microsoft word.exe

Alpha Installer

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application microsoft word.exe by LiveSoftAction has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from www.win-install.info.
Publisher:
LiveSoft_Action  (signed by LiveSoftAction)

Product:
Alpha Installer

Version:
9.13.4.1

MD5:
8fe2eb9e1d60f66261e73d865b13f1f6

SHA-1:
0f3f71a14833026004a246f4e16577d7d8043951

SHA-256:
7eab96cf3851319e62bb751d67ee5249e902c02234952de8e20871ee7892a92a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer that uses the Appscion to bundle adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 11:28:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
16.8.3.15

File size:
1.2 MB (1,209,936 bytes)

Product version:
9.13.4.1

Copyright:
(c) LiveSoft_Action. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\microsoft word.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/8/2014 9:00:00 PM

Valid to:
12/9/2015 8:59:59 PM

Subject:
CN=LiveSoftAction, O=LiveSoftAction, STREET="64-66, Mezzanine", STREET=Dionisie Lupu Street, L=Bucharest, S=ROMANIA, PostalCode=010458, C=RO

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0DB89F49425D87D205160442DA55CE38

File PE Metadata
Compilation timestamp:
3/26/2015 6:26:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:3h3x+QAwDOHxP8ykYbO8DlQQXNwAtOiV0se5jLxyhf6kI64G2SrwyUZ:xh+Qn0P8ybbrWKyb8hf9I6n2o3

Entry address:
0x2507C0

Entry point:
60, BE, 00, 20, 54, 00, 8D, BE, 00, F0, EB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
1.1 MB (1,110,016 bytes)

The file microsoft word.exe has been seen being distributed by the following URL.

Remove microsoft word.exe - Powered by Reason Core Security