCw/gqGArlg1mmLoLJ1GPNtd5r55HKGs3w==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.conecptdownloadscycle.com/c?x=2gqlj48qQd8R8fmI PbqUKKJfO5BxQJm5hcbCXLwZow=&c=jGIIIpfOFa8JNcHmcXDtoyiO1YOMXtyw9wm3eJRd7wMlR6c vDxIsqiDj39lQOWxUqyr2zx2xSP5CDN/3ViPk9iyVd1BQIIC8G2p4fo/wYpwU6GQicew3GBS1snfvYPycjQPHwuQ/iMuydHDc/1ozw==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.factorybulknew.com/WVl6OTRQVGxMYlVoNVp6SlJZWFI0V1hwbVRWQlhZamh1VVZBbE1rSnpia2RNVWpkeGFUUWxNa1p2V2lVeVFqWnZiVlZQU0hjbE0wUW1ZejA1ZW5kdFMyUm1Ta1puVDJZNVEyZFZRbmswYlhablMwaEdPVEEwY1dsUGFtRktaV3hqY0VkVlYxQWxNa1p5UTFOeFdFSk9iMkp3YVdsUVVWVlFUa0ZxUXpaaE5EZGxTREJ2U2tsa01ERnROWEZCU0VkbGVFZENZelZOTW5aRk0zcHZaV2hWWW5OSFdrVlZRWHBpWjJseGEyVldhREoxUlZoT1lVRnBUSFZvVFc5NlRXd3hZM2g0ZW1KTWExVjNPWEZpUm1KVVlVRlpVU1V6UkNVelJDWmxQVEFtWkc5M2JteHZZV1JCY3oxdGFXTnliM052Wm5RdGQyOXlaQzB5TURFekxtVjRaU1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6UVNVeVJpVXlSbTltWm1salpTNXRhV055YjNOdlpuUXVZMjl0SlRKR1pXNHRNREF4SlRKR2QyOXlaQ1V5Umc9PQ==

http://www.presentgifttours.com/c?x=Ecx69i SqBReGodRCMJsFf5YP4OM5JzA5zUrOv3lHfU=&c=P06hNSxF4LiBXf1ZlCrBinM/fBFvyGybzsy5Dfa jWdoerLY5v0uMYI4dtoYFiQMqwqlrWBPTeiPMTyGiUVas2xE8QOnMoJ4eGtpm1SqA4kmm76mUrLl8HToZnIm6JgQ2g6OiZV1WoFse5y1ap2xOiOLKNPuXMzWpYROhWm2jEo=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.nowconecptcentral.com/c?x=AvdTYZ c30QBOKsiiGhEDB4QZvU26T1bWkGiCTP0e5E=&c=4YlqrDQdQpqphG6MfAgYvG6RiztGiYfCyIdCKGgs4EgR3oEX1dGqJadgEiRy3cGTKYNKzlDPUKA2SYAE9EqVSNDXTxzlIy4sMH4cia/ PM3lpVrIg pvlkq z YtMjKZYDNzn 6Ene/kP QGexZJgg==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.sendcurrentfarm.com/c?x=wF4EAWufooFz7TzpOqWiY5ZQf2gJn1qP4JXxA8mWOVg=&c=nUmE0KcAB3DmBkZ7M/qZn ksPc1NXen7neLsRvX4um5C2cF35APXVEX8mSWVciS9ppgmH3sKAI5neDUUoDu355e TggUSFezIM1bZF1uewfFMTKf0FEWICzAkEsPtcfwnTGXlSfJzI1oXdkY0iV690Lp0y jswTasc aHflztDg=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleansignsconecpt.com/c?x=Y7irVuyqNVbBLuYISLIEaFeh7M9wFYWLlhKsk7YlyVo=&c=kwmNdqNH1M5JTI5bFA0jmqgnx O4iQddapxucTK07r1pd7TYKTCVBh3jPK97R0hZh7B5XkstYk5 RB8Af3T9LtIXErPpy4TfL0TZ5f/28v536ABQ1SqpRx8hxg9pBMzHaOODvJ3j0XBXQGfBY8J35Q==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.repositoryshareflash.com/c?x=bcrOGNJFhxhB6EkH76GOpBUgKC6S Nsyakt1RqczmGI=&c=k0Wv6w6O8vRCq5v880EPqmKpOmbpZZzVuS50sxrY5AmVwtLKrGIaQ1ufJBWGuswo66o 2YULJyjv4pfExAxkEBnMxv9B6dMGmsDiJhp3yDtxVUHY kWp9dEMev MAVSzx5quxDjFHu8V9gQ2yh8aLA==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.gifttowndelivery.com/c?x=6/WRM1i61EiG9wP9StYOsGW4ahcydVJ6C96HW0nSeuM=&c=yyiGQsvKDq1zJvCquCOEdgaqRv5nQaItRQErYw6NRcWvfUmIHkjb8y04Y fuYDUo92oHiHeWmulHdfLR8fBiGxxDAD7vLp8IPc8MNpMSw7gScyMLSZixUneyfpKwQmxNCP/IoCtQD98A9OcAkWt14g==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.bulkcyclecenter.com/c?x=FFijCLdSlO70mLWqlGmxZXWVLec9E64/H5RSKBZZVs4=&c=y2Up8PT 0UHUATdwCo42ekhAZx h8OjdGkPkKDNtqPbBFi/ZZpMnEXDeteaXsLXj nchMxeGfaSvxfyJhs4zn xC4D5BocpoeImQCVbjs6Yo9B4Jyli1MMf1gSrbEBvaF4rAlJhv4w7kjqAYIEJ4CwwvbpN4p5wNsK tjABlYYc=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.repositoryshareflash.com/c?x=FYWuWa2Rg5WT/RMxD/j1FodwMBGo7X45VM10XhCoYLM=&c=n4WCmvOaia 0PpjdJQw1yhM6ohCfotGB38dh71 xp3LbdoMvoifL79rGpQ0SZoaeByCc4yIQD6yQfHrxSiq2XwOE3swYHxH 2O4QLwXDLoWcJQjI77xGEOpCPyauWMYWPRYgQf882llGJM/lqrfeJ8i7rnZCvOail2eJ odeqcvZClDJGwbVtrkwMm5UAvcv&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.sendcurrentfarm.com/c?x=U/PJKVV/V y4Lve845EGokbAFbcoerdSAi9lkj20QeI=&c=dMU16JRGv1GSS3XugPq1PSBjc/4BCgUHqR6vULSRESxh4B9zTzJMHkGXC3cxi76giKwkPakj qeGvNUnOJM6UEV/fQc666L6OtwuMsX19mHgLoNEmD8h5AYwtI9R9vJgSKoIpjM1Ucm94Bg5cmz6ljxVdGxypyPFbzvW9YEgjLEHiXFBi8SWjkg/RQzIfkbH&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.nowconecptcentral.com/c?x=JKt xrSFKUfhZ /DZ1z vdL9zg85nnwUNg1lT3RYgeU=&c=HgH3AFdOwBNdseBycITbEpf60WlW3a8ik/g6cJ7l2Pha/Ow yViXbDNfNWFj Mii3ds0iBixHpS6rzLmYZYO WuVD7kPxzpwk3iR5mjgiagMH2QjECX6 U7emrc2W3sJkQ2hgVsuErvr8ukZI9u4L lc5dKdq0Nq7j8DCgdF/43Y/XtHE YnSGTKw2zEb97R&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.todaytowerschuckle.com/c?x=4UhmMYPwntorgi7E4p59w5ISlUe53aZ74S97Ch2eCeA=&c=sHW1JDkqdoFgrQ1wCDIm0Hsfyr07qaSYKMNALe2B09dzq6h4AAtqoudD QpbFIzOmqq0JyeECJ54PSkTqN187l/HDPE/t89nCBTk6rl 3EtSJf8cTrEMEYhoDVGygQGwrk/sxmNEJXmw6udyHEZRLbIu0zDwJDLybMPFBdgHYmc=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

Latest 30 of 365 download URLs

Remove microsoft-word-2013.exe - Powered by Reason Core Security