microsoft_word.exe

Prog Generic Installer

HALOMOT ITZHAK ltd

The application microsoft_word.exe, “Prog Generic Installer Setup ” by HALOMOT ITZHAK ltd has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn.goodinstallplanet.com.
Publisher:
Generic   (signed by HALOMOT ITZHAK ltd)

Product:
Prog Generic Installer

Description:
Prog Generic Installer Setup

MD5:
809a6c8bf793db033c352ed07a714373

SHA-1:
2161c2e690a4ff3ac05d012b3d8a1ed92762097c

SHA-256:
fa23f7f425a2af1031d1c5c54ddd6cbd2cba1ebd6b6e6663643341348f95de23

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 6:15:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
PUA/InstallCore.diur
8.3.2.2

AVG
Generic
2017.0.2830

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Trojan.InstallCore.1139
9.0.1.048

ESET NOD32
Win32/InstallCore.ACZ potentially unwanted application
10.7.0.302.0

K7 AntiVirus
Adware
13.212.17888

Malwarebytes
v2016.02.17.03

McAfee
Artemis!A8B79A0AE0F6
5600.6486

NANO AntiVirus
Riskware.Win32.InstallCore.dvqyhb
0.30.26.4437

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.installCore.HALOMOTITZHAK.Installer (M)
16.2.17.15

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45272

Zillya! Antivirus
Adware.SmartInstaller.Win32.41
2.0.0.2560

File size:
908.3 KB (930,048 bytes)

Product version:
3.7

Copyright:
Generic

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\microsoft_word.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
3/23/2015 7:00:00 PM

Valid to:
3/28/2016 7:00:00 AM

Subject:
CN=HALOMOT ITZHAK ltd, O=HALOMOT ITZHAK ltd, L=Modi'in-Maccabim-Re'ut, S=israel, C=IL

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01167094D142FB72A04B99B945A25DE3

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ySZGfA0wWKXeD6gRDBzJMEozUsO9kkj8xu+/eylND51VbIC/AcfwT2+pHTEUK:ySZOAD/aPsI7+/eG55PbIc78NTlK

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9067

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file microsoft_word.exe has been seen being distributed by the following URL.

Remove microsoft_word.exe - Powered by Reason Core Security