msword2007menueval.exe

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

The executable msword2007menueval.exe, “MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte” has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.hothotsoftware.com.
Publisher:
MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

Description:
MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

MD5:
6cef9f01da9440d06821809cb0a7dab0

SHA-1:
39fdef1b8d003a59825f09430cbac640432719bd

SHA-256:
d601d012be8a6dd90eaea13675966f75b5f1018e9639be8432a69679280cd9c3

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 7:43:34 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4604

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.225.630.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

VIPRE Antivirus
Threat.4758034
50434

File size:
2 MB (2,133,571 bytes)

Copyright:
Copyright (C) 2000-2008, http://www.hothotsoftware.com/, All Rights Reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\msword2007menueval.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:+6eidO+V8dViCKw79hdVwMSZnNqee4Dac8Si/hvRVbv4e:leK8SRwTdVTSZnmY0hvRVb1

Entry address:
0x97F0

Entry point:
81, FB, 1D, 3F, 00, 00, 71, 02, 89, D2, 68, 0E, B9, AC, 00, 8D, 35, AD, C6, D1, F6, F7, C7, 69, D5, 43, FA, 3D, 4F, 0F, 00, 00, 75, 05, 8A, F9, 0F, B7, C7, 00, DD, 8D, 15, F5, 32, F5, FF, 81, C2, F1, 51, 0B, 00, 28, EF, 50, 68, DF, B2, 46, 00, 40, E8, 25, 00, 00, 00, 0F, B7, F8, F6, DA, 88, C8, 81, C3, F1, 75, 00, 00, 78, 10, 0F, B7, F8, 8D, 05, 1A, 79, ED, 3C, 20, C1, 29, C5, 0F, B7, ED, 81, C3, 9D, 05, 00, 00, 88, D8, 88, F1, 81, FE, A0, 34, 00, 00, 5A, EB, 03, 0F, BE, C7, 0F, BF, CB, 80, F8, 9C, C7, C3...
 
[+]

Entropy:
7.9947  (probably packed)

Code size:
36 KB (36,864 bytes)

The file msword2007menueval.exe has been seen being distributed by the following URL.

Remove msword2007menueval.exe - Powered by Reason Core Security