home

microsoft_office_2007.exe

The application microsoft_office_2007.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.kurulumtr.com.
MD5:
4c0f70836418116210abfd239d17386c

SHA-1:
ef4f8a8faaae3f63b55c5dafda1435bbb625763c

SHA-256:
7e2edc555a03a041068cf6085f3b51bd2ff6c9843125f7f7dc78c796d6e5684a

Scanner detections:
29 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 5:46:38 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Spnr
2014.08.12

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.166.108

avast!
Win32:PUP-gen [PUP]
2014.9-140826

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14826

Comodo Security
Application.Win32.InstallCore.~LO
19154

Dr.Web
Trojan.DownLoader9.3893
9.0.1.0238

ESET NOD32
Win32/InstallCore.BY (variant)
8.10235

Fortinet FortiGate
Riskware/MultiPlug
8/26/2014

F-Prot
W32/A-42c63c6c
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.183.12998

Malwarebytes
Adware.Agent.IC
v2014.08.26.02

McAfee
Artemis!4C0F70836418
5600.7026

NANO AntiVirus
Riskware.Win32.InstallCore.dcnrhs
0.28.2.61349

Panda Antivirus
Trj/Dtcontx.J
14.08.26.02

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.26.14

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14824

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0PB914
7.2.238

Trend Micro
TROJ_GEN.R0CBC0PB914
10.465.26

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32116

XVirus List
Win32.Detected
2.8.26

File size:
719.8 KB (737,080 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\microsoft_office_2007.exe

File PE Metadata
Compilation timestamp:
1/9/2012 3:44:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:sxaVAh64U5lu3XoV2hG2XWiDUAaAxTttiXvRIzyEm6ZazSY6n4g803uc6DkBaivk:sxaVxr5EHoriDUNiDiX5IE0auYU450+f

Entry address:
0xB3C1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, F2, 2D, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, B0, A1, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, D9, A6, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 32, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 32, 41, 00, 8D, 45, E4...
 
[+]

Code size:
71 KB (72,704 bytes)

The file microsoft_office_2007.exe has been seen being distributed by the following URL.

http://www.kurulumtr.com/Microsoft Office 2007.exe

Remove microsoft_office_2007.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.