» msword2007menueval.exe
Overview
Analysis
File Details
Downloads (1)

msword2007menueval.exe

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

The executable msword2007menueval.exe, “MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte” has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.hothotsoftware.com.

File name:

Publisher:

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

Description:

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

MD5:

6cef9f01da9440d06821809cb0a7dab0

SHA-1:

39fdef1b8d003a59825f09430cbac640432719bd

SHA-256:

d601d012be8a6dd90eaea13675966f75b5f1018e9639be8432a69679280cd9c3

Scanner detections:

10 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/6/2024 2:15:51 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4604

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Virut.AI!Generic

4.6.5.141

F-Secure

Win32.Sality.3

5.15.96

Microsoft Security Essentials

Threat.Undefined

1.225.630.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

VIPRE Antivirus

Threat.4758034

50434

File size:

2 MB (2,133,571 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\msword2007menueval.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:+6eidO+V8dViCKw79hdVwMSZnNqee4Dac8Si/hvRVbv4e:leK8SRwTdVTSZnmY0hvRVb1

Entry address:

0x97F0

Entry point:

81, FB, 1D, 3F, 00, 00, 71, 02, 89, D2, 68, 0E, B9, AC, 00, 8D, 35, AD, C6, D1, F6, F7, C7, 69, D5, 43, FA, 3D, 4F, 0F, 00, 00, 75, 05, 8A, F9, 0F, B7, C7, 00, DD, 8D, 15, F5, 32, F5, FF, 81, C2, F1, 51, 0B, 00, 28, EF, 50, 68, DF, B2, 46, 00, 40, E8, 25, 00, 00, 00, 0F, B7, F8, F6, DA, 88, C8, 81, C3, F1, 75, 00, 00, 78, 10, 0F, B7, F8, 8D, 05, 1A, 79, ED, 3C, 20, C1, 29, C5, 0F, B7, ED, 81, C3, 9D, 05, 00, 00, 88, D8, 88, F1, 81, FE, A0, 34, 00, 00, 5A, EB, 03, 0F, BE, C7, 0F, BF, CB, 80, F8, 9C, C7, C3... 
[+]

Entropy:

7.9947 (probably packed)

Code size:

36 KB (36,864 bytes)

The file msword2007menueval.exe has been seen being distributed by the following URL.

http://www.hothotsoftware.com/.../msword2007menueval.exe

Remove msword2007menueval.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.