microsoft word.exe

donec iucundus XXXI-II prudens

Bechiro, s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application microsoft word.exe, “liberatio oratio terminus” by Bechiro, s.l has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
congruus molestus decumbo privatus  (signed by Bechiro, s.l.)

Product:
donec iucundus XXXI-II prudens

Description:
liberatio oratio terminus

Version:
68.44.23.97

MD5:
e55669639df370503710a5139ad2493f

SHA-1:
e38c7884f348e0e7e4450c01f6c832c152fd772c

SHA-256:
9ea381212e173781267984c2189496df274db98a8908469e802973647a352cd2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 4:29:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba (M)
16.8.7.17

File size:
539.2 KB (552,176 bytes)

Product version:
49.64.21.65

Copyright:
investigo imbrium torrens

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\microsoft word.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/25/2014 2:00:00 AM

Valid to:
7/25/2017 1:59:59 AM

Subject:
CN="Bechiro, s.l.", O="Bechiro, s.l.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6871000C97588AD6E2C287A83D05B9E5

File PE Metadata
Compilation timestamp:
10/7/2014 11:41:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:yDwcpRj+TcHjuVIXD4ROmTlM8ZIbFcW//HTuj+QP6qR0jb:yDwY+TN+TM3u8ZGcW//zuSqo

Entry address:
0xDFDC

Entry point:
E8, AC, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 7D, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 3F, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 08, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
114 KB (116,736 bytes)

The file microsoft word.exe has been seen being distributed by the following URL.

Remove microsoft word.exe - Powered by Reason Core Security